romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-18 05:56:22 +03:00
Code Issues Projects Releases Packages Wiki Activity
A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. libcurl offers a myriad of powerful features
35448 commits 20 branches 229 tags 262 MiB
Find a file
Viktor Szakats 73840836a5
tests: move GSS-API dynamic stub into debug-mode libcurl 
Replace the `libstubgss.so`-based overload solution with one built into
libcurl at compile-time.

The previous, `LD_PRELOAD`-based, solution was non-portable, allowlisted
for Linux, BSD and Solaris. It also required non-debug builds, which
turned out to be an accidental condition:
7d342c723c. It also required a curl tool
built against a shared libcurl. Detecting this condition wasn't always
accurate, e.g. with certain cmake configurations.

The overload solution also didn't work on macOS, though it theoretically
should have:
- #17653
- #2394

Experiments on making the overload solution work in more envs:
- #17759
  That revealed that it also did not work on NetBSD, in CI.

The replacement solution is overloading the necessary GSS-API functions
for test 2056 and 2057 at compile time. It requires a debug-enabled curl
build (due to its insecure nature).

This makes these tests run on all platforms. Including most GSS jobs in
CI, that are running tests. (the exception is old-linux, non-debug jobs,
where it felt overkill to enable debug for this.)

The refactored GSS stub code needs to overload less than before because
it's free to use the official GSS API. (This didn't work with
the overload solution on Alpine for example). It can also use libcurl
functions, allowing to replace `snprintf()` with `msnprintf()`.

OS/400 is also overloading GSS API functions. I haven't tested how this
works after this PR. In theory it should, because this PR doesn't rely
on preprocessor overrides.

Note that for future GSS tests, it may be necessary to stub these GSS
API functions: `gss_inquire_context()`, `gss_unwrap()`, `gss_wrap()`.
They are on codepaths not (yet) touched by tests.

Also:
- stub-gss: check for token buffer overrun.
- stub-gss: replace size macros with `sizeof()`.
- GHA: enable debug for some jobs with GSS.
- GHA/linux: ignore results for 2056 and 2057 in the valgrind job.
  They leak the same way as seen with 2077 and 2078.
  Ref: 7020ba7979 #17462
  Ref: 146759716c #14430
- GHA/linux: fix to ignore `gss_import_name()` leaks in valgrind builds.
  only.
- lib/vauth/krb5_gssapi: reduce variable scope.
- lib/vauth/spnego_gssapi: reduce variable scope.
- tests/libtest: drop code and build logic dealing with `libstubgss`.
- runtests:
  - drop `ld_preload` feature.
  - drop special handling of `LD_PRELOAD` env in tests.
  - drop logic dealing with shared curl tool detection.
  - drop `LD_PRELOAD` envs from tests.

Follow-up to 56d949d31a #1687

Closes #17752
2025-07-01 00:17:15 +02:00
.circleci CI: fix zizmor 1.9.0 warnings, shellcheck verify CI shell code, fix fallouts 2025-06-06 21:30:43 +02:00
.github tests: move GSS-API dynamic stub into debug-mode libcurl 2025-07-01 00:17:15 +02:00
CMake build: stop checking for sys/stat.h 2025-06-24 09:44:28 +02:00
docs tests: move GSS-API dynamic stub into debug-mode libcurl 2025-07-01 00:17:15 +02:00
include tidy-up: update deprecated status of some symbols/options 2025-06-15 01:38:26 +02:00
lib tests: move GSS-API dynamic stub into debug-mode libcurl 2025-07-01 00:17:15 +02:00
LICENSES copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
m4 build: drop HAVE_SYS_SOCKET_H and HAVE_SYS_TIME_H macros 2025-06-15 18:44:39 +02:00
packages lib: make curlx_wait_ms() and use it 2025-06-19 15:57:37 +02:00
plan9 copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
projects windows: reduce/stop loading DLLs at runtime 2025-06-11 05:39:09 +02:00
scripts unit tests: extract "private" prototypes at build time 2025-06-30 23:16:40 +02:00
src checksrc: reduce exceptions, apply again to curlx 2025-06-27 17:33:35 +02:00
tests tests: move GSS-API dynamic stub into debug-mode libcurl 2025-07-01 00:17:15 +02:00
winbuild lib: make curlx_wait_ms() and use it 2025-06-19 15:57:37 +02:00
.dir-locals.el copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
.git-blame-ignore-revs copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
.gitattributes winbuild: MS-DOS batch tidy-ups 2024-07-02 19:26:15 +02:00
.gitignore tidy-up: .gitignore lines mostly 2025-01-27 20:59:46 +01:00
.mailmap ws: tests and fixes 2025-06-02 11:15:38 +02:00
acinclude.m4 build: drop HAVE_SYS_SOCKET_H and HAVE_SYS_TIME_H macros 2025-06-15 18:44:39 +02:00
appveyor.sh tests: always make bundles, adapt build and tests 2025-06-14 21:08:23 +02:00
appveyor.yml appveyor: move old cmake from VS2008 to VS2010 2025-06-24 09:44:28 +02:00
buildconf copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
CHANGES.md CHANGES: rename to CHANGES.md, no longer generated 2024-08-01 13:37:12 +02:00
CMakeLists.txt cmake: check USE_WINDOWS_SSPI when adding secur32 to CURL_LIBS 2025-06-24 09:57:42 +02:00
configure.ac autotools: detect and link brotlicommon library for brotli 2025-06-25 19:45:35 +02:00
COPYING COPYING: bump copyright year range to 1996 - 2025 2025-01-01 21:12:12 +01:00
curl-config.in curl-config: fix whitespace in usage text 2025-06-27 01:03:08 +02:00
Dockerfile Dockerfile: update debian:bookworm-slim Docker digest to e5865e6 2025-06-11 06:00:17 +02:00
GIT-INFO.md build: drop tool_hugehelp.c.cvs, tidy up macros, drop buildconf.bat 2025-01-26 14:22:49 +01:00
libcurl.pc.in configure: do not echo most inherited LDFLAGS to config files 2024-11-14 09:55:45 +01:00
Makefile.am TLS: remove support for Secure Transport and BearSSL 2025-06-11 07:54:19 +02:00
README docs: minor grammar fixes 2022-09-29 10:44:12 +02:00
README.md spacecheck.pl: drop more exceptions 2025-05-13 16:01:07 +02:00
RELEASE-NOTES RELEASE-NOTES: synced 2025-06-29 17:02:37 +02:00
renovate.json GHA: drop "3" from openssl names and keys 2024-10-23 19:36:03 +02:00
REUSE.toml checksrc: reduce exceptions, apply again to curlx 2025-06-27 17:33:35 +02:00
SECURITY.md docs: Clarify OpenSSF Best Practices vs Scorecard 2024-08-22 11:50:20 +02:00

README.md

curl logo

curl is a command-line tool for transferring data specified with URL syntax. Learn how to use curl by reading the manpage or everything curl.

Find out how to install curl by reading the INSTALL document.

libcurl is the library curl is using to do its job. It is readily available to be used by your software. Read the libcurl manpage to learn how.

Open Source

curl is Open Source and is distributed under an MIT-like license.

Contact

Contact us on a suitable mailing list or use GitHub issues/ pull requests/ discussions.

All contributors to the project are listed in the THANKS document.

Commercial support

For commercial support, maybe private and dedicated help with your problems or applications using (lib)curl visit the support page.

Website

Visit the curl website for the latest news and downloads.

Source code

Download the latest source from the Git server:

git clone https://github.com/curl/curl.git

Security problems

Report suspected security problems via our HackerOne page and not in public.

Notice

curl contains pieces of source code that is Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan. This notice is included here to comply with the distribution terms.

Backers

Thank you to all our backers 🙏 Become a backer.

Sponsors

Support this project by becoming a sponsor.