Commit graph

793 commits

Author SHA1 Message Date
dependabot[bot]
7e4d516bcb
GHA: bump rojopolis/spellcheck-github-actions to 0.48.0
Bumps [rojopolis/spellcheck-github-actions](https://github.com/rojopolis/spellcheck-github-actions) from 0.47.0 to 0.48.0.
- [Release notes](https://github.com/rojopolis/spellcheck-github-actions/releases)
- [Changelog](https://github.com/rojopolis/spellcheck-github-actions/blob/master/CHANGELOG.md)
- [Commits](ed0756273a...23dc186319)

---
updated-dependencies:
- dependency-name: rojopolis/spellcheck-github-actions
  dependency-version: 0.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Closes #16988
2025-04-08 16:58:10 +02:00
renovate[bot]
c8014fd978
GHA: update openssl/openssl to v3.5.0
Closes #16997
2025-04-08 16:57:08 +02:00
Viktor Szakats
213115bd7e
GHA/configure-vs-cmake: dump generated configs to log
Sometimes it's useful to have a look at the generated `libcurl.pc` and
`curl-config` files.

`cmp-config.pl` normalizes them before diffing, thus doesn't show their
original content.

Closes #16981
2025-04-05 23:03:15 +02:00
Viktor Szakats
bdc42ba23e
GHA/curl-for-win: switch to podman (from docker)
Closes #16727
2025-04-03 23:23:37 +02:00
renovate[bot]
69d58309af
GHA: update cloudflare/quiche to v0.23.5
Closes #16913
2025-04-03 17:44:34 +02:00
Viktor Szakats
5ad32b05d5
GHA/windows: move libssh job from vcpkg to MSYS2
To avoid upstream issue where libssh no longer builds with vcpkg:
```
error: building libssh:x64-windows failed with: BUILD_FAILED
```
Ref: https://github.com/curl/curl/actions/runs/14206672441/job/39805869213?pr=16909#step:5:64

Bug: https://github.com/curl/curl/pull/16909#issuecomment-2770792320

Closes #16910
2025-04-02 01:38:12 +02:00
Viktor Szakats
c6a324d5b9
GHA/windows: make libssh2 install a per job config
To allow making per-job variations for SSH backends.

Also:
- fix Cygwin builds to not ignore per-job `install:` items.
  It worked by accident before this patch.
  Follow-up to 66313cc036 #16629

Closes #16911
2025-04-02 01:14:29 +02:00
Viktor Szakats
fe9c99e377
GHA/windows: drop GnuTLS-fork from vcpkg MultiSSL job
curl now has a working GnuTLS CI job, with tests, with MSYS2.
The MultiSSL build scenario is now tested on macOS.

The vcpkg GnuTLS package seems to have a deep dependency tree with large
packages that need to be rebuilt relatively frequently. Since they can't
fit into to the time limit, these cause CI failures.

To stabilize CI, drop the `shiftmedia-libgnutls` dependency.

Partial revert of e86f99824c #16623
Ref: https://github.com/curl/curl/actions/runs/14192680124/job/39760753274?pr=16902

Closes #16904
2025-04-01 12:48:04 +02:00
Daniel Stenberg
0042f11d6e
GHA: run random curl command lines for N seconds in CI
In the memory and address sanitizer builds.

Verify that nothing unexpected happens.

Starting out with 60 second runs.

The script does not set any seed so it runs with a new random every
time, meaning that if it fails in a single CI run it might not fail in a
subsequent one: but it should still show the full command that failed to
enable us to reproduce it locally. We can work on improving the seed
situation later if this script turns useful.

Closes #16884
2025-04-01 11:31:48 +02:00
renovate[bot]
23dfb47595
GHA: update awslabs/aws-lc to v1.49.0
Closes #16864
2025-03-29 14:04:34 +01:00
Viktor Szakats
c8b0f0c9ad
cmake: add shell completion support
Add the last (*) missing bit for feature parity with autotools.

Also test in CI. Add a new `cmake install` step to GHA/macos.

(*) AFAIK. Let us know if there's something else missing.

Closes #16833
2025-03-28 13:51:38 +01:00
Viktor Szakats
3b6c7142f6
GHA/linux: move pytests to non-valgrind job variants, drop 2 redundant runs
- move pytest from the valgrind variant of the mbedTLS and Rustls jobs
  to their non-valgrind counterpart (they different in C compiler and
  build tool respectively). To parallelize more and finish the workflow
  faster.

- drop pytest from the valgrind variant of the two identical (other than
  the build tool) 'libressl heimdal' jobs. Saves 1.5 minutes CI time.

- drop pytest from the longest valgrind job to make the workflow finish
  almost 2 minutes faster. `sync-resolver` is its unique build propery.
  It wasn't pytested on Azure.

- explicitly install `libnghttp2-dev` and `libldap-dev` to keep them in
  jobs where pytest deps were installing them implicitly before this
  patch.

Before: https://github.com/curl/curl/actions/runs/14118080563
After: https://github.com/curl/curl/actions/runs/14118903372?pr=16851

Closes #16851
2025-03-28 01:25:48 +01:00
Viktor Szakats
8cc05992a8
GHA/linux: enable ECH in Rustls jobs
Closes #16850
2025-03-27 23:42:18 +01:00
Viktor Szakats
44341e736a
runtests: generate certs dynamically, bump to EC-256, tidy up
Before this patch the curl repository and source tarball distribution
contained test certificates as binary blobs. Used by runtests.

Drop these certificates in favor of generating them dynamically as
part of the build process. Both via autotools and CMake.

As part of this, improve certificates, the generator script and process,
file layout, and fix any issue to make it work fast and smooth both in
CI and local builds.

Note, cert generator scripts require OpenSSL >=1.0.2
(or LibreSSL >=3.1.0). Generation requires POSIX shell, also with CMake.
Without a POSIX shell tests relying on TLS (and stunnel) will fail.

Details:

- build: generate certs as part of the test run process.
- build, tests: generate certs in the build directory.
- binarycheck: drop concept of known binary files with hashes.
- binarycheck: move binary check logic into spacecheck and drop this
  separate checker tool.
- build: fix to clean all cert files.
- autotools: fix to not run leaf cert generators in parallel. To avoid
  confusion when updating the revocation database and counter.
- scripts: drop `scripts` subdir, merge two scripts into one,
  auto-generate root cert, allow generating multiple leafs at once.
- scripts: switch to EC-256 keys (was: RSA-2048). For key size and perf.
- scripts: drop `-x` echo, text dumps, most other output. To avoid log
  noise and make it quicker in CI.
- scripts: make it non-RSA-specific.
- scripts: delete unused code.
- scripts: use POSIX shell shebang. Some envs don't have bash (Alpine).
- scripts: pass test pseudo-secrets via the command-line. To avoid:
  ```
  + openssl genrsa -out test-ca.key -passout fd:0 2048
  Invalid password argument, starting with "fd:"
  ```
- cmake: fix to launch generator scripts via the detected POSIX shell.
- cmake: fix `build-certs` rule to not depend on `SRPFILES`
  (`srp-verifier-*`).
- cmake: drop `EXCLUDE_FROM_ALL` for the cert subdir. It makes
  the Visual Studio generator miss to create the `clean-certs`,
  `build-certs` targets. No target depend on them, so they don't execute
  implicitly anyway. Fixes:
  ```
  MSBUILD : error MSB1009: Project file does not exist.
  Switch: clean-certs.vcxproj
  ```
- cmake: add `VERBATIM USES_TERMINAL` to `build-certs` target.
- GHA/linux: install openssl on Alpine, for the cert generator scripts.

Follow-up to 556f722fe3 #16593
Follow-up to fa461b4eff #14486

Closes #16824
2025-03-27 10:21:57 +01:00
Daniel McCarney
6fa31a3043
ci: use rustls-ffi 0.15 deb
Take the latest rustls-ffi version and install it via the upstream
project's `.deb` for x86_64 linux.
2025-03-27 08:47:43 +01:00
Viktor Szakats
4af9d75783
GHA/non-native: revert to bare builds for Android 21
vcpkg requires Android 28 by default after a recent update that's being
deployed onto CI runs (with `libiconv:arm64-android@1.18#1`).

Revert to bare, no-ssl, no-psl configuration for Android 21 jobs to make
them work again.

Bug: https://github.com/curl/curl/pull/16824#issuecomment-2750912507
Ref: https://github.com/microsoft/vcpkg/pull/44424#issuecomment-2753027630

Closes #16832
2025-03-26 03:31:10 +01:00
renovate[bot]
ac3c353747
GHA: update mbedtls to v3.6.3
Closes #16822
2025-03-24 22:36:05 +01:00
Viktor Szakats
579625efa5
test615: fix for Cygwin, unignore in CI
Setting a server-side file read-only by `chmod 0444` has does not
prevent overwriting it via SFTP upload (as tested in CI).

Fix it by setting its MS-DOS read-only attribute in addition. It
requires the Cygwin tool `chattr`.

Also unignore in CI.

Fixes:
```
test 0615...[SFTP put remote failure]
curl returned 0, when expecting 9
 615: exit FAILED
=== Start of file stderr615
   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                  Dload  Upload   Total   Spent    Left  Speed
   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
 100    30    0     0  100    30      0     93 --:--:-- --:--:-- --:--:--    95

 100    30    0     0  100    30      0     92 --:--:-- --:--:-- --:--:--    92
=== End of file stderr615
```
Ref: https://github.com/curl/curl/actions/runs/14037991918/job/39300723214#step:12:1269

Closes #16818
2025-03-24 16:49:57 +01:00
Viktor Szakats
89101fabf8
GHA/windows: dl-mingw PATH follow-up
Follow-up to 468bfc2618 #16813

Closes #16817
2025-03-24 15:34:00 +01:00
Viktor Szakats
ac6f7145a9
GHA/windows: use a pure Cygwin environment
Use the `PATH` `/usr/bin` to avoid any Windows system or 3rd-party tool
installed on the runner machine that may interfere with or add undesired
dependencies to the builds and tests.

Follow-up to d838d43430 #16465
Ref: #16437

Closes #16814
2025-03-24 12:41:52 +01:00
Viktor Szakats
468bfc2618
GHA/windows: boost dl-mingw and cygwin install performance
Install on drive `D:` which has much better write performance than `C:`,
on GitHub Windows runner machines.

- It's bringing down `dl-mingw` installation steps to 5-15s per job,
  from 15s-130s before this patch.

- Saving 30-90s per job in the Cygwin install step.

The before values were fluctuating, but it seems reasonable to expect
saving at least a couple of minutes for each workflow run.

Closes #16813
2025-03-24 12:37:44 +01:00
Viktor Szakats
be21c95740
GHA/windows: install OpenSSH-Windows manually for transparency
To have the current latest version, and to avoid the stale, misleading
versions installed by Chocolatey. It also installs transparently, faster,
and making the source of the binaries clear. Install on drive `D:` for
best performance.

After much detective work it turns out that the OpenSSH Windows versions
installed by Chocolatey aren't what they seem:

- The latest pre-release named 9.5.0-beta20240403:
  https://community.chocolatey.org/packages/openssh/9.5.0-beta20240403
  is in reality 8.6.0.0p1-Beta from 2021-05-27:
  https://github.com/PowerShell/Win32-OpenSSH/releases/download/V8.6.0.0p1-Beta/OpenSSH-Win64.zip

- The latest "stable" version 8.0.0.1 is in reality:
  https://community.chocolatey.org/packages/openssh/8.0.0.1
  is in reality 8.0.0.0p1-Beta:
  https://github.com/PowerShell/Win32-OpenSSH/releases/download/v8.0.0.0p1-Beta/OpenSSH-Win64.zip

Ref: https://github.com/curl/curl/pull/16803#issuecomment-2746365654
Follow-up to 67a7775d12 #16704
Follow-up to 0ec72c1ef8 #16672

Closes #16811
2025-03-24 12:37:44 +01:00
Viktor Szakats
e7944fb3da
GHA: extend clang-tidy jobs with more build options, add Windows job
- linux: wolfssl, wolfssh (replacing libssh2), ech, kerberos/GSSAPI,
  ssls-export (libssh2 remains tested on macos.)

- macos: brotli, zstd, c-ares, gnutls, mbedtls, gsasl, rtmp, ssls-export

- windows: new job with schannel, sspi, winidn, winldap, ssls-export

- unit3205: fix/silence remaining NULL dereferences.

Commits fixing the issues found:
cbbccb8b3a #16766
554e4c14be #16777

Closes #16764
2025-03-24 12:37:43 +01:00
Viktor Szakats
efa65b24ae
test613: make it pass on Windows, fix postprocess, unignore in CI
- on native Windows (also when using MSYS2 openssh), the group and other
  permissions do not end up as requested by Perl's chmod:
  ```diff
  --- log/8/check-expected
  +++ log/8/check-generated
  @@ -1,3 +1,3 @@
   d?????????    N U         U               N ???  N NN:NN asubdir[LF]
  --rw?rw?rw?    1 U         U              37 Jan  1  2000 plainfile.txt[LF]
  +-rw?r-?r-?    1 U         U              37 Jan  1  2000 plainfile.txt[LF]
   -r-?r-?r-?    1 U         U              47 Dec 31  2000 rofile.txt[LF]
  ```
  Ref: https://github.com/curl/curl/actions/runs/14004029192/job/39215359241?pr=16781#step:15:1596
  Fix it by ignoring group and other attributes.

- fix failing postprocess cleanup by making the read-only test file
  writeable again before deleting it. Fixing:
  ```
  Directory not empty at ../../tests/libtest/test613.pl line 83.
  ```
  (seen on Windows with Git for Windows `perl.exe`)

- unignore in GHA/windows.

Closes #16791
2025-03-24 10:05:17 +01:00
Viktor Szakats
581a7b07a6
test612: SCP rm the uploaded remote file (not the local source), unignore in CI
It accidentally worked on all CI-tested operating systems, except on
native Windows.

Fixing:
```
=== Start of file stderr612
   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                  Dload  Upload   Total   Spent    Left  Speed
[...]
 curl: (21) rm command failed: Operation failed
```
Ref: https://github.com/curl/curl/actions/runs/14004029192/job/39215359241?pr=16781#step:15:1424

Also remove this test from the ignore list in GHA/windows.

Closes #16801
2025-03-24 09:47:59 +01:00
Viktor Szakats
89f306ae40
runtests: fix test key format for libssh2 WinCNG (and others)
SFTP/SCP tests were failing in CI with WinCNG libssh2 since we first
added such job. With `curl: (67) Authentication failure`.

The reason is that the default `ssh-keygen` RSA private key format
changed to OpenSSH (RFC4716) in 2018. libssh2 does not support this
format with some of its crypto backends.

Fix it by generating keys explicitly in PEM format as necessary via
the `-m` option. This format is universally recognized for RSA keys.

2018-08-24: https://www.openssh.com/txt/release-7.8: OpenSSH format becomes default
2010-08-23: https://www.openssh.com/txt/release-5.6: `-m` option first supported

This fixed the auth issue, just to reveal a known flakiness issue in
libssh2 + WinCNG, causing:
```
curl: (2) Failure establishing ssh session: -8, Unable to exchange encryption keys
```
Ref: https://github.com/curl/curl/actions/runs/14000494428/job/39205633258?pr=16781#step:15:1796
Tracked here: https://github.com/libssh2/libssh2/issues/804
Mitigated in libssh2 tests by retrying them.

Due to this, keep ignoring these test results.

Also:
- add an env to customize key format: `CURL_TEST_SSH_KEY_FORMAT`
- display the generated format in the log.
- GHA/linux: document the wolfSSH error code causing it to fail tests:
  ```
  curl: (79) wolfssh SFTP connect error -1051 / WS_MATCH_KEY_ALGO_E / cannot match key algo with peer
  ```

Follow-up to 4911e7af11 #16735
Follow-up to 0ec72c1ef8 #16672
Follow-up to e53523fef0 #14859
Follow-up to e26cbe20cb #13979

Closes #16781
2025-03-23 20:26:26 +01:00
Viktor Szakats
7d313e603b
GHA/linux: fix filter expressions for skipall/skiprun
For cases when `install_steps` contains extra components.

After this patch, msh3 and rustls CM jobs skip building and running
tests, saving 2 minutes CI time, as originally intended.

Closes #16772
2025-03-20 02:00:34 +01:00
Viktor Szakats
7d420a1632
GHA/linux: enable ECH in wolfssl-opensslextra
To have it in the coexist-capable wolfSSL local build. This allows
to test ECH combinations in MultiSSL builds with OpenSSL.

Also enable ECH in the wolfssl-opensslextra consumer job.

Closes #16773
2025-03-20 01:57:44 +01:00
Viktor Szakats
77861ace49
GHA/macos: verbose cmake in test steps
To sync with other workflows, and autotools. To see build details,
including clang-tidy invocations.

Closes #16757
2025-03-18 04:13:50 +01:00
Viktor Szakats
391543f8c6
GHA/windows: skip flaky test 498
On suspect of strain on the runtime env/pipes, disable this test, which
is flaky due to `runtests` detecting a 2009 result code from curl, while
curl is returning the expected 56:

```
test 0498...[Reject too large HTTP response headers on endless redirects]

curl returned 2009, when expecting 56
 498: exit FAILED
== Contents of files in the log/5/ dir after test 498
[...]
   0     0    0     0    0     0      0      0 --:--:--  0:00:10 --:--:--     0
 curl: (56) Too large response headers: 6144086 > 6144000
```

In such cases the number of log lines for this single test is 4800. In
comparison the total number of log lines for a clear test run is 3800.

Seen with mingw, dl-mingw, msvc CI jobs.

Follow-up to 4911e7af11 #16735
Ref: https://github.com/curl/curl/discussions/14854#discussioncomment-12503065

Closes #16748
2025-03-17 15:48:08 +01:00
Viktor Szakats
a4e0063235
GHA/windows: drop redundant manual changes to MSYS2 config
It's done automatically by the `msys2/setup-msys2` action.

Suggested-by: Jeremy Drake
Ref: https://github.com/curl/curl/pull/16672#discussion_r1997699803

Closes #16739
2025-03-17 02:06:23 +01:00
Viktor Szakats
4911e7af11
GHA/windows: unignore 2310, disable SCP/FTP for vcpkg libssh2[core]
Skipping these tests saves time and reduces test logs from 11500 lines
to 3800.

Tests are permanently broken due to `curl: (67) Authentication failure`.
This libssh2 is built with WinCNG. Builds using libcrypto from OpenSSL
work fine.

Closes #16735
2025-03-16 00:09:22 +01:00
Viktor Szakats
d12129dda5
GHA/non-native: drop building docs with autotools on emulated CPU
It saves about 1 minute (10%) per run.
Also reduces log length from 3800 to 2800 lines.

Keep building docs on native CPU.

Closes #16731
2025-03-14 23:08:22 +01:00
Viktor Szakats
67a7775d12
GHA/windows: replace OpenSSH-Windows-Prelease job with standard openssh
After restricting OpenSSH-Windows to a single job, and bumping it to
the pre-release version, that job started hanging then timing out with
reasonable consistency.

Since we saw similar hangs before with OpenSSH-Windows stable, in all
jobs, drop OpenSSH-Windows from CI, and replace it with MSYS openssh.

After this patch, all Windows jobs use MSYS2 or Cygwin openssh.

Follow-up to 0ec72c1ef8 #16672
Closes #16704
2025-03-13 16:47:02 +01:00
Viktor Szakats
d4f9788593
GHA: fix configure disable options
Linux AM openssl https-only:
```
configure: WARNING: unrecognized options: --disable-rtmp, --disable-scp, --disable-sftp
```
Ref: https://github.com/curl/curl/actions/runs/13823209634/job/38673119106#step:31:34

macOS AM clang !ssl HTTP-only:
```
configure: WARNING: unrecognized options: --disable-rtmp, --disable-scp, --disable-sftp, --without-ntlm-auth
```
Ref: https://github.com/curl/curl/actions/runs/13823209638/job/38673115560#step:7:54

Closes #16701
2025-03-13 11:37:30 +01:00
Daniel Stenberg
5273ab4e6d
GHA: do a build-only without the --libcurl option enabled
Closes #16682
2025-03-12 15:23:25 +01:00
Viktor Szakats
0ec72c1ef8
GHA/windows: change openssh server, non-debug-enabled MSVC job, other improvements
MSVC:

- switch jobs to standard openssh server. Reduce exceptions.
- make the SCP/SFTP ignore list more specific and comment with details.
- keep using OpenSSH-Windows for the OpenSSL job, and bump to the
  prerelease version.
- disable `ENABLE_DEBUG` for BoringSSL to have such build tested. (This
  is the first Windows non-ENABLE_DEBUG build with test runs.)

Takeaways:

- test 612 broken on Windows.
- test 613 broken on Windows with the standard openssh server.
- test 614 broken with libssh and OpenSSH-Windows.
- test 3022 broken with libssh2 and OpenSSH-Windows.
- tests broken with OpenSSH-Windows:
  601 603 617 619 621 641 665 2004.
- vcpkg `libssh2[core,zlib]` broken due to:
  curl: (67) Authentication failure

MSVC prep steps:

- install base msys2 package to simplify configuration, align with other
  jobs and allow to use msys2 packages for tests.
- add support for msys2 openssh server. Keep OpenSSH-Windows as per-job
  option. Add support for OpenSSH prerelease versions.
  Prerelease does not make a difference in test results, but, stable was
  last updated in 2019 (v8.0.0.1) and it seems better to use maintained
  release track, with its latest from April 2024 (v9.5.0).
  https://community.chocolatey.org/packages/openssh/8.0.0.1
  https://community.chocolatey.org/packages/openssh
  https://github.com/PowerShell/Win32-OpenSSH
  https://github.com/PowerShell/openssh-portable
- add 'libssh' to its job name.
- make `ENABLE_DEBUG` a per-job option.

msys/mingw:

- install `openssh` later and only when necessary.
- downgrade msys2 runtime later. (to follow other jobs)
- disable `CheckSpace` earlier. Also to untie it from the runtime
  downgrade step, which we would hopefully drop.

Closes #16672
2025-03-12 12:44:42 +01:00
Viktor Szakats
51c9238c76
GHA: enable OpenSSL QUIC in a macOS and MinGW job
Closes #16665
2025-03-11 08:50:08 +01:00
Viktor Szakats
8b1b5cd4d2
DISABLED: add 313 for sectransp (move from GHA/macos)
Closes #16660
2025-03-10 20:58:06 +01:00
Viktor Szakats
f3b599a7e2
GHA/windows: enable H3 in GnuTLS MinGW job
Closes #16635
2025-03-10 01:13:17 +01:00
Viktor Szakats
30739b4d36
libssh2: fix memory leak in SSH_SFTP_REALPATH state
Seen in MSVC libssh2 CI job:
```
test 0615...[SFTP put remote failure]
test 0616...[SFTP retrieval of empty file]
test 0618...[SFTP retrieval of two files]
test 0620...[SFTP retrieval of missing file followed by good file]
test 0622...[SFTP put failure]
test 0637...[SFTP retrieval with invalid X- range]
test 0640...[SFTP --head retrieval]
  ** MEMORY FAILURE
  Leak detected: memory still allocated: 22 bytes
  At 2ae5b8a7ab8, there's 22 bytes.
   allocated by D:/a/curl/curl/lib/vssh/libssh2.c:2006
```
https://github.com/curl/curl/actions/runs/13752652590/job/38455575042?pr=16636#step:14:3907
https://github.com/curl/curl/actions/runs/13752879003/job/38456075461
https://github.com/curl/curl/actions/runs/13753706458/job/38457888479

Bug: https://github.com/curl/curl/pull/16636#issuecomment-2709086838
Co-authored-by: Daniel Stenberg

Closes #16639
2025-03-10 01:13:05 +01:00
Viktor Szakats
61d30615e4
runtests: fix SSH server not starting in cases, re-ignore failing vcpkg CI jobs
Replace `Cwd::abs_path()` with `File::Spec->rel2abs()`. The former
requires the file to exist, but in some cases, it's missing.

Seen in MSVC vcpkg jobs using Chocolatey OpenSSH v8.0.0.1 ending up with
`$path=/d/a/curl/curl/bld/tests/log/3/server/ssh_server.pid`, which does
not exist while converting to an absolute path (the path is already
absolute, but the conversion is done unconditionally):
```
Use of uninitialized value in subroutine entry at D:/a/curl/curl/tests/pathhelp.pm line 128.
can't convert empty path at D:/a/curl/curl/tests/pathhelp.pm line 128.
```
Ref: https://github.com/curl/curl/actions/runs/13747741797/job/38444844173#step:14:1233 (master)
Ref: https://github.com/curl/curl/actions/runs/13751862952/job/38453816737#step:14:3185 (trace)

Also ignore 3 new libssh2 jobs failing due to memleak.

Partial revert of 1bd5ac998b #16570

Closes #16636
2025-03-09 23:28:07 +01:00
Viktor Szakats
7e282e18a5
lib2302: fix crash due to stack overflow on MSVC and clang Windows
It fixes test 2302, 2303, 2307 with MSVC and clang on Windows.
GCC Windows builds were not affected.

Failure was caused by stack overflow due to a 1MB+ sized test struct on
stack. Replace it with dynamic allocation.

Also unignore affected tests in GHA/windows.

As seen under WINE with llvm-mingw:
```
$ wine64 libtests.exe lib2302 ws://127.0.0.1:59964/2302 > stdout2302 2> stderr2302
Test: lib2302
URL: ws://127.0.0.1:59964/2302
wine: Unhandled stack overflow at address 000000014007486A (thread 0024), starting debugger...
Unhandled exception: stack overflow in 64-bit code (0x000000014007486a).
```

Ref: #16629 (discovery)
Ref: 1bd5ac998b #16570

Closes #16630
2025-03-09 11:53:12 +01:00
Viktor Szakats
66313cc036
GHA/windows: add GnuTLS job, drop default OpenSSL for Cygwin/MSYS2 jobs
To allow selecting the TLS backend(s) for each individual job.

Closes #16629
2025-03-09 03:30:42 +01:00
Viktor Szakats
e86f99824c
GHA/windows: re-add GnuTLS for vcpkg, improve perf by building examples less
The GnuTLS MSVC/vcpkg build doesn't actually work on Windows. Let's
restore the build itself, to keep it fit for more testing. With disabled
tests (and examples) to keep it fast and not add to flakiness.

Also:
- enable GnuTLS in the MultiSSL job.
- limit building examples to one normal and one UWP job. It saves
  6 x 1-1.5 minutes. Coverage remains the same, because example builds
  only depend on the toolchain / target, not on the actual features
  (except IPv6, but that's enabled for all.)

Closes #16623
2025-03-08 23:49:10 +01:00
renovate[bot]
8f700cf5f9
GHA: update dependency cloudflare/quiche to v0.23.4
Closes #16618
2025-03-08 12:19:12 +01:00
Viktor Szakats
27d24690a4
GHA/windows: msys/mingw improvements
- enable zstd in Cygwin and MSYS jobs.
- dl-mingw: use Ninja in the 9.5.0 (winlibs-mingw) job.
  The download package is shipping with it. Saves 15s build time.
  Keep testing GNU Makefiles with the two mingw-builds jobs.
- dl-mingw: split `env` prop to `env` and `ver` to aid integrating with
  MSYS2.
- dl-mingw: install MSYS2 with options to make it quick (<20s).
  It allows to use MSYS2 dependency packages with the downloaded
  toolchains. It also makes configuration cleaner. Install libpsl.
- dl-mingw: enable mbedTLS in the 7.3.0 job.
  (OpenSSL took a long time to install, wolfSSL misses features.)

Assisted-by: Jeremy Drake

Closes #16429
2025-03-07 15:54:59 +01:00
Viktor Szakats
7cc4a23ee4
GHA/windows: ignore flaky 2310 with MSVC again
Follow-up to 1bd5ac998b #16570
2025-03-07 14:28:27 +01:00
Viktor Szakats
9147903366
GHA/macos: add initial pytest support
Add support for running pytest in GHA/macos jobs.

Experimental, with caveats:
- slow.
- `httpd` often fails to start.
- 10-15 tests (depending on C compiler) fail consistently:
  02_20, 02_33, 02_34, 03_01, 03_03, 05_04, 07_42.
- Homebrew build of vsftpd misses TLS support.
- `nghttpx` temporarily disabled for pytest.

You can test pytest by adding `install_steps: pytest` to a job.

Closes #16518
2025-03-07 02:19:28 +01:00
Viktor Szakats
3a8920e5ed
GHA/windows: drop handle64.exe
To test its effect on stability/flakiness of Windows jobs.

Ref: https://github.com/curl/curl/pull/16484#issuecomment-2705016375
Cherry-picked from #16484
Closes #16600
2025-03-06 23:47:27 +01:00