Only the `test-ci` build target sets `--buildinfo` automatically,
since 985f39c0ce. It needs to be set
manually for other targets used in CI, such as `test-torture`,
to enable the `buildinfo.txt` dump in the runtests step.
For Test Clutch. In an attempt to re-sync `targetarch` with the rest of
macOS jobs on the feature matrix page:
https://testclutch.curl.se/static/reports/feature-matrix.html
Before this patch and possibly since the breaking update It's `aarch64e`
for torture jobs and `aarch64` for the rest
(stricly speaking `aarch64e` is the correct value for all macOS jobs, but
autotools and cmake report arm64/aarch64 without the `e`.)
Regression from 985f39c0ce#18147Closes#19601
There are 58 non-compliant files. Mark them with the `notxml` keyword.
Also include the compliant ones in the GHA/checksrc xmllint CI job.
Also:
- delete XML prolog from the 3 test data files that had them.
- FILEFORMAT.md: document the `notxml` keyword.
- FILEFORMAT.md: fix a typo.
Follow-up to de49cc89ab#19470
Follow-up to f3095f0dbd#19528
Follow-up to 87ba80a6dfCloses#19595
Reduce number of files failing `xmllint --format` from 133 to 57 (-76)
(3% of 1894), by replacing `<` and `>` with new macro `%LT` and `%GT`,
in most places, which is in email addresses (192 lines).
Follow-up to a9ec2a676c#19491Closes#19470
Passing the option as-is to libcurl is fine, but checking that the file
exists allows the tool to better provide a helpful message.
This now done for the following options:
--cacert, --crlfile, --knownhosts, --netrc-file, --proxy-cacert amd
--proxy-crlfile
Bonus: bail out properly on OOM errors in the --cert parser.
Reported-by: Wesley Moore
Fixes#19583Closes#19585
- curl_setup.h: replace `_CRT_SECURE_NO_DEPRECATE` with
`_CRT_SECURE_NO_WARNINGS`, which seems to be the preferred,
more recent macro for this. Also syncing with libssh2.
They are equivalent for curl sources with the supported compilers.
- cmake: stop setting `_CRT_SECURE_NO_DEPRECATE` globally for examples.
- examples: suppress CRT deprecation warnings on a per-file basis.
To make it work when compiling examples out of curl's build systems.
Use `_CRT_SECURE_NO_WARNINGS`.
- examples: document the functions requiring `_CRT_SECURE_NO_WARNINGS`.
- examples/block_ip: delete superfluous `_CRT_SECURE_NO_WARNINGS`.
- examples/block_ip: limit `_CRT_NONSTDC_NO_DEPRECATE` to MSVC.
- examples/log_failed_transfers: fix to set `_CRT_SECURE_NO_WARNINGS`
before headers and limit to MSVC.
- curl_setup.h: document which SDKs support `_CRT_NONSTDC_NO_DEPRECATE`.
Closes#19175
The parsing of the HTTP/1.1 formatted request into the h2/h3 header
structures should detect CURLOPT_CUSTOMREQUEST methods and forward them
correctly.
Add test_01_20 to verify
Fixes#19543
Reported-by: Omdahake on github
Closes#19563
Starting with clang 18, stable clang releases start with minor version 1.
Exclude pre-releases with minor version 0 from the compiler warning
options for that major version.
This fixes the build with Android NDK r29, which uses a prerelease
version of clang 21 that doesn't know the new options yet.
Closes#19566
There remain some false positives, hits in test data, and `dir` use,
around 100 issues in total.
There is no plan to enforce badwords on tests.
Also:
- badwords.txt: let a few `manpage[s]` occurrences through
(in Perl code).
Closes#19541
Before this patch `TCP_KEEP*` socket options were unconditionally used
if the build-time SDK supported them. This caused curl logging errors
(or trace messages since #19527) on Windows versions missing support
for them. After this patch, use them only when the runtime environment
supports it and fall back to the alternate method (`SIO_KEEPALIVE_VALS`)
dynamically.
Also:
- log a trace message when using the Win10 method.
- document which SDK versions offer `TCP_KEEP*` macros.
Ref: https://learn.microsoft.com/windows/win32/winsock/ipproto-tcp-socket-options
Ref: https://learn.microsoft.com/windows/win32/winsock/sio-keepalive-vals
Reported-by: Aleksandr Sergeev
Fixes#19520
Follow-up to dc34498d18#19527Closes#19559
- fix test_17_20 flakiness: the test case did not have `nghttpx` in
its parameters, causing it to no check if a reload was necessary.
When that test ran behind one that gave nghttpx another certificate,
eg. in parallel mode, it used the wrong pinned pubkey.
- Have `env` provide lists of HTTP protocol versions available for
testing. Replace parameterized tests on a fixed protocol list with
the dynamic one from env. This makes checks for protocol availability
in the test function bodies superfluous.
refs #19489Closes#19540
test 1459 "SFTP with corrupted known_hosts" was seen failing in the past.
To fix it, the test was automatically disabled when detecting libssh
0.9.3 or older, as in the curl CircleCI job, running on Ubuntu 20.04.
This work for a long time, until bumping the CircleCI runner to Ubuntu
22.04 (to have OpenSSL 3), where the test was running again, and failing
with the isssue seen in the past.
- Test skipped with Ubuntu 20.04 (libssh 0.9.3):
https://app.circleci.com/pipelines/github/curl/curl/16445/workflows/7f198763-e0b0-4037-9245-4c4b40ab8726/jobs/155164
- Failure seen with Ubuntu 22.04 (libssh 0.9.6):
https://app.circleci.com/pipelines/github/curl/curl/16452/workflows/b817a808-0fd4-40b0-8eb0-d064926efe12/jobs/155206?invite=true#step-107-211709_45
- Failure seen with Ubuntu 24.04 (libssh 0.10.6):
https://app.circleci.com/pipelines/github/curl/curl/16455/workflows/86c631f1-3c5f-4438-b398-3df2bdab5d20/jobs/155218
Turns out the issue issue isn't libssh 0.9.3 itself, but
a CircleCI-specific default configuration in `/etc/ssh/ssh_config`:
```
# BEGIN ANSIBLE MANAGED BLOCK
Host *
StrictHostKeyChecking no <------ this particular line
HashKnownHosts no
SendEnv LANG LC_*
# END ANSIBLE MANAGED BLOCK
```
libssh will consult configuration files on hard-coded default system
locations and alter its behavior based on settings found in them.
This libssh behavior is present in all supported versions:
5a2abd34cehttps://gitlab.com/libssh/libssh-mirror/-/tags/libssh-0.9.0
It means the existing disable logic based on libssh version worked by
coincidence, and what needs to be checked is these configurations
to decide if it's safe to run the test. Another, simpler option is
to also accept the result code 67, though in that case the test
wouldn't actually test what we want, but would pass anyway.
With the old `oldlibssh` workaround deleted, and the problematic setting
manually overridden (`StrictHostKeyChecking yes`):
- CircleCI Ubuntu 20.04 passes with 1459 enabled:
https://app.circleci.com/pipelines/github/curl/curl/16483/workflows/87a9f389-76a2-4a32-acde-c0b411a4c842/jobs/155302
- CircleCI Ubuntu 22.04 does too:
https://app.circleci.com/pipelines/github/curl/curl/16483/workflows/87a9f389-76a2-4a32-acde-c0b411a4c842/jobs/155303
To fix, replace the `runtests` `oldlibssh` detection logic to parse
libssh config files (instead of checking for libssh version) and disable
test 1459 based on that. Notice the detection is making a light attempt
to parse these files, and does not implement most config file features
(such as includes, quoted values and `=` operator.)
The new runtests workaround tests OK with the:
- default CircleCI configuration, disabling 1459 automatically.
- a sudoless configuration fix, with 1459 run successfully.
Also keep setting this option in CircleCI jobs.
- a sudo configuration fix, with 1459 run successfully.
Ref: https://app.circleci.com/pipelines/github/curl/curl/16492/workflows/56f39335-97ba-412c-9a9b-3d662694375a
GHA jobs are not affected and they work fine, with 1459 running successfully
before and after this patch.
It's possible the libssh API offers ways to control config file use
and/or set the strict host checking option programatically. Maybe
to enable in debug mode (albeit CircleCI job are not debug-enabled),
or offer an option for them. It may be something for a future patch.
Follow-up to 23540923e1#8622
Follow-up to 4b01a57c95#8548
Follow-up to bdc664a640#8490
Follow-up to 7c140f6b2d#8444
Ref: 6d9c5c91b9#19549Closes#19557
The mistake is harmless because it is still a size of a pointer, but
this is the correct pointer.
Acked-by: Daniel McCarney
Reported-by: pelioro on hackerone
Bug: https://hackerone.com/reports/3427460Closes#19545
