Resolve conf #26
Open
Resolve conf #26
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Turns out the cause of CodeQL hangs (or probably just extreme long compile) is the header `curl/typecheck-gcc.h`. By accident I noticed that the preprocessed output of libtests.c is 75 MB (megabytes). This is much higher than the amounf of source code hinted, also compared to e.g. units.c or other build targets. The reason for the extreme size is each easy option call pulling in the large checker logic defined in this header. By compiling with `-DCURL_DISABLE_TYPECHECK`, preprocessed output drops to 2.2 MB (34x), and the libtests target builds without issues. Also build all tests and examples with the Linux HTTP/3 config, covering 3 more files. With these, CodeQL C coverage is 893 out of 930 (96%) (was: 645 69%) Follow-up to 71fc11e curl#18695 Follow-up to a333fd4 curl#18557 Follow-up to b4922b1 curl#18564 Closes vszakats#11 Closes curl#19632
macOS was chosen because xmllint comes preinstalled, saving the prereq install step. But, macOS's xmllint jobs sometimes doesn't finish in 1m (instead of under 1 second) and gets cancelled, causing flaky failures. Go with Linux and an install phase (of 15s) instead. Examples: https://github.com/curl/curl/actions/runs/19558021722/job/56004334495 Closes curl#19634
`memdebug.h` must be included last within each source. This breaks when including it in a header, which ends up being included in the middle of other headers, and `memdebug.h` also ending up in the middle of includes. Follow-up to c255d2f curl#19602 Closes curl#19629
This adds support for in-memory CA certs using CURLOPT_CAINFO_BLOB to the GnuTLS backend. Closes curl#19612
Release date 2018-12-01. Has TLS 1.3 support. Closes curl#19609
There are no supported TLS libraries left in "stretch".
If verifypeer and verifyhost are disabled, to not generate a failf() message for failed verifications. Fixes curl#19615 Reported-by: ncaklovic on github Closes curl#19625
…ndows) Replace: - curl_sspi: macro `_tcsncpy()` with `_tcsncpy_s()`. - curlx/fopen: `wcsncpy()` with `wcsncpy_s()`. - curlx/fopen: `wcscpy()` with `wcscpy_s()`. Use of the pre-existing functions were safe. This patch aims to use the recommended Windows CRT functions. Handle errors returned by them. Also to avoid the compiler warnings silenced via `_CRT_SECURE_NO_WARNINGS`: ``` lib/curl_sspi.c(152): warning C4996: 'wcsncpy': This function or variable may be unsafe. Consider using wcsncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. lib/curlx/fopen.c(161): warning C4996: 'wcsncpy': This function or variable may be unsafe. Consider using wcsncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. lib/curlx/fopen.c(162): warning C4996: 'wcscpy': This function or variable may be unsafe. Consider using wcscpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. lib/curlx/fopen.c(174): warning C4996: 'wcsncpy': This function or variable may be unsafe. Consider using wcsncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. lib/curlx/fopen.c(175): warning C4996: 'wcscpy': This function or variable may be unsafe. Consider using wcscpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. ``` Refs: https://learn.microsoft.com/cpp/c-runtime-library/reference/strncpy-strncpy-l-wcsncpy-wcsncpy-l-mbsncpy-mbsncpy-l https://learn.microsoft.com/cpp/c-runtime-library/reference/strncpy-s-strncpy-s-l-wcsncpy-s-wcsncpy-s-l-mbsncpy-s-mbsncpy-s-l https://learn.microsoft.com/cpp/c-runtime-library/security-features-in-the-crt Cherry-picked from curl#19581 (in part) Closes curl#19589
Usage: - autotools: `--disable-typecheck` (or `--enable-typecheck` (default)) - cmake: `-DCURL_DISABLE_TYPECHECK=ON`. To disable `curl_easy_setopt()`/`curl_easy_getinfo()` type checking with supported (new) gcc and clang compilers. It is useful to improve build performance for the `tests/libtest` target. In particular the CodeQL analyzer may take above an hour to compile with type checking enabled, and disabling it brings it down to seconds. On local machines it may also cut build times in half when build testdeps, depending on platform and compiler. Other than these cases, we recommend leaving type checking enabled. Ref: fdacf34 curl#19632 Also: - GHA/codeql: use it. - test1165: check in `include/curl`. - lib1912: delete stray todo comment. - spelling and comment nits. Closes curl#19637
When OpenSSL fails to verify the peer certificate, we checked for one specific reason code and did not ask Apple SecTrust for any other failure. Always ask Apple SecTrust after OpenSSL fails when the `native_ca_store` is enabled. If the user configures a CAfile or CApath, the native store is disabled, so this does not affect use cases where users asks curl to use a specific set of trust anchors. Do the same for GnuTLS Fixes curl#19636 Reported-by: ffath-vo on github Closes curl#19638
In smb_send_message, although it could never actually overflow it might as well be done correctly. Also do the check earlier. Closes curl#19640
Check size_t conversion on setting these members via CURLMIPT_*. Use members without casting. Closes curl#19618
Follow-up to eaa7651 curl#19589 Closes curl#19641
They are used in Windows-specific `fopen()`, `freopen`, `open()` and `curlx_get_winapi_error()` calls, and in `fix_excessive_path()` in Unicode builds. Refs: https://learn.microsoft.com/cpp/c-runtime-library/reference/mbstowcs-mbstowcs-l https://learn.microsoft.com/cpp/c-runtime-library/reference/mbstowcs-s-mbstowcs-s-l https://learn.microsoft.com/cpp/c-runtime-library/reference/wcstombs-wcstombs-l https://learn.microsoft.com/cpp/c-runtime-library/reference/wcstombs-s-wcstombs-s-l Also ban these functions via checksrc. Co-authored-by: Jay Satiro Closes curl#19581
This reverts commit a439fc0. It requires a version of libnettle that is not included in these Ubuntu versions: "Libnettle 3.10 was not found" Closes curl#19642
When glob_url() returns error, stop. Closes curl#19649
If get_args() returns error, do not overwrite the variable in the next call. Also, avoid allocating memory for the default user-agent. Closes curl#19650
For printf()ing the message to show. Closes curl#19651
The freeing of the already allocated hostname is done by Curl_async_shutdown(). This extra free in the RR code path made a double-free. Presumably not detected because the CI torture tests don't run HTTPS-RR enabled? Follow-up to 8d0bfe7 Closes curl#19658
- adjust cipher list in infof() statement for min/max TLS version - skip test_17_07 for wolfSSL 5.8.4 when CHACHA20 is negotiated due to regression with homebrew build on ARM systems. Fixes curl#19644 Reported-by: Viktor Szakats Closes curl#19662
…ADFUNC_PAUSE When a trasfer is paused from a read callback with a CURL_READFUNC_PAUSE code, it should be excluded from the speedcheck. Currently only transfers paused from write callbacks are excluded, because the code only checks for "recv direction" of the transfer. This commit adds a check for "send direction". Issue similar to curl#6358 Closes curl#19653
Enable with "configure --enable-backtrace", inserts a backtrace in the memdump log when a torture test limit is reached. Closes curl#19657
Also: - memdebug: fix symbol collision in unity builds. - memdebug: fix compiler warning by making a variable static. Follow-up to c77bed8 curl#19657 Closes curl#19666
Protect modification to the `membuf` by different threads via a mutex. This ensure that index updates are correct and that data gets written in order. Closes curl#19785
add the debug log before freeing the memory, otherwise another thread might allocate and log it before the free is logged. Follow-up to a7bebd8 Closes curl#19787
Since a7bebd8 made it possible. Closes curl#19786
Previously, an OOM error would just imply not an IPv6 address. Closes curl#19784
Show a message if the CMake version is lower than that when consuming libcurl via the CMake config. The minimum CMake version on consumption is for now the same as the minimum required (v3.7) to build curl itself. Ref: https://cmake.org/cmake/help/v3.7/variable/CMAKE_MINIMUM_REQUIRED_VERSION.html Ref: curl#18704 (discussion) Follow-up to 16f073e curl#16973 Closes curl#19776
Replace `curlx_convert*()` functions with local copies that always use the curlx allocator. Closes curl#19790
To limit raw allocators to `CURLDEBUG` (memdebug/TrackMemory) Windows UNICODE builds. Closes curl#19788
To replace deprecated `strdup()` CRT calls with the recommended `_strdup()`. Refs: https://learn.microsoft.com/cpp/c-runtime-library/reference/strdup-wcsdup https://learn.microsoft.com/cpp/c-runtime-library/reference/strdup-wcsdup-mbsdup Closes curl#19794
```
Use of uninitialized value $cmdhash{"option"} in pattern match (m//) at tests/runtests.pl line 1753.
```
Ref: https://github.com/curl/curl/actions/runs/19833947198/job/56831923295?pr=19794#step:13:3694
Follow-up to 02aa75a curl#19752
Closes curl#19797
In the ssh_state_pkey_init function. Closes curl#19791
To not get a mixup in the memdebug log order. Closes curl#19793
Reported-by: Stanislav Fort (Aisle Research) Closes curl#19802
Move it up two months. It was only ever experimental so this cannot interfere with any production code so shorten the "quarantine". Closes curl#19805
Instead of buffering response body data until it is received by the transfer loop, write the response data directly to the client. Use a connection wide scratch buffer to get the response body from quiche. Eliminates need for maintaining individual buffers for each stream. Fixes curl#19803 Reported-by: Stanislav Fort Closes curl#19806
It displays in version output as WinLDAP and LDAP/1, compared to OpenLDAP/[version] for the OpenLDAP backend code. Closes curl#19808
From `lib/curl*` to `lib/g*`. With fixes to part 1. part 1: 47a1ab2 curl#19764 Closes curl#19800
A fix for the tests that took the longest: - test_05: make the server close the HTTP/1.1 connection when simulating an error during a download. This eliminates waiting for a keepalive timeout - test_02: pause tests with slightly smaller documents, eliminate special setup for HTTP/2. We test stream window handling now elsewhere already - cli_hx_download: run look in 500ms steps instead of 1sec, resuming paused tranfers earlier. Closes curl#19809
Address issues listed in curl#19770: - allow for ngttpx to successfully shut down on last attempt that might extend beyond the finish timestamp - timeline checks: allos `time_starttransfer` to appear anywhere in the timeline as a slow client might seen response data before setting the other counters - dump logs on test_05_02 as it was not reproduced locally Fixes curl#19970 Closes curl#19783
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.