Daniel Stenberg [Sat, 21 Dec 2024 10:33:05 +0000 (11:33 +0100)]
hyper: drop support
lib : remove all hyper code
configure: stop detecting hyper
docs: no more mention of hyper
tests: mo more special-handling of hyper builds
CI: no jobs using hyper
Stefan Eissing [Wed, 18 Dec 2024 12:22:35 +0000 (13:22 +0100)]
lib: TLS session ticket caching reworked
Described in detail in internal doc TLS-SESSIONS.md
Main points:
- use a new `ssl_peer_key` for cache lookups by connection filters
- recognize differences between TLSv1.3 and other tickets
* TLSv1.3 tickets are single-use, cache can hold several of them for a peer
* TLSv1.2 are reused, keep only a single one per peer
- differentiate between ticket BLOB to store (that could be persisted) and object instances
- use put/take/return pattern for cache access
- remember TLS version, ALPN protocol, time received and lifetime of ticket
- auto-expire tickets after their lifetime
The few uses of this on GitHub also set `USE_OPENSSL` and
should be fine. Those which don't, please replace
`-DMACOS_SSL_SUPPORT` with `-DUSE_OPENSSL`.
Kuan-Wei Chiu [Wed, 18 Dec 2024 18:09:57 +0000 (02:09 +0800)]
http_aws_sigv4: Fix invalid compare function handling zero-length pairs
The compare_func() can violate the antisymmetric property required by
qsort. Specifically, when both aa->len == 0 and bb->len == 0, the
function returns conflicting results (-1 for compare_func(a, b) and -1
for compare_func(b, a)).
This violates the rules of qsort and may lead to undefined behavior,
including incorrect sorting or memory corruption in glibc [1].
Add a check to return 0 when both lengths are zero, ensuring proper
behavior and preventing undefined behavior in the sorting process.
Daniel Stenberg [Tue, 17 Dec 2024 22:56:42 +0000 (23:56 +0100)]
netrc: fix password-only entries
When a specific hostname matched, and only a password is set before
another machine is specified in the netrc file, the parser would not be
happy and stop there and return the password-only state. It instead
continued and did not return a match.
Viktor Szakats [Sat, 16 Nov 2024 20:24:17 +0000 (21:24 +0100)]
multissl: make openssl + wolfssl builds work
- make colliding vtls static function names unique.
- wolfssl: stop including an unused compatibility header.
- cmake: adapt detection logic for openssl+wolfssl coexist.
- wolfssl: fix to use native wolfSSL API in ECH codepath.
- openssl+wolfssl: fix ECH code to coexist.
Requires a post wolfSSL v5.7.4, recent master for `OPENSSL_COEXIST`
feature, and `CPPFLAGS=-DOPENSSL_COEXIST`.
Viktor Szakats [Mon, 28 Oct 2024 13:27:00 +0000 (14:27 +0100)]
cmake: extend zlib's `AUTO` option to brotli, zstd and enable if found
- make `curl_dependency_option()` more generic.
- extend `CURL_BROTLI` and `CURL_ZSTD` options to accept
`AUTO` in addition to existing `ON` and `OFF`.
- change `CURL_BROTLI` and `CURL_ZSTD` option default
to `AUTO`. Was: `OFF`.
It brings cmake behavior closer to `./configure`.
Still different:
- `./configure` defaults to `off` which means to check default
locations. cmake checks more locations by default.
(Also tried `NO_CMAKE_PATH`, but then it checked less locations.)
- cmake returns both `brotlicommon` and `brotlidec` libs,
while `./configure` only returns the latter.
- ci: drop explicit cmake options, that are now unnecessary.
- GHA/configure-vs-cmake: make adjustments to make tests pass.
Combined with most Find modules now supporting `pkg-config`
(39c741b7b008b5959980b29ac721357ff75de3f5 #15408) this change made
mingw-cross builds fragile by picking up OS-native components. Also
adding `/usr/include` to the header path, confusing feature detection.
Add workaround for CMake reporting successful libssh2 detection, but
leaving the header directory empty, and causing `libssh2.h` not found
while compiling. It happens when `pkgconf` is not detecting libssh2
dependency libcrypto in Homebrew after `brew unlink openssl` (as in
GHA/macos). The workaround is to require a non-empty header directory
to consider the detection successful. This workaround may need to be
tweaked and/or applied to other Find modules.
Viktor Szakats [Sat, 16 Nov 2024 18:04:36 +0000 (19:04 +0100)]
Makefile.mk: drop in favour of autotools and cmake (MS-DOS, AmigaOS3)
`Makefile.mk` supported MS-DOS and Amiga, but `./configure` also
supported them in a better tested and more flexible way.
This patch also adds CMake support for MS-DOS/DJGPP and Amiga OS 3.
`Makefile.mk` was not maintained. Delete it in favour of first-tier
build methods.
Also include some non-MS-DOS/AmigaOS-specific tidy-up, see details at
the end of this message.
Details:
- fix/silence all MS-DOS/DJGPP build warnings and issues.
- add MS-DOS support to cmake.
- default to `ENABLE_THREADED_RESOLVER=OFF` for MS-DOS.
- add support for `WATT_ROOT`.
- use static libcurl with MS-DOS.
- fixup default CMake suffixes/prefixes for DJGPP.
- disable hidden symbols for MS-DOS. Not supported on MS-DOS.
- opt-in MS-DOS into `USE_UNIX_SOCKETS`.
- improve MS-DOS support in autotools.
- default to `--disable-threaded-resolver` for MS-DOS.
- make sure to use `close_s()` (from Watt-32) with autotools and cmake.
`Makefile.mk` used it before this patch.
- GHA: add DJGPP cmake (~30s) and autotools (~60s) build jobs.
Also build tests and examples with cmake.
- improve AmigaOS support in autotools:
- configure: detect `CloseSocket()` when it's a macro.
- configure: fix `IoctlSocket` detection on AmigaOS.
- curl-amissl.m4: pass AmiSSL libs to tests/servers.
- add AmigaOS3 support to cmake:
- cmake: fix `HAVE_IOCTLSOCKET_CAMEL` and
`HAVE_IOCTLSOCKET_CAMEL_FIONBIO` detections.
- set necessary system libs.
- add AmiSSL support.
- inet_ntop, inet_pton: fix using it for AmigaOS. cmake detects them,
and they did not compile with AmigaOS.
- cmake: better sync `gethostname` detection with autotools.
Fixes detection for AmigaOS, where `gethostname` is a macro.
- cmake: fix `sys/utime.h` detection on AmigaOS.
- cmake: force-disable `getaddrinfo` for AmigaOS.
- cmake: tweak threading and static/shared default for AmigaOS.
- cmake: rely on manual variable `AMIGA` to enable the platform.
- GHA: add AmigaOS cmake and autotools (~45s) jobs.
Also build tests and examples with cmake.
- INSTALL: update MS-DOS and AmigaOS build instructions.
- amigaos: fix `-Wpointer-sign` and
`zero or negative size array '_args'` in `Printf()`.
- amigaos: fix `-Wpointer-sign`
- amigaos: fix `-Wredundant-decls` `errno` and `h_errno`.
- amigaos: brute-force silence `lseek()` size warnings.
- amigaos: server/resolve: silence `-Wdiscarded-qualifiers`.
- amigaos: server/resolve: fix `-Wpointer-sign`.
- amigaos: fix `CURL_SA_FAMILY_T` type.
- nonblock: prefer `HAVE_IOCTLSOCKET_CAMEL_FIONBIO` for AmigaOS.
`ioctl` is also detected, but fails when used. Make the above override
it for a successful build. Authored-by: Darren Banfi
Fixes #15537
Closes #15603
- tftpd: prefer `HAVE_IOCTLSOCKET_CAMEL_FIONBIO` for AmigaOS.
- tftpd: tidy-up conditional code.
- curl: set stack size to 16384 for AmigaOS3/4
Overriding the default 4096. Suggested-by: Darren Banfi
Ref: https://github.com/curl/curl/pull/15543#issuecomment-2498783123
Ref: https://wiki.amigaos.net/wiki/Controlling_Application_Stack
- functypes.h: fix `SEND_QUAL_ARG2` for AmigaOS.
- tftp: add missing cast in sendto() call for AmigaOS.
- getinfo: fix warning with AmigaOS.
- tool_operate: silence warning with AmigaOS
- amigaos: fix building libtests due to missing `RLIMIT_NOFILE`.
- curl_gethostname: silence warning for AmigaOS.
- ftp: silence `-Wtype-limits` for AmigaOS.
- libtest: fix timeval initialization for AmigaOS.
- examples: fix `timeval` initialization for AmigaOS.
- examples: silence warning for AmigaOS.
- configure: fix IPv6 detection for cross-builds.
- netrc: fix to build with AmigaOS cleanly.
- buildinfo: detect and add `DOS` tag for MS-DOS builds.
- buildinfo: add `AMIGA` to buildinfo.txt in auttools.
- build: move `USE_WATT32` macro definition to cmake/configure.
Non-MS-DOS/AmigeOS-specific tidy-ups:
- configure: sync `sa_family_t` detection with cmake.
- configure: sync `ADDRESS_FAMILY` detection signals with cmake.
- doh: use `CURL_SA_FAMILY_T`.
- lib: drop mingw-specific `CURL_SA_FAMILY_T` workaround.
- cmake: extend instead of override check-specific
configurations/requirements.
This allows to honor global requirements added earlier.
Necessary for AmigaOS for example.
- cmake: omit warning on disabled IPv6 for MS-DOS and AmigaOS.
No IPv6 support on these platforms. Also sync with autotools.
- lib1960: use libcurl `inet_pton()` wrapper.
- cmake: detect LibreSSL (to match autotools).
- cmake: say the specific OpenSSL flavour detected.
- hostip: add missing `HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID` guard.
- lib: simplify classic mac feature guards.
Viktor Szakats [Wed, 6 Nov 2024 13:00:04 +0000 (14:00 +0100)]
cmake: namespace functions and macros
Prefix (or suffix) curl-defined macro and function names with `curl`.
To avoid collisions with non-curl CMake and to make them recognizable
as curl-specific calls.
Viktor Szakats [Sat, 2 Nov 2024 20:11:28 +0000 (21:11 +0100)]
cmake: clang-cl improvements
- drop `/clang:` prefix for `-W` options for clang-cl.
Except for `-Wall` which gets interpreted as MSVC `/Wall`
and translated to `-Weverything`, which is undesired.
Related: https://github.com/llvm/llvm-project/issues/102982
- include `MSVC_VERSION` in target flags.
Useful for clang-cl builds where this information doesn't appear
elsewhere in the cmake configure log.
- suppress `-Wlanguage-extension-token` more for clang-cl.
This fixes clang-cl builds with default `CURL_WERROR=OFF` and
`PICKY_COMPILER=ON`.
This warning is enabled by `-pedantic` as a warning and by
`-pedantic-errors` as an error. Verifiable using llvm's
`diagtool show-enabled -pedantic test.c`.
Follow-up to fb711b50981e86c9dcdd6c2ba468b5d32edbcfce #15449
Viktor Szakats [Fri, 8 Nov 2024 14:47:19 +0000 (15:47 +0100)]
lib: replace `inline` redefine with `CURL_INLINE` macro
Instead of redefining the `inline` keyword, introduce curl's own
`CURL_INLINE` macro and set it depending on the compiler's capabilities,
or use its value set via custom C flags.
Also keep honoring a custom `inline` macro, if set.
Viktor Szakats [Thu, 31 Oct 2024 11:26:37 +0000 (12:26 +0100)]
cmake: drop redundant FOUND checks (libgsasl, libssh, libuv)
With `find_package(... REQUIRED)` the configuration fails and exits
if the package is not found. The `..._FOUND` check afterwards always
evaluates true and safe to delete.
Also true for brotli and zstd, but those are addressed differently
via #15431.
- autotools: stop promoting variables to macros:
`USE_NGTCP2_CRYPTO_*`, `USE_NGTCP2_H3`, `USE_OPENSSL_H3`,
`HAVE_LIBRESSL`.
They are not used in the source.
- cmake: drop unused `HAVE_O_NONBLOCK`,
`HAVE_DISABLED_NONBLOCKING`.
- lib: drop `NEED_MALLOC_H`.
It was used in manual-build cases for Amiga/MS-DOS/Windows/WinCE, but
never by autotools/cmake, thus apparently unnecessary.
- lib: drop unused `NEED_MEMORY_H`.
- lib: simplify classic mac feature guards,
drop `HAVE_EXTRA_STRICMP_H` and `HAVE_EXTRA_STRDUP_H`.
- autotools: drop unused `HAVE_GETHOSTBYNAME` detection.
- autotools: drop unused OpenSSL feature tests:
`HAVE_ERR_H`, `HAVE_PEM_H`, `HAVE_RSA_H`
- autotools: drop unused OpenSSL feature tests:
`HAVE_X509_H`, `HAVE_CRYPTO_H`, `HAVE_SSL_H`.
They performed a fallback check when the primary check missed
`openssl/x509.h`. Though if any other prefixed headers were found,
OpenSSL is already assumed detected.
The fallback check was looking for 3 unprefixed OpenSSL headers, and
if all found, marked OpenSSL found internally, but did not promote
it to `curl_config.h` via `USE_OPENSSL`. Meaning it either didn't do
anything or may have continued with an inconsistent state.
Added in d99c20f62876457ca6880d706825e68f695bda18 (2008)
At the time, there was an extra `AC_DEFINE(USE_SSLEAY, 1 ...` logic
after this code, which kicked in in the fallback case, but that code
was deleted in 709cf76f6bb7dbaca14e3e8df160ccfac04dcecb (2015)
- autotools: drop `AC_SUBST()` where the value is explicitly set anyway
and the macro is unused.
- autotools: replace `AC_SUBST(VAR, 1)` with local variable assigments,
where the `@VAR@` macro is unused. Also dedupe the local variable if
there was a parallel one used for the same purpose.
- autotools: drop local feature variables that were never used.
- autotools: drop unused `CURL_CHECK_OPTION_NTLM_WB`,
`CURL_CHECK_NTLM_WB`.
Also stop setting unused `NTLM_WB_ENABLED` macro for VMS.
Follow-up to 50def7c881ba560ab6e0235990e8f07fa69f4bc8 #13249
Daniel Stenberg [Thu, 12 Dec 2024 15:02:01 +0000 (16:02 +0100)]
checksrc: ban use of sscanf()
Using sscanf() is not a (security) problem in itself, but we strongly
discorage using it for parsing input since it is hard to use right, easy
to mess up and often makes for sloppy error checking.
Andy Pan [Thu, 12 Dec 2024 12:48:56 +0000 (12:48 +0000)]
async-thread: avoid closing eventfd twice
When employing eventfd for socketpair, there is only one file
descriptor. Closing that fd twice might result in fd corruption.
Thus, we should avoid closing the eventfd twice, following the
pattern in lib/multi.c.
Fixes #15725
Closes #15727 Reported-by: Christian Heusel
Daniel Stenberg [Tue, 10 Dec 2024 11:39:57 +0000 (12:39 +0100)]
cookie: parse only the exact expire date
The date parser function is very forgiving and skips most "irrelevant"
characters in its hunt for a date to figure out. Therefore it is
important to make sure the date string is properly null terminated so
that it does not accidentally parse a piece of whatever text follows
after the date.
Add test483: test (overly) long expire dates in cookies
Viktor Szakats [Mon, 9 Dec 2024 00:57:32 +0000 (01:57 +0100)]
build: fix tests when documentation/manual is disabled
- build: fix to exclude 'documentation' tests when building
the documentation is explicitly disabled. Both for cmake
and `./configure`.
Reported-by: Daniel Engberg
Fixes #15703
- test481, test482: fix for builds with no manual.
Reported-by: Daniel Engberg
Fixes #15703
- configure: fix to always detect Perl. Running tests require
it when run. Before this patch Perl wasn't detected when
documentation/manual/embedded-CA were all disabled,
making tests fail to start.
- test1177: add keyword `documentation`. It depends no
`curl_version_info.3`.
- GHA/linux: test cmake and `./configure` with docs and
manual disabled and tests run.
renovate[bot] [Tue, 3 Dec 2024 14:02:51 +0000 (14:02 +0000)]
GHA: update four depencencies
- github/codeql-action digest to aa57810
- cross-platform-actions/action action to v0.26.0
- actions/cache digest to 1bd1e32
- msys2/setup-msys2 digest to d44ca8e
These file formats are not properly documented elsewhere, plus the
website uses these files to populate the documentation pages to which
users end up via the URLs that are mentioned within the alt-svc and hsts
files.
Marcel Raad [Wed, 4 Dec 2024 00:12:50 +0000 (01:12 +0100)]
test2086: disable MSYS2's POSIX path conversion
Older MSYS2 versions treat the URL as paths list and convert them from
UNIX to Windows format. There's no path here that needs to be
converted, so disable path conversion for this test as done for others.
Daniel Stenberg [Fri, 6 Dec 2024 15:01:50 +0000 (16:01 +0100)]
mprintf: fix the integer overflow checks
When a floating point precision or string width are provided as a
base-10 number, the code could miss to detect integer overflows if the
provided value was exactly 2147483648 or 2147483649 (2147483647 being
the maxium value a signed integer can hold).
The chance that such values would actually ever be used is slim.
This change fixes the detection to also cover those edge cases.
chemodax [Thu, 5 Dec 2024 16:52:12 +0000 (17:52 +0100)]
cmake: set `CURL_STATICLIB` for static lib when `SHARE_LIB_OBJECT=OFF`
When compiled with BUILD_STATIC_LIBS=ON and SHARE_LIB_OBJECT=OFF compile
definition CURL_STATICLIB was not set for static library. It seems to be
copy-paste error in the lib/CMakeLists.txt.
Stefan Eissing [Thu, 5 Dec 2024 11:37:38 +0000 (12:37 +0100)]
mime: fix reader stall on small read lengths
The base64 mime encoder stalls when it cannot encode a full 3 byte input
set into the read buffer. The workaround for this limitation was
incomplete and could lead to stalled transfers when the last chunk to
upload was smaller than 4 bytes.
Use a tmp buffer on small reads to allow mime encoders more space to put
their things.
Daniel Stenberg [Wed, 4 Dec 2024 12:59:52 +0000 (13:59 +0100)]
tool_formparse: remove use of sscanf()
In the function for handling 'type=' in the -F command line arguments,
we make the code more lax to accept more strings and thereby also avoid
the use of sscanf().
Daniel Stenberg [Tue, 3 Dec 2024 06:52:48 +0000 (07:52 +0100)]
digest: produce a shorter cnonce in Digest headers
Other programs (Postman, Chrome, Python request) use a 16 byte cnonce
and there are instances of server-side implementations that don't
support the larger lengths curl used previously.
Daniel Stenberg [Wed, 4 Dec 2024 09:23:47 +0000 (10:23 +0100)]
curl: do more command line parsing in sub functions
This moves argument parsing logic for a number of options into sub
functions to reduce the overall complexity of the single getparameter()
function. pmccabe says it takes complexity down from 234 to 147.
The command line options that now has dedicated parser funtions are:
Stefan Eissing [Tue, 26 Nov 2024 10:18:06 +0000 (11:18 +0100)]
curl: use realtime in trace timestamps
Timestamps in trace logs used a mix of realtime and monotonic time
sources, leading to fractional seconds carrying wrong values. Use
realtime only, so the correct nanoseconds are printed.
Fixes #15614 Reported-by: jethrogb on github
Closes #15641
projects / thirdparty / curl.git / log
