- cmp-pkg-config.sh: replace `-r -f` with `-rf` to match rest of repo.
- configure.ac: add double quotes for robustness (not a bug).
- curl-openssl.m4: merge nested `if`s.
- CurlTests.c: drop `!= 0`, also to sync with m4.
- CurlTests.c: replace `example.com` with `localhost` in
`gethostbyname()` feature test code. (compile-only, not a bug)
- GHA/http3-linux: drop literal `true` from bool expression.
- lib650: drop redundant `&`.
- move variable/call to left-hand side of equality checks, where
missing.
- perl: detach `<`/`>` from filename in `open()`, where missing.
- schannel: apply two nit fixes lost in rebase.
- scripts/verify-release: drop redundant double quotes.
- scripts/verify-release: exit with error code on error.
- synctime: replace magic numbers with `sizeof()`.
- telnet: add missing parentheses to macro value.
- tests/Makefile.am: use single quotes.
- tool_operate: drop redundant `break` after `return` in VMS code.
- unit2413: drop unused NULL pointer + free call.
- unit2413: fix duplicate test case name.
- urlapi: drop redundant parentheses.
- urlapi: drop `CURL_UNCONST()` that became redundant.
Closes#22186
Where missing. To avoid passing an option by accident.
End-of-option marker (`--`) is not POSIX, but most of these scripts are
internal and/or CI-focused, where this is fine. `maketgz` and
`verify-release` are meant for public use, and I asses this is fine too,
but let us know if this causes issues in real world envs.
Also:
- maketgz: pass args with `:?` to `rm -rf`, where missing.
Cannot cause an actual issue with current code.
- verified `cp`, `rm` instances too, but none were affected.
- tests/cmake/test.sh: replace `$PWD` with `$(pwd)` for sturdiness.
- appveyor.sh: replace `$PWD` with `$(pwd)` for sturdiness.
Assisted-by: Dan Fandrich
Follow-up to 6aab1dc263#19450Closes#22150
- Clarify that the tarball to verify should be put in the same dir you
run the script.
- Verify that the curl version number in the file name matches the
version number within the tarball. To reduce risk for mistakes.
- When verifying using git, do not unpack the tarball. It avoids the
security risk with malicious tarball contents playing tricks on git.
- Only unpack the tarball for git-less verfication.
- Move the source tarball into _tarballs/ instead of overwriting it,
which can be useful in case the verification fails
Closes#22032
This script remakes a provided curl release and verifies that the newly
built version is identical to the original file.
Due to bugs in releases up to and including curl 8.9.1, it does not work
on tarballs generated before commit 754acd1a9d.
Closes#14350