- autotools: fix auto-detection on the Windows platform.
It was mis-detected when targeting Windows XP/2003 64-bit.
It was permanently undetected when building for Windows 32-bit.
```
lib/url.c: In function 'zonefrom_url':
lib/url.c:1802:18: error: implicit declaration of function 'if_nametoindex' [-Wimplicit-function-declaration]
1802 | scopeidx = if_nametoindex(zoneid);
| ^~~~~~~~~~~~~~
lib/url.c:1802:18: error: nested extern declaration of 'if_nametoindex' [-Werror=nested-externs]
```
Ref: https://github.com/curl/curl/actions/runs/16405598782/job/46351023138?pr=17982#step:10:29
Reported-by: LoRd_MuldeR
Fixes#17979
Without this patch the workaround for the 8.15.0 release is:
`export ac_cv_func_if_nametoindex=0` for Windows XP/2003 64-bit.
Background: Checking for the `if_nametoindex()` function via
`AC_CHECK_FUNCS()` (autotools) or `check_function_exists()` (cmake) do
not work on Windows, for two reasons:
- the function may be disabled at compile-time in Windows headers
when targeting old Windows versions (XP or WS2003 in curl context)
via `_WIN32_WINNT`. But it's always present in the system implib
`iphlpapi` where these checks are looking.
- for 32-bit Windows the function signature in the implib requires
a 4-byte argument, while these checks always use no arguments,
making them always fail.
- cmake: call `if_nametoindex` dynamically with mingw-w64 v1.0.
This mingw-w64 version lacks prototype and implib entry for it.
- cmake: add auto-detection for Windows and use as a fallback for
non-pre-fill cases.
- cmake: disable pre-fill with `_CURL_PREFILL=OFF`. (for testing)
- cmake: disable pre-fill for untested compilers. (i.e. non-MSVC,
non-mingw64)
- GHA/windows: make an autotools job build for Windows XP.
Follow-up to 0d71b18153#17413Closes#17982
To fix test 1308 in MultiSSL builds.
Failure was caused by the random number generator virtual function being
NULL, instead of pointing to the implementation in the runtime-selected
TLS backend. This could happen in MultiSSL builds when a functionality
was asking for a random number without triggering a VTLS function table
initialization first. Such functionality is MIME, or form data via MIME.
The reason CI did not catch it in an earlier MultiSSL GHA/windows job,
is that it was a debug-enabled one. In debug-enabled builds the test
runner was overriding the random number generator for all tests.
Fixed this by moving the override to the tests requiring it, via
1fcf22585f#17971, enabling debug builds
to catch this issue.
Enable MultiSSL in two CI jobs, to verify this patch.
Fixing:
```
test 1308...[formpost tests]
libtests returned 44, when expecting 0
1308: exit FAILED
[...]
=== Start of file stderr1308
URL: log/3/test-1308
tests/libtest/lib1308.c:70 Assertion 'res == 0' FAILED: curl_formget returned error
tests/libtest/lib1308.c:72 Assertion 'total_size == 518' FAILED: curl_formget got wrong size back
tests/libtest/lib1308.c:88 Assertion 'res == 0' FAILED: curl_formget returned error
tests/libtest/lib1308.c:89 Assertion 'total_size == 899' FAILED: curl_formget got wrong size back
```
Ref: https://github.com/curl/curl/actions/runs/16387693424/job/46309536359?pr=17963#step:16:2515
Bug: https://github.com/curl/curl/pull/17963#issuecomment-3092282057Closes#17970
Bind them to the (arbitrary choice of) Apple clang and gcc compilers,
respectively.
Also:
- bind existing mbedTLS job to the llvm compiler, to keep the number of
jobs the same as before this patch.
- move OpenLDAP from mbedTLS over to LibreSSL to keep testing it with
all 3 compilers.
- simplify exclusions for clang-tidy and torture jobs.
- tag clang-tidy and torture jobs via `install_steps`.
To avoid keeping around special bool fields.
Closes#17963
In preparation for the removal of Windows CE support.
These jobs were also using a macOS runner, which is a waste. And it'd be
too much effort to move them over to Windows or Linux.
Follow-up to 8491e6574c#17379Closes#17924
No instant benefit, but it brings all Apple jobs into the same workflow.
Then perhaps allows intergrating iOS jobs with macOS ones, and in
the meantime keep them more tightly aligned.
Closes#17912
- GHA/checksrc: make a step name more accurate.
- cmakelint.sh: make sure to run from project root.
To make it easier to run locally.
- cmakelint.sh: use `set -eu`.
Closes#17915
CI check used macOS before this patch, but with the help of Linuxbrew,
latest zizmor and shellcheck are also available on Linux.
Also:
- migrate CI checks to the misc check workflow, to make both shellcheck
use the same, latest, shellcheck version, and to save the overhead of
an extra workflow.
Closes#17911
`checksrc.bat` was outdated and required Perl for `checksrc.pl` anyway.
Rewrite `checksrc-all.sh` in Perl, making it usable in envs without
a POSIX shell.
Closes#17882
- circleci: pipe to tar.
- use long options uniformly.
- sync option order.
- set timeout where missing.
- set retry where missing.
- set `--retry-connrefused` where missing.
- set `--disable` where missing.
- lower 999s timeouts to 120s.
Closes#17851
Replace the `libstubgss.so`-based overload solution with one built into
libcurl at compile-time.
The previous, `LD_PRELOAD`-based, solution was non-portable, allowlisted
for Linux, BSD and Solaris. It also required non-debug builds, which
turned out to be an accidental condition:
7d342c723c. It also required a curl tool
built against a shared libcurl. Detecting this condition wasn't always
accurate, e.g. with certain cmake configurations.
The overload solution also didn't work on macOS, though it theoretically
should have:
- #17653
- #2394
Experiments on making the overload solution work in more envs:
- #17759
That revealed that it also did not work on NetBSD, in CI.
The replacement solution is overloading the necessary GSS-API functions
for test 2056 and 2057 at compile time. It requires a debug-enabled curl
build (due to its insecure nature).
This makes these tests run on all platforms. Including most GSS jobs in
CI, that are running tests. (the exception is old-linux, non-debug jobs,
where it felt overkill to enable debug for this.)
The refactored GSS stub code needs to overload less than before because
it's free to use the official GSS API. (This didn't work with
the overload solution on Alpine for example). It can also use libcurl
functions, allowing to replace `snprintf()` with `msnprintf()`.
OS/400 is also overloading GSS API functions. I haven't tested how this
works after this PR. In theory it should, because this PR doesn't rely
on preprocessor overrides.
Note that for future GSS tests, it may be necessary to stub these GSS
API functions: `gss_inquire_context()`, `gss_unwrap()`, `gss_wrap()`.
They are on codepaths not (yet) touched by tests.
Also:
- stub-gss: check for token buffer overrun.
- stub-gss: replace size macros with `sizeof()`.
- GHA: enable debug for some jobs with GSS.
- GHA/linux: ignore results for 2056 and 2057 in the valgrind job.
They leak the same way as seen with 2077 and 2078.
Ref: 7020ba7979#17462
Ref: 146759716c#14430
- GHA/linux: fix to ignore `gss_import_name()` leaks in valgrind builds.
only.
- lib/vauth/krb5_gssapi: reduce variable scope.
- lib/vauth/spnego_gssapi: reduce variable scope.
- tests/libtest: drop code and build logic dealing with `libstubgss`.
- runtests:
- drop `ld_preload` feature.
- drop special handling of `LD_PRELOAD` env in tests.
- drop logic dealing with shared curl tool detection.
- drop `LD_PRELOAD` envs from tests.
Follow-up to 56d949d31a#1687Closes#17752
Job `name:` now mandatory in zizmor.
Also:
- enclose `name:` values in single-quotes, for uniformity.
- drop `name: checkout` where set, for uniformity.
- dist: also install with cmake.
- dist: replace `make` with `cmake --build` for cmake.
(to make this make-tool agnostic)
- appveyor-status: double-quote shell arguments.
- tweak existing names to be shorter, to sync terms and style across
jobs and steps.
Ref: https://github.com/zizmorcore/zizmor/releases/tag/v1.10.0Closes#17773
`brotlicommon` is necessary when linking brotli statically.
E.g. on Alpine Linux with `PKG_CONFIG='pkg-config --static'`.
It also syncs brotli libs listed in `libcurl.pc` and `curl-config` with
those generated by cmake, which already listed `brotlicommon` there.
Also:
- remove workaround from GHA/configure-vs-cmake CI jobs.
Ref: 69cda1b704
Follow-up to f2adb3b6d7#15431
Reported-by: Christopher Boyd
Fixes#17678Closes#17723
Replace existing `mk-unity.pl` `--embed` workaround with running
`clang-tidy` manually on individual test source instead. This aligns
with how clang-tidy works and removes `mk-unity.pl` from the solution.
Also:
- mqttd: fix potentially uninitialized buffer by zero filling it.
```
tests/server/mqttd.c:484:41: error: The left operand of '<<' is a garbage value
[clang-analyzer-core.UndefinedBinaryOperatorResult,-warnings-as-errors]
484 | payload_len = (size_t)(buffer[10] << 8) | buffer[11];
| ^
[...]
tests/server/mqttd.c:606:45: error: The left operand of '<<' is a garbage value
[clang-analyzer-core.UndefinedBinaryOperatorResult,-warnings-as-errors]
606 | topiclen = (size_t)(buffer[1 + bytes] << 8) | buffer[2 + bytes];
| ^
```
- sockfilt: fix potential out-of-bound pointer:
```
tests/server/sockfilt.c:1128:33: error: The 2nd argument to 'send' is a buffer
with size 17010 but should be a buffer with size equal to or greater than
the value of the 3rd argument (which is 18446744073709551615)
[clang-analyzer-unix.StdCLibraryFunctions,-warnings-as-errors]
1128 | ssize_t bytes_written = swrite(sockfd, buffer, buffer_len);
| ^
```
- clang-tidy: suppress bogus `bzero()` warnings that happens
inside the notorious `FD_ZERO()` macros, on macOS.
Ref: https://github.com/curl/curl/pull/17680#issuecomment-2991730158Closes#17705
No longer necessary after bumping the default runtime to a version
fixing the previously experienced performance drop.
Thanks to MSYS2/Cygwin teams for the help and fix.
Follow-up to 9a26be1e6a#17708
Follow-up to d4896d94f2#16424Closes#17710
