diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index cc78f2bcc4..44f078ce24 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -81,9 +81,16 @@ jobs: install_steps: libressl pytest codeset-test configure: LDFLAGS=-Wl,-rpath,/home/runner/libressl/lib --with-openssl=/home/runner/libressl --with-gssapi --enable-debug - - name: 'libressl krb5 valgrind' + - name: 'libressl krb5 valgrind 1' install_packages: libnghttp2-dev libldap-dev libkrb5-dev valgrind install_steps: libressl + tflags: '--min=870 1 to 950' + generate: -DOPENSSL_ROOT_DIR=/home/runner/libressl -DCURL_USE_GSSAPI=ON -DENABLE_DEBUG=ON -DCURL_LIBCURL_VERSIONED_SYMBOLS=ON + + - name: 'libressl krb5 valgrind 2' + install_packages: libnghttp2-dev libldap-dev libkrb5-dev valgrind + install_steps: libressl + tflags: '--min=900 951 to 9999' generate: -DOPENSSL_ROOT_DIR=/home/runner/libressl -DCURL_USE_GSSAPI=ON -DENABLE_DEBUG=ON -DCURL_LIBCURL_VERSIONED_SYMBOLS=ON - name: 'libressl clang' @@ -95,14 +102,34 @@ jobs: install_steps: wolfssl-all configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-all/lib --with-wolfssl=/home/runner/wolfssl-all --enable-ech --enable-debug - - name: 'wolfssl-opensslextra valgrind' + - name: 'wolfssl-opensslextra valgrind 1' install_packages: valgrind install_steps: wolfssl-opensslextra + tflags: '--min=780 1 to 950' configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-opensslextra/lib --with-wolfssl=/home/runner/wolfssl-opensslextra --enable-ech --enable-debug - - name: 'mbedtls gss valgrind' + - name: 'wolfssl-opensslextra valgrind 2' + install_packages: valgrind + install_steps: wolfssl-opensslextra + tflags: '--min=800 951 to 9999' + configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-opensslextra/lib --with-wolfssl=/home/runner/wolfssl-opensslextra --enable-ech --enable-debug + + - name: 'mbedtls gss valgrind 1' install_packages: libnghttp2-dev libidn2-dev libldap-dev libgss-dev valgrind install_steps: mbedtls + tflags: '--min=830 1 to 950' + generate: >- + -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON + -DMBEDTLS_INCLUDE_DIR=/home/runner/mbedtls/include + -DMBEDTLS_LIBRARY=/home/runner/mbedtls/lib/libmbedtls.a + -DMBEDX509_LIBRARY=/home/runner/mbedtls/lib/libmbedx509.a + -DMBEDCRYPTO_LIBRARY=/home/runner/mbedtls/lib/libmbedcrypto.a + -DCURL_USE_GSSAPI=ON + + - name: 'mbedtls gss valgrind 2' + install_packages: libnghttp2-dev libidn2-dev libldap-dev libgss-dev valgrind + install_steps: mbedtls + tflags: '--min=800 951 to 9999' generate: >- -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON -DMBEDTLS_INCLUDE_DIR=/home/runner/mbedtls/include @@ -152,8 +179,14 @@ jobs: install_steps: pytest configure: --with-openssl --enable-debug --disable-unity - - name: 'openssl libssh2 sync-resolver valgrind' + - name: 'openssl libssh2 sync-resolver valgrind 1' install_packages: libidn2-dev libssh2-1-dev libnghttp2-dev libldap-dev valgrind + tflags: '--min=920 1 to 950' + generate: -DENABLE_DEBUG=ON -DENABLE_THREADED_RESOLVER=OFF + + - name: 'openssl libssh2 sync-resolver valgrind 2' + install_packages: libidn2-dev libssh2-1-dev libnghttp2-dev libldap-dev valgrind + tflags: '--min=910 951 to 9999' generate: -DENABLE_DEBUG=ON -DENABLE_THREADED_RESOLVER=OFF - name: 'openssl' @@ -166,9 +199,16 @@ jobs: configure: CFLAGS=-std=gnu89 --with-openssl --enable-debug --disable-verbose image: 'ubuntu-24.04-arm' - - name: 'openssl -O3 libssh valgrind' + - name: 'openssl -O3 libssh valgrind 1' install_packages: libssh-dev valgrind CFLAGS: -O3 + tflags: '--min=920 1 to 950' + generate: -DENABLE_DEBUG=ON -DCURL_USE_LIBSSH=ON -DCMAKE_UNITY_BUILD_BATCH_SIZE=50 + + - name: 'openssl -O3 libssh valgrind 2' + install_packages: libssh-dev valgrind + CFLAGS: -O3 + tflags: '--min=890 951 to 9999' generate: -DENABLE_DEBUG=ON -DCURL_USE_LIBSSH=ON -DCMAKE_UNITY_BUILD_BATCH_SIZE=50 - name: 'openssl clang krb5 openldap static' @@ -195,17 +235,17 @@ jobs: --without-libssh2 --without-libssh --disable-tftp --disable-ftp --disable-file --disable-smb - - name: 'openssl torture !FTP' + - name: 'openssl torture 1' install_packages: libnghttp2-dev libssh2-1-dev libc-ares-dev - generate: -DCURL_USE_OPENSSL=ON -DENABLE_DEBUG=ON -DENABLE_ARES=ON - tflags: '-t --shallow=25 !FTP --min=1450' + tflags: '-t --shallow=25 --min=920 1 to 950' torture: true + generate: -DCURL_USE_OPENSSL=ON -DENABLE_DEBUG=ON -DENABLE_ARES=ON - - name: 'openssl torture FTP' + - name: 'openssl torture 2' install_packages: libnghttp2-dev libssh2-1-dev libc-ares-dev - generate: -DCURL_USE_OPENSSL=ON -DENABLE_DEBUG=ON -DENABLE_ARES=ON - tflags: '-t --shallow=20 FTP --min=260' + tflags: '-t --shallow=20 --min=900 951 to 9999' torture: true + generate: -DCURL_USE_OPENSSL=ON -DENABLE_DEBUG=ON -DENABLE_ARES=ON - name: 'openssl i686' install_packages: gcc-14-i686-linux-gnu libssl-dev:i386 librtmp-dev:i386 libssh2-1-dev:i386 libidn2-dev:i386 libc-ares-dev:i386 zlib1g-dev:i386 @@ -319,9 +359,16 @@ jobs: configure: --enable-debug --disable-shared --disable-threaded-resolver --with-libssh --with-openssl tflags: '-n --test-duphandle' - - name: 'rustls valgrind' + - name: 'rustls valgrind 1' install_packages: libnghttp2-dev libldap-dev valgrind install_steps: rust rustls + tflags: '--min=780 1 to 950' + generate: -DCURL_USE_RUSTLS=ON -DUSE_ECH=ON -DENABLE_DEBUG=ON + + - name: 'rustls valgrind 2' + install_packages: libnghttp2-dev libldap-dev valgrind + install_steps: rust rustls + tflags: '--min=820 951 to 9999' generate: -DCURL_USE_RUSTLS=ON -DUSE_ECH=ON -DENABLE_DEBUG=ON - name: 'rustls' diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 77bd81ea85..be61c4d312 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -336,18 +336,18 @@ jobs: install: rustls-ffi generate: -DENABLE_DEBUG=ON -DCURL_USE_RUSTLS=ON -DUSE_ECH=ON -DCURL_DISABLE_LDAP=ON tflags: '--min=1650' - - name: 'OpenSSL torture !FTP' + - name: 'OpenSSL torture 1' compiler: clang install: libnghttp3 install_steps: torture generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DUSE_OPENSSL_QUIC=ON - tflags: '-t --shallow=25 !FTP --min=1450' - - name: 'OpenSSL torture FTP' + tflags: '-t --shallow=25 --min=920 1 to 950' + - name: 'OpenSSL torture 2' compiler: clang install: libnghttp3 install_steps: torture generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DUSE_OPENSSL_QUIC=ON - tflags: '-t --shallow=20 FTP --min=260' + tflags: '-t --shallow=20 --min=910 951 to 9999' exclude: # opt out jobs from combinations that have the compiler set manually - { compiler: llvm@18, build: { compiler: 'clang' } } diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 700913e092..d7c2bcd8ce 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -207,7 +207,8 @@ jobs: - { build: 'autotools', sys: 'mingw64' , env: 'x86_64' , tflags: '' , config: '--enable-debug --with-openssl --enable-windows-unicode --enable-ares --with-openssl-quic --enable-shared=no', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-openssl mingw-w64-x86_64-nghttp3 mingw-w64-x86_64-libssh2', name: 'c-ares U' } - { build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: '--min=1650', config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-libssh2', type: 'Debug', name: 'schannel c-ares U' } # MinGW torture - - { build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: '-t --shallow=13 !FTP --min=1300', config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-libssh2', type: 'Debug', name: 'schannel U torture' } + - { build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: '-t --shallow=13 --min=700 1 to 950' , config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-libssh2', type: 'Debug', name: 'schannel U torture 1' } + - { build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: '-t --shallow=13 --min=700 951 to 9999', config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-libssh2', type: 'Debug', name: 'schannel U torture 2' } # WARNING: libssh uses hard-coded world-writable paths (/etc/..., ~/.ssh/) to # read its configuration from, making it vulnerable to attacks on # Windows. Do not use this component till there is a fix for these.