They use Linuxbrew instead of locally built components.
Linuxbrew limitations compared to the locally built components in
GHA/http3-linux:
- libngtcp2 currently supports OpenSSL only.
- wolfssl can't coexist with openssl.
- somewhat tricky configuration with autotools.
Upside is easy of use, always the latest versions (may be downside),
and availability of almost all packages.
Closes#18693
HTTP/3 defines "reserved stream types" that are intended to be ignored
by a receiver. This is part of the "greasing" effort that flexes parts
of the protocol that are needed for future extensions.
curl's OpenSSL-QUIC implementation treated all unexpected streams as
an error. Which seems the right thing to do *but* for these reserved types.
However OpenSSL does not expose this type and thus, curl needs to silently
discard all unexpected streams opened by the server to allow interop
with servers that flex the GREASE parts.
Fixes#18780
Reported-by: Pocs Norbert
Closes#18791
By checking the size of the actual buffer and using that as memcpy
target instead of another union member, this helps readers and static
code analyzers to determine that this is not a buffer overflow.
Ref: #18677Closes#18787
Also:
- point the source tarball to a working URL.
The GitHub release page misses the official source tarball for 4.1.1.
- GHA/linux: switch LibreSSL build to cmake (syncing with http3-linux.)
- GHA/macos: drop no longer needed LibreSSL build workaround.
Closes#18792
- exclude visual studio project templates
- exclude test cases
- allow 'proxys' which is used for "secure proxy" in test code
- allow Tru64 and secur32
Closes#18789
When attempts on all addresses have been started, do no longer set any
EXPIRE_HAPPY_EYEBALLS timeouts.
Fixes#18767
Reported-by: Johannes Schindelin
Closes#18768
Replace them by `curlx_open()` and `curlx_stat()`.
To make it obvious in the source code what is being executed.
Also:
- tests/server: stop overriding `open()` for test servers.
This is critical for the call made from the signal handler.
For other calls, it's an option to use `curlx_open()`, but
doesn't look important enough to do it, following the path
taken with `fopen()`.
Follow-up to 10bac43b87#18774
Follow-up to 20142f5d06#18634
Follow-up to bf7375ecc5#18503Closes#18776
If the source line had square brackets before the match, the stripping
of the banned function left the original line intact, and repeated the
check on it forever. E.g. with banned function `open` in `lib518.c`:
```c
t518_testfd[0] = open(DEV_NULL, O_RDONLY);
```
Closes#18775
By introducing wrappers for them in the curlx namespace:
`curlx_fopen()`, `curlx_fdopen()`, `curlx_fclose()`.
The undefine/redefine/`(function)()` methods broke on systems
implementing these functions as macros. E.g. AIX 32-bit's `fopen()`.
Also:
- rename `lib/fopen.*` to `lib/curl_fopen.*` (for `Curl_fopen()`)
to make room for the newly added `curlx/fopen.h`.
- curlx: move file-related functions from `multibyte.c` to `fopen.c`.
- tests/server: stop using the curl-specific `fopen()` implementation
on Windows. Unicode isn't used by runtests, and it isn't critical to
run tests on longs path. It can be re-enabled if this becomes
necessary, or if the wrapper receives a feature that's critical for
test servers.
Reported-by: Andrew Kirillov
Bug: https://github.com/curl/curl/issues/18510#issuecomment-3274393640
Follow-up to bf7375ecc5#18503
Follow-up to 9863599d69#18502
Follow-up to 3bb5e58c10#17827Closes#18634
Turns out the signal handler on Windows still wasn't signal safe after
the previous round of fix. There is an `open()` call made from there,
and `open` happens to be unconditionally overridden via `curl_setup.h`
on Windows, to its local implementation (`curlx_win32_open()`), which
does memory allocations and potentially other things that are not signal
safe.
This is a temporary fix, till avoiding the override of system symbols
`open` and `stat` on Windows.
FTR this did not fix the CI 2304 errors, diskspace fail or job hangs due
to 0xC0000142 fork failure (it's rare all three occurs in the same run):
https://github.com/curl/curl/actions/runs/18110523584?pr=18774
Ref: #18634
Follow-up e95f509c66#16852Closes#18774
To avoid typos and non-existing options passed to `./configure` in CI
builds.
Also delete obsolete option `--enable-test-bundles` from Circle CI jobs.
Closes#18759
- GHA/checkdocs: rename `spellcheck` job to `pyspelling` to say
the exact tool used.
- GHA/checkdocs: restore a comment.
- GHA/linux: add `-B .` to a cmake configure to avoid warning, and
future breakage.
- autotools: use correct casing for `Schannel`.
- doh: update RFC URL.
- drop redundant parenthesis.
- fix indentation, whitespace.
Closes#18756
Add script to run all Perl sources through `perl -c` to ensure no
issues, and run this script via GHA/checksrc in CI.
Fallouts:
- fix two repeated declarations.
- move `shell_quote()` from `testutil.pm` to `pathhelp.pm`, to
avoid circular dependency in `globalconfig.pm`.
Closes#18745
When there is more than one user-supplied 'Connection: ' header, add
values that curl needs internally to the first one and emit all
subsequent ones thereafter.
Fixes#18662
Reported-by: Evgeny Grin (Karlson2k)
Closes#18686
Since it would indicate errors to the degree that continuing would just
risk hiding the earlier errors or make things weird.
Inspired by a report in Joshua's sarif data
Closes#18646
To avoid depending on Docker Hub, an Docker image and a GitHub Action.
Also to simplify running this check on a local machine.
Pending question if Dependabot and Mend/Renovate will automatically pick
up `requirements-docs.txt`.
Also:
- enable parallel spellchecking. (also to win back the time lost with
installing components directly from Debian and pip.)
- pin `pyspelling`.
- link to official `pyspelling` docs.
Closes#18736
In an attempt to make `brew install` commands initialize faster.
Often this command started with 20-50 seconds of delay before this
patch. This is an attempt to make it launch faster.
Cherry-picked from #18736
