Stefan Eissing [Wed, 8 Oct 2025 12:29:54 +0000 (14:29 +0200)]
socks: advance iobuf instead of reset
During the SOCKS connect phase, the `iobuf` is used to receive repsonses
from the server. If the server sends more bytes than expected, the code
discarded them silently.
Fix this by advancing the iobuf only with the length consumed.
Viktor Szakats [Fri, 10 Oct 2025 04:37:45 +0000 (06:37 +0200)]
cmake/FindGSS: drop wrong header check for GNU GSS
GNU GSS offers `gss.h`; do not check for `gssapi.h`. `gssapi.h`
was originally published by Heimdal, and later MIT Kerberos also added it
for Heimdal compatibility.
Viktor Szakats [Fri, 10 Oct 2025 01:09:16 +0000 (03:09 +0200)]
kerberos: bump minimum to 1.3 (2003-07-08), drop legacy logic
Previous minimum was: 1.2.4 (2002-02-28)
- assume `gssapi/gssapi.h` header for MIT Kerberos.
Drop logic detecting this header, and drop alternate logic including
a bare "gssapi.h". Bare `gssapi.h` is Heimdal-specific. MIT Kerberos
added support for it for Heimdal compatibility on 2006-11-09,
redirecting to `gssapi/gssapi.h`. MIT Kerberos supported the latter
header in the 1990s already.
There were still mentions of it after this patch, when using versions
<1.2.3, but those versions aren't supported since: 99185417952da30c8ddd82ab962fb58da96260b2 (2008-06-12)
This header remains in use by autotools and cmake to detect MIT Kerberos
(vs. Heimdal, which doesn't have it.)
Daniel Stenberg [Thu, 9 Oct 2025 20:32:09 +0000 (22:32 +0200)]
ftp: simplify the 150/126 size scanner
The file size is weirdly returned in a 150 or 126 response as "XXX
bytes" mentioned somewhere in the response string. This is a rewrite of
the size scanner to replace the strange strstr() + backwards search from
before with a plain forward search until '[number] + " bytes"' is a
match.
Triggered by a report by Joshua Rogers about the previous parser.
Daniel Stenberg [Thu, 9 Oct 2025 15:23:56 +0000 (17:23 +0200)]
asyn-ares: use the duped hostname pointer for all calls
In one c-ares call the passed in pointer was used and not the new
duplicated one. This is probably fine but might as well use the new
pointer as all the other calls do, which will survive longer.
Jay Satiro [Fri, 18 Oct 2024 18:12:31 +0000 (14:12 -0400)]
tool_operate: keep failed partial download for retry auto-resume
- Keep data from a failed download instead of discarding it on retry in
some limited cases when we know it's ok (currently only HTTP 200/206).
Prior to this change on failed transfer the tool truncated any outfile
data written before retrying the transfer. This change adds an exception
for HTTP downloads when the user requested auto-resume, because in that
case we can keep the outfile data and resume from the new position.
Joshua Rogers [Wed, 8 Oct 2025 22:06:40 +0000 (06:06 +0800)]
libssh2/sftp: fix resume corruption by avoiding O_APPEND with rresume
Opening the remote file with O_APPEND while attempting to resume causes
all writes to be forced to EOF on servers/implementations where O_APPEND
semantics override a prior seek(). As a result, sftp_seek64() is ignored
and the resumed data is appended, duplicating/corrupting the file.
Fix by:
- Using O_WRONLY (without O_APPEND) when resume_from > 0.
- Skipping the seek entirely if remote_append mode is requested.
Joshua Rogers [Wed, 8 Oct 2025 22:03:08 +0000 (06:03 +0800)]
libssh/sftp: fix resume corruption by avoiding O_APPEND with rresume
Opening the remote file with O_APPEND while attempting to resume causes
all writes to be forced to EOF on servers/implementations where O_APPEND
semantics override a prior seek(). As a result, sftp_seek64() is ignored
and the resumed data is appended, duplicating/corrupting the file.
Fix by:
- Using O_WRONLY (without O_APPEND) when resume_from > 0.
- Skipping the seek entirely if remote_append mode is requested.
Viktor Szakats [Wed, 8 Oct 2025 10:03:18 +0000 (12:03 +0200)]
build: drop Heimdal support, update docs, replace with MIT Kerberos in CI
The kerberos5 library Heimdal is one of three GSS libraries curl support.
It has a memory leak triggered by the new test in #18917 and the project
seems mostly abandoned.
Drop support and steer users to the MIT krb5 or GNU GSS libraries.
Co-authored-by: Daniel Stenberg
Ref: #18928
Closes #18928
Closes #18932
Stefan Eissing [Wed, 8 Oct 2025 09:56:09 +0000 (11:56 +0200)]
apple sectrust: check correct result on old OS versions
On ancient Apple OS versions where SecTrustEvaluateWithError() is not
available, the deprected SecTrustEvaluate() is used. In that code
branch, the code checked the wong variable for the verified result.
Viktor Szakats [Wed, 8 Oct 2025 16:49:51 +0000 (18:49 +0200)]
cmake/FindGSS: fix `pkg-config` fallback logic for CMake <3.16
The documented `<prefix>_<moduleName>_VERSION` variables are empty in
all tested versions since 3.7.2 to 4.1.2. Stop using it as a fallback
for <3.16 versions, and replace with the undocumented, but working,
`FindPkgConfig` internal variable `_pkg_check_modules_pkg_name`. It
contains the module name which was found.
In practice it caused that with CMake <3.16 + `pkg-config`, curl always
detected the Heimdal flavor of GSS.
Also: Delete a fallback version detection method, which was already
marked with a question mark in comments, and used the same, always
empty, CMake variables.
dependabot[bot] [Wed, 8 Oct 2025 12:46:51 +0000 (12:46 +0000)]
GHA: bump dependencies
- cryptography from 44.0.1 to 46.0.2 in tests/http
- ruff from 0.13.2 to 0.14.0 in .github/scripts
- reuse from 6.0.0 to 6.1.2 in .github/scripts
- github/codeql-action from 3.30.5 to 4.30.7
Viktor Szakats [Wed, 8 Oct 2025 12:50:58 +0000 (14:50 +0200)]
GHA/dependabot: tweak dir list to avoid a dupe, rename .txt file to avoid the bot
It correctly picked all pips, but also picked
`tests/http/requirements.txt` twice and also
`.github/scripts/codespell-ignore.txt`. Try avoid these issues with this
patch.
Viktor Szakats [Wed, 8 Oct 2025 01:09:23 +0000 (03:09 +0200)]
tests/server: drop pointless memory allocation overrides
The code was overriding system memory allocation functions to a local
jump table (declared in `curl_setup.h`). And setup that jump table
to call the original system allocation functions.
Also tested fine with cegcc/WinCE. The `_strdup` fallback was possibly
required for an MSVC WinCE toolchain.
Viktor Szakats [Tue, 7 Oct 2025 18:30:06 +0000 (20:30 +0200)]
examples/sessioninfo: cast printf string mask length to int
Found via `-Wformat-signedness`:
```
docs/examples/sessioninfo.c: In function 'wrfu':
docs/examples/sessioninfo.c:75:53: error: field precision specifier '.*' expects argument of type 'int', but argument 4 has type 'unsigned int' [-Werror=format=]
fprintf(stderr, "Certificate #%u: %.*s", i, dn.size, dn.data);
^
```
Ref: https://github.com/curl/curl/actions/runs/18320729052/job/52172864438?pr=18343#step:13:30
Ref: https://github.com/curl/curl/actions/runs/18320729095/job/52172886899?pr=18343#step:19:27
Also:
- drop unnecessary parenthesis.
- scope variables.
Viktor Szakats [Tue, 7 Oct 2025 10:36:49 +0000 (12:36 +0200)]
cmake: support building some complicated examples, build them in CI
Build these examples when the necessary dependencies are present:
- cacertinmem, usercertinmem (OpenSSL/fork)
- multi-uv (libuv)
- multithread, threaded-ssl (pthread)
- sessioninfo (GnuTLS)
Indicate the necessary dependency via a `Required:` comment placed in
the source file. A single dependency per source is supported as of now.
The name of the dependency should match the variable used within
the cmake scripts, which in turn matches the macro used in the config
header. E.g. for GnuTLS it's `USE_GNUTLS`.
Also:
- GHA/macos: build examples in two job to test GnuTLS and pthread ones.
- GHA/linux: enable libuv to test it with examples.
Stefan Eissing [Tue, 7 Oct 2025 09:30:46 +0000 (11:30 +0200)]
ngtcp2: fix handling of blocked stream data
The stream blocking might not be the one of the current easy handle.
Look up the stream to be marked as blocking via its stream_id in the
internal hash. Theoretically, this does not have to be one of the h3
streams, so not finding it is not an error.
Stefan Eissing [Tue, 7 Oct 2025 10:05:08 +0000 (12:05 +0200)]
osslq: set out idle timeout to 0
Similar to our ngtcp2 backend, set our idle timeout for the connection
to 0, meaning we have no such timeout from our side. The effective idle
timeout is then the one announced by the peer.
Daniel Stenberg [Tue, 7 Oct 2025 14:00:59 +0000 (16:00 +0200)]
multi: use CURLMNOTIFY_ as notification id prefix
Since CURLM_ is already used as prefix for multi error codes, it makes
it easier to detect and understand the difference between identifiers -
and allows for scripts on the website and elsewhere to separate them
properly.
Viktor Szakats [Tue, 7 Oct 2025 10:04:03 +0000 (12:04 +0200)]
examples/usercertinmem: avoid stripping const
This API started accepting a const somewhere between OpenSSL 1.0.2b and
1.0.2t. It means this example, like the other similar one now works best
with those versions or newer:
```
docs/examples/usercertinmem.c:100:33: error: cast from 'const char *' to 'char *' drops const qualifier [-Werror,-Wcast-qual]
100 | bio = BIO_new_mem_buf((char *)mypem, -1);
| ^
docs/examples/usercertinmem.c:121:34: error: cast from 'const char *' to 'char *' drops const qualifier [-Werror,-Wcast-qual]
121 | kbio = BIO_new_mem_buf((char *)mykey, -1);
| ^
```
Stefan Eissing [Mon, 1 Sep 2025 09:58:16 +0000 (11:58 +0200)]
multi: add notifications API
Add infrastructure to colled and dispatch notifications for transfers
and the multi handle in general. Applications can register a callback
and en-/disable notification type the are interested in.
Without a callback installed, notifications are not collected. Same when
a notification type has not been enabled.
Memory allocation failures on adding notifications lead to a general
multi failure state and result in CURLM_OUT_OF_MEMORY returned from
curl_multi_perform() and curl_multi_socket*() invocations.
Daniel Stenberg [Mon, 6 Oct 2025 10:43:40 +0000 (12:43 +0200)]
test766: verify CURLOPT_SOCKOPTFUNCTION error on accept
This test does active FTP with a socketopt callback that returns error
for the CURLSOCKTYPE_ACCEPT "purpose" to make sure we test and exercise
this error path - without leaks.
Viktor Szakats [Sat, 4 Oct 2025 10:58:49 +0000 (12:58 +0200)]
lib: stop overriding system printf symbols
After this patch, the codebase no longer overrides system printf
functions. Instead it explicitly calls either the curl printf functions
`curl_m*printf()` or the system ones using their original names.
Also:
- drop unused `curl_printf.h` includes.
- checksrc: ban system printf functions, allow where necessary.
projects / thirdparty / curl.git / log
