- tests/libtest: move exception to `stub_gssapi.h`.
- tests/libtest: move remaining exception to `testtrace.c`.
- tests/server: drop obsolete exception.
- docs/examples: move `BANNEDFUNC` exceptions to local files (3 lines).
- docs/examples: move `ERRNOVAR` exception to `ephiperfifo.c`.
- docs/examples: drop `typedef struct` (8 files).
- lib/curlx: add `.checksrc` with banned funcs copied from lib.
- checksrc: ban `strncpy`, `strtok_r`, `strtoul` by default.
Drop local bans. Add exception for `strtoul` to `tests/server'.
- lib, src: sync banned funcs.
Also:
- REUSE: drop `stunnel.pem`, it no longer exists.
- docs/examples: formatting.
- docs/examples: simplify some `sizeof()`s.
Closes#17764
Change the signature of `bufq` functions from
* `ssize_t Curl_bufq_*(..., CURLcode *err)` to
* `CURLcode Curl_bufq_*(..., size_t *pn)`
This allows us to write slightly less code and avoids the ssize_t/size_t
conversions in many cases. Also, it gets the function in line with all
the other send/recv signatures.
Added helper functions in `cfilters.h` for sending from/receving into
a bufq.
Fuzzer now fails to build due to these changes and its testing of
the bufq API.
Closes#17396
Flaws in any script or compiled artifact which isn't installed by
default is not considered to be security vulnerabilities.
Closes#17761
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
CMake builds by default don't include a triplet in the `curl -V` output,
but a CMake-specific OS string, which is usually capitalized or stylized,
e.g. "Linux", or "FreeBSD". Make the regexp expression case-insensitive
to handle this.
Follow-up to 171b623759#17653Closes#17756
All arguments and local variables in `http_header_s` were unused when
both `CURL_DISABLE_COOKIES` and `CURL_DISABLE_HSTS` were defined.
Closes https://github.com/curl/curl/pull/17753
It allows to pass `.h` files only where they are really needed, which is
`EXTRA_DIST` (or `*SOURCES`) for autotools.
Also:
- rename variables to be shorter and consistent.
- drop references to non-local headers. We don't need to pass them as
dist sources.
- drop empty variables and references, after the above.
- server: add placeholder `UTIL_H`.
Closes#17745
`brotlicommon` is necessary when linking brotli statically.
E.g. on Alpine Linux with `PKG_CONFIG='pkg-config --static'`.
It also syncs brotli libs listed in `libcurl.pc` and `curl-config` with
those generated by cmake, which already listed `brotlicommon` there.
Also:
- remove workaround from GHA/configure-vs-cmake CI jobs.
Ref: 69cda1b704
Follow-up to f2adb3b6d7#15431
Reported-by: Christopher Boyd
Fixes#17678Closes#17723
- markup some functions UNITTEST, so that they are static unless in a
unit test build
- make some functions #ifdef UNITTESTS as they are only used from unit
tests
- adjusted unit tests accordingly to use local prototypes for functions
not global in the library
Closes#17734
For consistency. RFC 3986 section 2.1 says:
"URI producers and normalizers should use uppercase hexadecimal digits
for all percent-encodings."
Reported-by: Jeroen Ooms
Fixes#17685Closes#17739
curl passes down the capath directly to the backends. OpenSSL will then
delimiter-separate this path internally to support multiple directories
(using its certificate hash scheme). However, the other backends
(wolfSSL, mbedTLS, gnutls) only expect a single directory (and do not
use the hash scheme, preferring to iterate the directory and load all
files). This adjusts the `--capath` documentation to reflect that
multiple paths is an OpenSSL-specific feature. Alternatively, curl could
delimiter-separate these itself, but I'm not sure it's worth it.
Ref https://github.com/JuliaLang/NetworkOptions.jl/issues/41Closes#17737
- cmake: avoid running clang-tidy twice.
- autotools: do not pass curl/libtest-specific macros.
Also:
- autotools: drop `CFLAG_CURL_SYMBOL_HIDING` from libtests.
Unused since 09437d8cd4#14695Closes#17738
Sync how libcurltool is built in different modes and build systems.
cmake:
- build libcurltool with curlx when building shared libcurl.
To make it possible to use standard libcurl when linking tunits.
Also syncing this with autotools.
The remaining difference is that cmake allows to select shared or
static for curl tool and tests/examples independently.
- fix to link with libcurl instead of libcurlu.
To sync with autotools and to link with the standard libcurl for
tool unit tests.
- fix `source_group()` to always include curlx sources.
- add missing 'curlx header files' source group.
autotools:
- build libcurltool without curlx when building static libcurl in
non-unity builds.
To avoid double compilation, just to be thrown away at link time.
Also to sync with unity builds.
both:
- sync source order between autotools and cmake.
- make sure to pass all headers with both autotools and cmake.
This is a no-op with cmake. Maybe a future patch should make sure
to not pass those to remove that noise.
Ref: #17696Closes#17727
* calculate capacity growth on multi's xfer table and bitsets to
work correctly when approaching UINT_MAX
* uint-bset: track the first 64bit slot used. This avoids slot scans
on empty sets.
* uint-tbl: remove restriction to grow ot UINT_MAX, it is multi's
job to enforce limits suitable for its use
* test751: use curl_mfprintf() for error messages
Closes#17731
Instead of CURL_WINDOWS_SSPI.
When running CMake on Windows with no additional parameters (ie default
build configuration), the generated project files do not include the
`secur32.lib` library in the linker settings. This is because
the relevant check was looking at `CURL_WINDOWS_SSPI` instead of
`USE_WINDOWS_SSPI`.
`USE_WINDOWS_SSPI` is enabled when building with SChannel (the default
on Windows), or if `CURL_WINDOWS_SSPI` is specified on the command line.
Follow-up to 0d71b18153#17413Closes#17728
To make all src and test code refer to curlx headers the same way.
Also:
- src: move `curlx.h` include to `tool_setup.h`.
- src/tool_setup.h: drop stray `curlx/timeval.h`.
- servers: de-duplicate `curlx.h` and `curl_setup.h` includes.
- libtests, units: drop stray curlx sub-headers in favor of
`<curlx/curlx.h>`.
- tests: include `curlx.h` with `<>` instead of `""`. To match
other parts of the codebase.
Closes#17680
Make the <dns> tag in a test case control what is stored there. Also
documented. Make test 2102 and 2103 use the new tag.
Lets the test case config the A and AAAA contents the server replies
with. Initial work for the HTTPS RR exists, but does not yet work.
Closes#17543
Replace existing `mk-unity.pl` `--embed` workaround with running
`clang-tidy` manually on individual test source instead. This aligns
with how clang-tidy works and removes `mk-unity.pl` from the solution.
Also:
- mqttd: fix potentially uninitialized buffer by zero filling it.
```
tests/server/mqttd.c:484:41: error: The left operand of '<<' is a garbage value
[clang-analyzer-core.UndefinedBinaryOperatorResult,-warnings-as-errors]
484 | payload_len = (size_t)(buffer[10] << 8) | buffer[11];
| ^
[...]
tests/server/mqttd.c:606:45: error: The left operand of '<<' is a garbage value
[clang-analyzer-core.UndefinedBinaryOperatorResult,-warnings-as-errors]
606 | topiclen = (size_t)(buffer[1 + bytes] << 8) | buffer[2 + bytes];
| ^
```
- sockfilt: fix potential out-of-bound pointer:
```
tests/server/sockfilt.c:1128:33: error: The 2nd argument to 'send' is a buffer
with size 17010 but should be a buffer with size equal to or greater than
the value of the 3rd argument (which is 18446744073709551615)
[clang-analyzer-unix.StdCLibraryFunctions,-warnings-as-errors]
1128 | ssize_t bytes_written = swrite(sockfd, buffer, buffer_len);
| ^
```
- clang-tidy: suppress bogus `bzero()` warnings that happens
inside the notorious `FD_ZERO()` macros, on macOS.
Ref: https://github.com/curl/curl/pull/17680#issuecomment-2991730158Closes#17705
No longer necessary after bumping the default runtime to a version
fixing the previously experienced performance drop.
Thanks to MSYS2/Cygwin teams for the help and fix.
Follow-up to 9a26be1e6a#17708
Follow-up to d4896d94f2#16424Closes#17710
