diff --git a/.github/scripts/typos.toml b/.github/scripts/typos.toml index 1a3a80dec3..8d8511953a 100644 --- a/.github/scripts/typos.toml +++ b/.github/scripts/typos.toml @@ -9,6 +9,7 @@ extend-ignore-identifiers-re = [ "^(ECT0|ECT1|HELO|htpts|PASE)$", "^[A-Za-z0-9_-]*(EDE|GOST)[A-Z0-9_-]*$", # ciphers "^0x[0-9a-fA-F]+FUL$", # unsigned long hex literals ending with 'F' + "^[0-9a-zA-Z+]{64,}$", # possibly base64 "^(eyeballers|HELO_smtp|Januar|optin|passin|perfec|SMTP_HELO)$", "^(clen|req_clen|smtp_perform_helo|smtp_state_helo_resp|Tru64|_stati64)$", "(_ccontains|_controllen|O_WRONLY|secur32)", diff --git a/.github/scripts/verify-examples.pl b/.github/scripts/verify-examples.pl index dd6ff8d974..007369b4ab 100755 --- a/.github/scripts/verify-examples.pl +++ b/.github/scripts/verify-examples.pl @@ -37,7 +37,9 @@ if(!@files || $files[0] eq "-h") { } sub testcompile { - my $rc = system('gcc -c test.c -I include -W -Wall -pedantic -Werror -Wno-unused-parameter -Wno-unused-but-set-variable -DCURL_ALLOW_OLD_MULTI_SOCKET -DCURL_DISABLE_DEPRECATION') >> 8; + my $rc = system('gcc -c test.c -I include -W -Wall -pedantic -Werror ' . + '-Wno-unused-parameter -Wno-unused-but-set-variable ' . + '-DCURL_ALLOW_OLD_MULTI_SOCKET -DCURL_DISABLE_DEPRECATION') >> 8; return $rc; } diff --git a/.github/scripts/verify-synopsis.pl b/.github/scripts/verify-synopsis.pl index 00070f318e..02918dd65d 100755 --- a/.github/scripts/verify-synopsis.pl +++ b/.github/scripts/verify-synopsis.pl @@ -35,7 +35,8 @@ if(!@files || $files[0] eq "-h") { } sub testcompile { - my $rc = system('gcc -c test.c -I include -W -Wall -pedantic -Werror -DCURL_ALLOW_OLD_MULTI_SOCKET -DCURL_DISABLE_TYPECHECK') >> 8; + my $rc = system('gcc -c test.c -I include -W -Wall -pedantic -Werror ' . + '-DCURL_ALLOW_OLD_MULTI_SOCKET -DCURL_DISABLE_TYPECHECK') >> 8; return $rc; } diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 17fffca857..3b4a067c24 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -106,8 +106,10 @@ jobs: else eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + export PKG_CONFIG_PATH + # MultiSSL - export PKG_CONFIG_PATH; PKG_CONFIG_PATH="$(brew --prefix c-ares)/lib/pkgconfig:$(brew --prefix mbedtls)/lib/pkgconfig:$(brew --prefix rustls-ffi)/lib/pkgconfig:$(brew --prefix gsasl)/lib/pkgconfig" + PKG_CONFIG_PATH="$(brew --prefix c-ares)/lib/pkgconfig:$(brew --prefix mbedtls)/lib/pkgconfig:$(brew --prefix rustls-ffi)/lib/pkgconfig:$(brew --prefix gsasl)/lib/pkgconfig" cmake -B _bld1 -G Ninja -DCURL_DISABLE_TYPECHECK=ON -DCURL_WERROR=ON -DENABLE_DEBUG=ON \ -DCURL_USE_GNUTLS=ON -DCURL_USE_MBEDTLS=ON -DCURL_USE_RUSTLS=ON -DCURL_USE_WOLFSSL=ON \ -DCURL_USE_GSASL=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON -DUSE_ECH=ON -DENABLE_ARES=ON \ @@ -117,7 +119,7 @@ jobs: cmake --build _bld1 --target curl-examples-build # HTTP/3 - export PKG_CONFIG_PATH; PKG_CONFIG_PATH="$(brew --prefix libnghttp3)/lib/pkgconfig:$(brew --prefix libngtcp2)/lib/pkgconfig:$(brew --prefix gsasl)/lib/pkgconfig" + PKG_CONFIG_PATH="$(brew --prefix libnghttp3)/lib/pkgconfig:$(brew --prefix libngtcp2)/lib/pkgconfig:$(brew --prefix gsasl)/lib/pkgconfig" cmake -B _bld2 -G Ninja -DCURL_DISABLE_TYPECHECK=ON -DCURL_WERROR=ON \ -DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR="$(brew --prefix openssl)" -DUSE_NGTCP2=ON \ -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON \ diff --git a/.github/workflows/configure-vs-cmake.yml b/.github/workflows/configure-vs-cmake.yml index 5f7ce33746..3c8f0249f8 100644 --- a/.github/workflows/configure-vs-cmake.yml +++ b/.github/workflows/configure-vs-cmake.yml @@ -83,8 +83,18 @@ jobs: - name: 'install packages' timeout-minutes: 2 run: | - # shellcheck disable=SC2181,SC2034 - while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew install automake libtool; then break 2; else echo Error: wait to try again; sleep 10; fi; done; false Too many retries; done + # shellcheck disable=SC2181 + while [[ $? == 0 ]]; do + for i in 1 2 3; do + if brew update && brew install automake libtool; then + break 2 + else + echo "Error: wait to try again: $i" + sleep 10 + fi + done + false Too many retries + done - name: 'toolchain versions' run: echo '::group::brew packages installed'; ls -l /opt/homebrew/opt; echo '::endgroup::' diff --git a/.github/workflows/distcheck.yml b/.github/workflows/distcheck.yml index d5272b67c5..d09f45d433 100644 --- a/.github/workflows/distcheck.yml +++ b/.github/workflows/distcheck.yml @@ -322,7 +322,8 @@ jobs: - name: 'via find_package (PREFER_CONFIG=ON)' if: ${{ contains(matrix.image, 'windows') }} run: | - export TEST_CMAKE_FLAGS_PROVIDER='-DCMAKE_FIND_PACKAGE_PREFER_CONFIG=ON -DCURL_ZSTD=OFF -DNGHTTP2_INCLUDE_DIR=C:/msys64/mingw64/include -DNGHTTP2_LIBRARY=C:/msys64/mingw64/lib/libnghttp2.dll.a' + export TEST_CMAKE_FLAGS_PROVIDER='-DCMAKE_FIND_PACKAGE_PREFER_CONFIG=ON -DCURL_ZSTD=OFF' + TEST_CMAKE_FLAGS_PROVIDER+=' -DNGHTTP2_INCLUDE_DIR=C:/msys64/mingw64/include -DNGHTTP2_LIBRARY=C:/msys64/mingw64/lib/libnghttp2.dll.a' export TEST_CMAKE_FLAGS_CONSUMER="${TEST_CMAKE_FLAGS_PROVIDER}" ./tests/cmake/test.sh find_package ${TESTOPTS} -DCURL_USE_OPENSSL=ON diff --git a/.github/workflows/http3-linux.yml b/.github/workflows/http3-linux.yml index 7da5ff5c7d..6ad55a8892 100644 --- a/.github/workflows/http3-linux.yml +++ b/.github/workflows/http3-linux.yml @@ -143,7 +143,8 @@ jobs: cache-name: cache-ngtcp2 with: path: ~/ngtcp2/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.NETTLE_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }} + key: "${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-\ + ${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.NETTLE_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }}" - name: 'cache ngtcp2 boringssl' uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 @@ -161,7 +162,8 @@ jobs: cache-name: cache-nghttp2 with: path: ~/nghttp2/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGHTTP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.NGTCP2_VERSION }}-${{ env.NGHTTP3_VERSION }} + key: "${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGHTTP2_VERSION }}-${{ env.OPENSSL_VERSION }}-\ + ${{ env.NGTCP2_VERSION }}-${{ env.NGHTTP3_VERSION }}" - id: settings if: >- @@ -304,8 +306,11 @@ jobs: --with-openssl make install make clean + export PKG_CONFIG_PATH=/home/runner/openssl/build/lib/pkgconfig + PKG_CONFIG_PATH+=:/home/runner/nettle/build/lib64/pkgconfig + PKG_CONFIG_PATH+=:/home/runner/gnutls/build/lib/pkgconfig + PKG_CONFIG_PATH+=:/home/runner/wolfssl/build/lib/pkgconfig ./configure --disable-dependency-tracking --prefix="$PWD"/build --enable-lib-only \ - PKG_CONFIG_PATH=/home/runner/openssl/build/lib/pkgconfig:/home/runner/nettle/build/lib64/pkgconfig:/home/runner/gnutls/build/lib/pkgconfig:/home/runner/wolfssl/build/lib/pkgconfig \ --with-openssl --with-gnutls --with-wolfssl --with-boringssl \ BORINGSSL_LIBS='-L/home/runner/awslc/build/lib -lssl -lcrypto' \ BORINGSSL_CFLAGS='-I/home/runner/awslc/build/include' @@ -334,8 +339,10 @@ jobs: autoreconf -fi # required (for nghttpx application): libc-ares-dev libev-dev zlib1g-dev # optional (for nghttpx application): libbrotli-dev + export PKG_CONFIG_PATH=/home/runner/openssl/build/lib/pkgconfig + PKG_CONFIG_PATH+=:/home/runner/nghttp3/build/lib/pkgconfig + PKG_CONFIG_PATH+=:/home/runner/ngtcp2/build/lib/pkgconfig ./configure --disable-dependency-tracking --prefix="$PWD"/build --enable-app --enable-http3 \ - PKG_CONFIG_PATH=/home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig \ LDFLAGS=-Wl,-rpath,/home/runner/openssl/build/lib \ --with-libbrotlienc --with-libbrotlidec make install @@ -354,10 +361,10 @@ jobs: matrix: build: - name: 'openssl' - PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig tflags: '--min=1640' + LDFLAGS: -Wl,-rpath,/home/runner/openssl/build/lib + PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig configure: >- - LDFLAGS=-Wl,-rpath,/home/runner/openssl/build/lib --with-openssl=/home/runner/openssl/build --with-ngtcp2=/home/runner/ngtcp2/build --enable-ssls-export - name: 'openssl' @@ -370,44 +377,47 @@ jobs: - name: 'libressl' install_steps: skipall - # Intentionally using '--with-ngtcp2=' to test this way of configuration, in addition to bare '--with-ngtcp2' + 'PKG_CONFIG_PATH' in other jobs. + LDFLAGS: -Wl,-rpath,/home/runner/libressl/build/lib PKG_CONFIG_PATH: /home/runner/libressl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + # Intentionally using '--with-ngtcp2=' to test this way of configuration, in addition to bare '--with-ngtcp2' + 'PKG_CONFIG_PATH' in other jobs. configure: >- - LDFLAGS=-Wl,-rpath,/home/runner/libressl/build/lib --with-openssl=/home/runner/libressl/build --with-ngtcp2=/home/runner/ngtcp2/build --enable-ssls-export --enable-unity - name: 'libressl' - PKG_CONFIG_PATH: /home/runner/libressl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig tflags: '--min=1790' + PKG_CONFIG_PATH: /home/runner/libressl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig generate: >- -DOPENSSL_ROOT_DIR=/home/runner/libressl/build -DUSE_NGTCP2=ON - name: 'awslc' install_steps: skipall - # Intentionally using bare '--with-ngtcp2' + 'PKG_CONFIG_PATH' to test this way of configuration, in addition to '--with-ngtcp2=' in other jobs. + LDFLAGS: -Wl,-rpath,/home/runner/awslc/build/lib PKG_CONFIG_PATH: /home/runner/awslc/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + # Intentionally using bare '--with-ngtcp2' + 'PKG_CONFIG_PATH' to test this way of configuration, in addition to '--with-ngtcp2=' in other jobs. configure: >- - LDFLAGS=-Wl,-rpath,/home/runner/awslc/build/lib --with-openssl=/home/runner/awslc/build --with-ngtcp2 --enable-ssls-export - name: 'awslc' - PKG_CONFIG_PATH: /home/runner/awslc/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig tflags: '--min=1790' + PKG_CONFIG_PATH: /home/runner/awslc/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig generate: >- -DOPENSSL_ROOT_DIR=/home/runner/awslc/build -DUSE_NGTCP2=ON -DBUILD_SHARED_LIBS=OFF -DCMAKE_UNITY_BUILD=ON -DCURL_DROP_UNUSED=ON - name: 'boringssl' install_steps: skipall + LDFLAGS: -Wl,-rpath,/home/runner/boringssl/build/lib PKG_CONFIG_PATH: /home/runner/boringssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig configure: >- - LDFLAGS=-Wl,-rpath,/home/runner/boringssl/build/lib --with-openssl=/home/runner/boringssl/build --with-ngtcp2=/home/runner/ngtcp2-boringssl/build --enable-ssls-export - name: 'boringssl' - PKG_CONFIG_PATH: /home/runner/boringssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2-boringssl/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig tflags: '--min=1790' + PKG_CONFIG_PATH: "/home/runner/boringssl/build/lib/pkgconfig:\ + /home/runner/nghttp3/build/lib/pkgconfig:\ + /home/runner/ngtcp2-boringssl/build/lib/pkgconfig:\ + /home/runner/nghttp2/build/lib/pkgconfig" generate: >- -DOPENSSL_ROOT_DIR=/home/runner/boringssl/build -DUSE_NGTCP2=ON -DBUILD_SHARED_LIBS=OFF -DCMAKE_UNITY_BUILD=ON @@ -415,16 +425,20 @@ jobs: - name: 'gnutls' install_packages: libp11-kit-dev libssh-dev install_steps: skipall - PKG_CONFIG_PATH: /home/runner/nettle/build/lib64/pkgconfig:/home/runner/gnutls/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig LDFLAGS: -Wl,-rpath,/home/runner/gnutls/build/lib -Wl,-rpath,/home/runner/nettle/build/lib64 -Wl,-rpath,/home/runner/ngtcp2/build/lib + PKG_CONFIG_PATH: /home/runner/nettle/build/lib64/pkgconfig:/home/runner/gnutls/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig configure: >- --with-gnutls=/home/runner/gnutls/build --with-ngtcp2=/home/runner/ngtcp2/build --with-libssh --enable-ssls-export - name: 'gnutls' install_packages: libp11-kit-dev libssh-dev - PKG_CONFIG_PATH: /home/runner/nettle/build/lib64/pkgconfig:/home/runner/gnutls/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig - LDFLAGS: -Wl,-rpath,/home/runner/gnutls/build/lib tflags: '--min=1840' + LDFLAGS: -Wl,-rpath,/home/runner/gnutls/build/lib + PKG_CONFIG_PATH: "/home/runner/nettle/build/lib64/pkgconfig:\ + /home/runner/gnutls/build/lib/pkgconfig:\ + /home/runner/nghttp3/build/lib/pkgconfig:\ + /home/runner/ngtcp2/build/lib/pkgconfig:\ + /home/runner/nghttp2/build/lib/pkgconfig" generate: >- -DCURL_USE_GNUTLS=ON -DUSE_NGTCP2=ON -DCURL_USE_LIBSSH=ON -DCMAKE_UNITY_BUILD=ON @@ -432,33 +446,33 @@ jobs: - name: 'wolfssl' install_packages: libssh2-1-dev install_steps: skipall + LDFLAGS: -Wl,-rpath,/home/runner/wolfssl/build/lib PKG_CONFIG_PATH: /home/runner/wolfssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig configure: >- - LDFLAGS=-Wl,-rpath,/home/runner/wolfssl/build/lib --with-wolfssl=/home/runner/wolfssl/build --with-ngtcp2=/home/runner/ngtcp2/build --enable-ech --with-libssh2 --enable-ssls-export --enable-unity - name: 'wolfssl' install_packages: libssh2-1-dev - PKG_CONFIG_PATH: /home/runner/wolfssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig tflags: '--min=1840' + PKG_CONFIG_PATH: /home/runner/wolfssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig generate: >- -DCURL_USE_WOLFSSL=ON -DUSE_NGTCP2=ON -DUSE_ECH=ON - name: 'quiche' install_steps: skipall + LDFLAGS: -Wl,-rpath,/home/runner/quiche/target/release PKG_CONFIG_PATH: /home/runner/nghttp2/build/lib/pkgconfig configure: >- - LDFLAGS=-Wl,-rpath,/home/runner/quiche/target/release --with-openssl=/home/runner/quiche/quiche/deps/boringssl/src --with-quiche=/home/runner/quiche/target/release --with-ca-fallback --enable-unity - name: 'quiche' - PKG_CONFIG_PATH: /home/runner/nghttp2/build/lib/pkgconfig:/home/runner/quiche/target/release tflags: '--min=1790' + PKG_CONFIG_PATH: /home/runner/nghttp2/build/lib/pkgconfig:/home/runner/quiche/target/release generate: >- -DOPENSSL_ROOT_DIR=/home/runner/quiche/quiche/deps/boringssl/src -DUSE_QUICHE=ON @@ -469,7 +483,8 @@ jobs: env: INSTALL_PACKAGES: >- ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') && 'stunnel4 ' || '' }} - ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') && 'apache2 apache2-dev libnghttp2-dev vsftpd dante-server libev-dev' || '' }} + ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') && + 'apache2 apache2-dev libnghttp2-dev vsftpd dante-server libev-dev' || '' }} run: | sudo rm -f /etc/apt/sources.list.d/{azure-cli.sources,microsoft-prod.list,ondrej-ubuntu-php-noble.sources} @@ -572,7 +587,8 @@ jobs: cache-name: cache-ngtcp2 with: path: ~/ngtcp2/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.NETTLE_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }} + key: "${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-\ + ${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.NETTLE_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }}" fail-on-cache-miss: true - name: 'cache ngtcp2 boringssl' diff --git a/.github/workflows/linux-old.yml b/.github/workflows/linux-old.yml index 950c4c16c6..c96da5c7f0 100644 --- a/.github/workflows/linux-old.yml +++ b/.github/workflows/linux-old.yml @@ -69,7 +69,8 @@ jobs: sha256sum freexian-archive-keyring_2022.06.08_all.deb && dpkg -i freexian-archive-keyring_2022.06.08_all.deb echo 'deb http://deb.freexian.com/extended-lts stretch-lts main contrib non-free' | tee /etc/apt/sources.list.d/extended-lts.list apt-get -o Dpkg::Use-Pty=0 update - apt-get -o Dpkg::Use-Pty=0 install -y --no-install-suggests --no-install-recommends make automake autoconf libtool ninja-build gcc pkg-config libpsl-dev libzstd-dev zlib1g-dev libkrb5-dev libldap2-dev stunnel4 + apt-get -o Dpkg::Use-Pty=0 install -y --no-install-suggests --no-install-recommends \ + make automake autoconf libtool ninja-build gcc pkg-config libpsl-dev libzstd-dev zlib1g-dev libkrb5-dev libldap2-dev stunnel4 # GitHub's actions/checkout needs newer glibc and libstdc++. The latter also depends on # gcc-8-base, but it does not actually seem used in our situation and is not available in # the main repo, so force the install. diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 491d8bdd12..f1ae2bcac9 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -74,7 +74,8 @@ jobs: image: ubuntu-24.04-arm install_packages: libidn2-dev libnghttp2-dev libldap-dev libkrb5-dev install_steps: libressl-c-arm pytest codeset-test - configure: LDFLAGS=-Wl,-rpath,/home/runner/libressl/lib --with-openssl=/home/runner/libressl --with-gssapi --enable-debug + LDFLAGS: -Wl,-rpath,/home/runner/libressl/lib + configure: --with-openssl=/home/runner/libressl --with-gssapi --enable-debug - name: 'libressl krb5 valgrind 1' image: ubuntu-24.04-arm @@ -94,26 +95,31 @@ jobs: image: ubuntu-24.04-arm install_packages: clang install_steps: libressl-c-arm - configure: CC=clang LDFLAGS=-Wl,-rpath,/home/runner/libressl/lib --with-openssl=/home/runner/libressl --enable-debug + CC: clang + LDFLAGS: -Wl,-rpath,/home/runner/libressl/lib + configure: --with-openssl=/home/runner/libressl --enable-debug - name: 'wolfssl-all' image: ubuntu-24.04-arm install_steps: wolfssl-all-arm - configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-all/lib --with-wolfssl=/home/runner/wolfssl-all --enable-ech --enable-debug + LDFLAGS: -Wl,-rpath,/home/runner/wolfssl-all/lib + configure: --with-wolfssl=/home/runner/wolfssl-all --enable-ech --enable-debug - name: 'wolfssl-opensslextra valgrind 1' image: ubuntu-24.04-arm install_packages: valgrind install_steps: wolfssl-opensslextra-arm tflags: '--min=780 1 to 950' - configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-opensslextra/lib --with-wolfssl=/home/runner/wolfssl-opensslextra --enable-ech --enable-debug + LDFLAGS: -Wl,-rpath,/home/runner/wolfssl-opensslextra/lib + configure: --with-wolfssl=/home/runner/wolfssl-opensslextra --enable-ech --enable-debug - name: 'wolfssl-opensslextra valgrind 2' image: ubuntu-24.04-arm install_packages: valgrind install_steps: wolfssl-opensslextra-arm tflags: '--min=800 951 to 9999' - configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-opensslextra/lib --with-wolfssl=/home/runner/wolfssl-opensslextra --enable-ech --enable-debug + LDFLAGS: -Wl,-rpath,/home/runner/wolfssl-opensslextra/lib + configure: --with-wolfssl=/home/runner/wolfssl-opensslextra --enable-ech --enable-debug - name: 'mbedtls gss valgrind 1' image: ubuntu-24.04-arm @@ -136,7 +142,9 @@ jobs: - name: 'mbedtls clang' install_packages: libssh-dev libnghttp2-dev libldap-dev clang install_steps: mbedtls-latest-intel pytest - configure: CC=clang LDFLAGS=-Wl,-rpath,/home/runner/mbedtls/lib --with-mbedtls=/home/runner/mbedtls --with-libssh --enable-debug --with-fish-functions-dir --with-zsh-functions-dir + CC: clang + LDFLAGS: -Wl,-rpath,/home/runner/mbedtls/lib + configure: --with-mbedtls=/home/runner/mbedtls --with-libssh --enable-debug --with-fish-functions-dir --with-zsh-functions-dir - name: 'mbedtls-prev' install_packages: libssh2-1-dev libnghttp2-dev libuv1-dev @@ -159,7 +167,8 @@ jobs: - name: 'awslc' install_steps: awslc pytest - configure: LDFLAGS=-Wl,-rpath,/home/runner/awslc/lib --with-openssl=/home/runner/awslc --enable-ech --enable-ntlm + LDFLAGS: -Wl,-rpath,/home/runner/awslc/lib + configure: --with-openssl=/home/runner/awslc --enable-ech --enable-ntlm - name: 'awslc' install_packages: libidn2-dev @@ -212,7 +221,10 @@ jobs: - name: 'openssl clang krb5 openldap static' install_steps: openldap-static install_packages: libidn2-dev libkrb5-dev clang libssl-dev - configure: CC=clang --enable-static --disable-shared --with-openssl --with-gssapi --enable-debug --disable-docs --disable-manual --with-ldap=/home/runner/openldap-static --with-ldap-lib=ldap --with-lber-lib=lber + CC: clang + configure: >- + --enable-static --disable-shared --with-openssl --with-gssapi --enable-debug --disable-docs + --disable-manual --with-ldap=/home/runner/openldap-static --with-ldap-lib=ldap --with-lber-lib=lber - name: 'openssl clang krb5 LTO' image: ubuntu-24.04-arm @@ -251,11 +263,11 @@ jobs: - name: 'openssl i686' install_packages: gcc-14-i686-linux-gnu libssl-dev:i386 libssh2-1-dev:i386 libidn2-dev:i386 libc-ares-dev:i386 zlib1g-dev:i386 + CC: i686-linux-gnu-gcc-14 + LDFLAGS: -L/usr/lib/i386-linux-gnu + PKG_CONFIG_PATH: /usr/lib/i386-linux-gnu/pkgconfig configure: >- - PKG_CONFIG_PATH=/usr/lib/i386-linux-gnu/pkgconfig - CC=i686-linux-gnu-gcc-14 CPPFLAGS=-I/usr/include/i386-linux-gnu - LDFLAGS=-L/usr/lib/i386-linux-gnu --host=i686-linux-gnu --with-openssl --with-libssh2 --with-libidn2 --enable-ares --enable-debug @@ -281,8 +293,16 @@ jobs: install_steps: skiprun mbedtls-latest-intel rustls wolfssl-opensslextra-intel install_steps_brew: gsasl CC: clang-20 - LDFLAGS: -Wl,-rpath,/home/runner/wolfssl-opensslextra/lib -Wl,-rpath,/home/runner/mbedtls/lib -Wl,-rpath,/home/runner/rustls/lib -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/gsasl/lib - PKG_CONFIG_PATH: /home/runner/wolfssl-opensslextra/lib/pkgconfig:/home/runner/mbedtls/lib/pkgconfig:/home/runner/rustls/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/gsasl/lib/pkgconfig + LDFLAGS: >- + -Wl,-rpath,/home/runner/wolfssl-opensslextra/lib + -Wl,-rpath,/home/runner/mbedtls/lib + -Wl,-rpath,/home/runner/rustls/lib + -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/gsasl/lib + + PKG_CONFIG_PATH: "/home/runner/wolfssl-opensslextra/lib/pkgconfig:\ + /home/runner/mbedtls/lib/pkgconfig:\ + /home/runner/rustls/lib/pkgconfig:\ + /home/linuxbrew/.linuxbrew/opt/gsasl/lib/pkgconfig" generate: >- -DCURL_USE_OPENSSL=ON -DCURL_USE_WOLFSSL=ON -DCURL_USE_GNUTLS=ON -DCURL_USE_MBEDTLS=ON -DCURL_USE_RUSTLS=ON -DCURL_USE_GSASL=ON @@ -294,8 +314,15 @@ jobs: install_steps: skiprun install_steps_brew: openssl libngtcp2 libnghttp3 c-ares CC: clang-20 - LDFLAGS: -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/openssl/lib -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/libngtcp2/lib -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/libnghttp3/lib -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/c-ares/lib - PKG_CONFIG_PATH: /home/linuxbrew/.linuxbrew/opt/libngtcp2/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/libnghttp3/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/c-ares/lib/pkgconfig + LDFLAGS: >- + -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/openssl/lib + -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/libngtcp2/lib + -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/libnghttp3/lib + -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/c-ares/lib + + PKG_CONFIG_PATH: "/home/linuxbrew/.linuxbrew/opt/libngtcp2/lib/pkgconfig:\ + /home/linuxbrew/.linuxbrew/opt/libnghttp3/lib/pkgconfig:\ + /home/linuxbrew/.linuxbrew/opt/c-ares/lib/pkgconfig" generate: >- -DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR=/home/linuxbrew/.linuxbrew/opt/openssl -DUSE_NGTCP2=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON -DUSE_HTTPSRR=ON -DENABLE_ARES=ON @@ -305,36 +332,40 @@ jobs: - name: 'address-sanitizer' install_packages: clang-20 libssl-dev libssh-dev libidn2-dev libnghttp2-dev libubsan1 libasan8 libtsan2 install_steps: pytest randcurl + CC: clang-20 CFLAGS: -fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g LDFLAGS: -fsanitize=address,undefined -fno-sanitize-recover=undefined,integer -ldl -lubsan - CC: clang-20 generate: -DENABLE_DEBUG=ON -DCURL_USE_LIBSSH=ON - name: 'address-sanitizer H3 c-ares' install_packages: clang-20 libubsan1 libasan8 libtsan2 install_steps: pytest install_steps_brew: openssl libssh2 libngtcp2 libnghttp3 c-ares + CC: clang-20 CFLAGS: -fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g LDFLAGS: -fsanitize=address,undefined -fno-sanitize-recover=undefined,integer -ldl -lubsan -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/c-ares/lib - PKG_CONFIG_PATH: /home/linuxbrew/.linuxbrew/opt/libssh2/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/libngtcp2/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/libnghttp3/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/c-ares/lib/pkgconfig - CC: clang-20 + PKG_CONFIG_PATH: "/home/linuxbrew/.linuxbrew/opt/libssh2/lib/pkgconfig:\ + /home/linuxbrew/.linuxbrew/opt/libngtcp2/lib/pkgconfig:\ + /home/linuxbrew/.linuxbrew/opt/libnghttp3/lib/pkgconfig:\ + /home/linuxbrew/.linuxbrew/opt/c-ares/lib/pkgconfig" generate: -DENABLE_DEBUG=ON -DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR=/home/linuxbrew/.linuxbrew/opt/openssl -DUSE_NGTCP2=ON -DUSE_SSLS_EXPORT=ON -DENABLE_ARES=ON - name: 'thread-sanitizer' install_packages: clang-20 libtsan2 install_steps: pytest openssl-tsan + CC: clang-20 CFLAGS: -fsanitize=thread -g LDFLAGS: -fsanitize=thread - CC: clang-20 generate: -DOPENSSL_ROOT_DIR=/home/runner/openssl -DENABLE_DEBUG=ON - name: 'memory-sanitizer' install_packages: clang-20 install_steps: randcurl + CC: clang-20 CFLAGS: -fsanitize=memory -Wformat -Werror=format-security -Werror=array-bounds -g LDFLAGS: -fsanitize=memory LIBS: -ldl - configure: CC=clang-20 --without-ssl --without-zlib --without-brotli --without-zstd --without-libpsl --without-nghttp2 --enable-debug + configure: --without-ssl --without-zlib --without-brotli --without-zstd --without-libpsl --without-nghttp2 --enable-debug tflags: '--min=1480' - name: 'event-based' @@ -368,7 +399,8 @@ jobs: - name: 'IntelC openssl' install_packages: libssl-dev install_steps: intelc - configure: CC=icc --enable-debug --with-openssl + CC: icc + configure: --enable-debug --with-openssl - name: 'Slackware !ssl gssapi gcc' # Flags used to build the curl Slackware package, except OpenSSL 1.1.0: diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index fca6719b0f..fb7afc43a0 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -87,8 +87,18 @@ jobs: if: ${{ matrix.build.configure }} timeout-minutes: 5 run: | - # shellcheck disable=SC2181,SC2034 - while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew install automake libtool; then break 2; else echo Error: wait to try again; sleep 10; fi; done; false Too many retries; done + # shellcheck disable=SC2181 + while [[ $? == 0 ]]; do + for i in 1 2 3; do + if brew update && brew install automake libtool; then + break 2 + else + echo "Error: wait to try again: $i" + sleep 10 + fi + done + false Too many retries + done - name: 'toolchain versions' run: | @@ -220,19 +230,24 @@ jobs: configure: --without-ssl --with-brotli --with-zstd --with-apple-idn tflags: '--min=1450' xcode: '' # default Xcode. Set it once to silence actionlint. + - name: '!ssl libssh2 AppleIDN' compiler: clang generate: -DENABLE_DEBUG=ON -DCURL_USE_LIBSSH2=ON -DUSE_APPLE_IDN=ON -DCURL_ENABLE_SSL=OFF -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF tflags: '--min=1550' + - name: 'OpenSSL libssh c-ares' compiler: clang install: libssh configure: --enable-debug --with-libssh --with-openssl=/opt/homebrew/opt/openssl --enable-ares --with-fish-functions-dir --with-zsh-functions-dir + - name: 'OpenSSL libssh' compiler: llvm@18 install: libssh libnghttp3 generate: -DENABLE_DEBUG=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF + - name: '!ssl HTTP-only c-ares' + macos-version-min: '10.15' # Catalina (2019) compiler: clang tflags: '--min=930' generate: >- @@ -244,31 +259,41 @@ jobs: -DCURL_BROTLI=OFF -DCURL_ZLIB=OFF -DCURL_ZSTD=OFF -DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=OFF - macos-version-min: '10.15' # Catalina (2019) - name: 'LibreSSL !ldap +examples' compiler: clang install: libressl install_steps: pytest - generate: -DENABLE_DEBUG=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/libressl -DCURL_DISABLE_LDAP=ON -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF -DCURL_USE_LIBSSH2=OFF -DCURL_ENABLE_NTLM=ON + generate: >- + -DENABLE_DEBUG=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/libressl -DCURL_DISABLE_LDAP=ON -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF + -DCURL_USE_LIBSSH2=OFF -DCURL_ENABLE_NTLM=ON + - name: 'OpenSSL 10.15 C89' + macos-version-min: '10.15' compiler: clang install: libnghttp3 libngtcp2 install_steps: pytest - generate: -DENABLE_DEBUG=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DUSE_NGTCP2=ON -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF -DCURL_USE_LIBSSH2=OFF -DCMAKE_C_STANDARD=90 -DCURL_ENABLE_NTLM=ON - macos-version-min: '10.15' + generate: >- + -DENABLE_DEBUG=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DUSE_NGTCP2=ON -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF -DCURL_USE_LIBSSH2=OFF + -DCMAKE_C_STANDARD=90 -DCURL_ENABLE_NTLM=ON + - name: 'OpenSSL SecTrust' compiler: clang install: libnghttp3 libngtcp2 install_steps: pytest configure: --enable-debug --with-openssl=/opt/homebrew/opt/openssl --with-ngtcp2 --with-apple-sectrust --enable-ntlm + - name: 'OpenSSL event-based' compiler: clang generate: -DENABLE_DEBUG=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF -DCURL_USE_LIBSSH2=OFF -DCURL_ENABLE_NTLM=ON tflags: '--test-event --min=1300' + - name: 'OpenSSL gsasl AppleIDN SecTrust +examples' compiler: clang install: libnghttp3 libngtcp2 gsasl - generate: -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DCURL_USE_GSASL=ON -DUSE_APPLE_IDN=ON -DUSE_NGTCP2=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DUSE_APPLE_SECTRUST=ON -DCURL_ENABLE_NTLM=ON + generate: >- + -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DCURL_USE_GSASL=ON -DUSE_APPLE_IDN=ON -DUSE_NGTCP2=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON + -DUSE_APPLE_SECTRUST=ON -DCURL_ENABLE_NTLM=ON + - name: 'MultiSSL AppleIDN clang-tidy +examples' image: macos-26 compiler: clang @@ -292,7 +317,9 @@ jobs: install_steps: skipall generate: >- -DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DUSE_NGTCP2=ON - -DLDAP_INCLUDE_DIR=/opt/homebrew/opt/openldap/include -DLDAP_LIBRARY=/opt/homebrew/opt/openldap/lib/libldap.dylib -DLDAP_LBER_LIBRARY=/opt/homebrew/opt/openldap/lib/liblber.dylib + -DLDAP_INCLUDE_DIR=/opt/homebrew/opt/openldap/include + -DLDAP_LIBRARY=/opt/homebrew/opt/openldap/lib/libldap.dylib + -DLDAP_LBER_LIBRARY=/opt/homebrew/opt/openldap/lib/liblber.dylib -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/krb5 -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DCURL_CLANG_TIDY=ON -DCLANG_TIDY=/opt/homebrew/opt/llvm/bin/clang-tidy @@ -301,42 +328,60 @@ jobs: - name: 'LibreSSL openldap krb5 c-ares +examples' compiler: clang install: libressl krb5 openldap - generate: -DENABLE_DEBUG=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/libressl -DENABLE_ARES=ON -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/krb5 -DLDAP_INCLUDE_DIR=/opt/homebrew/opt/openldap/include -DLDAP_LIBRARY=/opt/homebrew/opt/openldap/lib/libldap.dylib -DLDAP_LBER_LIBRARY=/opt/homebrew/opt/openldap/lib/liblber.dylib + generate: >- + -DENABLE_DEBUG=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/libressl -DENABLE_ARES=ON -DCURL_USE_GSSAPI=ON + -DGSS_ROOT_DIR=/opt/homebrew/opt/krb5 + -DLDAP_INCLUDE_DIR=/opt/homebrew/opt/openldap/include + -DLDAP_LIBRARY=/opt/homebrew/opt/openldap/lib/libldap.dylib + -DLDAP_LBER_LIBRARY=/opt/homebrew/opt/openldap/lib/liblber.dylib + - name: 'wolfSSL !ldap brotli zstd' compiler: clang install: brotli wolfssl zstd install_steps: pytest generate: -DCURL_USE_WOLFSSL=ON -DCURL_DISABLE_LDAP=ON -DUSE_ECH=ON -DCURL_ENABLE_NTLM=ON + - name: 'mbedTLS !ldap brotli zstd MultiSSL AppleIDN' compiler: llvm@18 install: brotli mbedtls zstd install_steps: codeset-test generate: -DCURL_USE_MBEDTLS=ON -DCURL_DISABLE_LDAP=ON -DCURL_DEFAULT_SSL_BACKEND=mbedtls -DCURL_USE_OPENSSL=ON -DUSE_APPLE_IDN=ON -DCURL_ENABLE_NTLM=ON + - name: 'GnuTLS !ldap krb5 +examples' compiler: clang install: gnutls nettle krb5 - generate: -DENABLE_DEBUG=ON -DCURL_USE_GNUTLS=ON -DCURL_USE_OPENSSL=OFF -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/krb5 -DCURL_DISABLE_LDAP=ON -DUSE_SSLS_EXPORT=ON -DCURL_ENABLE_NTLM=ON + generate: >- + -DENABLE_DEBUG=ON -DCURL_USE_GNUTLS=ON -DCURL_USE_OPENSSL=OFF + -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/krb5 + -DCURL_DISABLE_LDAP=ON -DUSE_SSLS_EXPORT=ON -DCURL_ENABLE_NTLM=ON + - name: 'aws-lc +analyzer' compiler: gcc-15 install: aws-lc - generate: -DENABLE_DEBUG=ON -DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/aws-lc -DUSE_ECH=ON -DCURL_DISABLE_LDAP=ON -DUSE_SSLS_EXPORT=ON -DCURL_GCC_ANALYZER=ON + generate: >- + -DENABLE_DEBUG=ON -DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/aws-lc -DUSE_ECH=ON + -DCURL_DISABLE_LDAP=ON -DUSE_SSLS_EXPORT=ON -DCURL_GCC_ANALYZER=ON + - name: 'Rustls' compiler: clang install: rustls-ffi generate: -DENABLE_DEBUG=ON -DCURL_USE_RUSTLS=ON -DUSE_ECH=ON -DCURL_DISABLE_LDAP=ON -DCURL_ENABLE_NTLM=ON tflags: '--min=1650' + - name: 'OpenSSL torture 1' compiler: clang install: libnghttp3 install_steps: torture generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DCURL_ENABLE_NTLM=ON tflags: '-t --shallow=25 --min=480 1 to 500' + - name: 'OpenSSL torture 2' compiler: clang install: libnghttp3 install_steps: torture generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DCURL_ENABLE_NTLM=ON tflags: '-t --shallow=25 --min=730 501 to 1250' + - name: 'OpenSSL torture 3' compiler: clang install: libnghttp3 @@ -357,9 +402,18 @@ jobs: ${{ contains(matrix.build.install_steps, 'pytest') && 'caddy httpd vsftpd' || '' }} run: | - echo pkgconf libpsl libssh2 ${INSTALL_PACKAGES} ${MATRIX_INSTALL} | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile - # shellcheck disable=SC2181,SC2034 - while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew bundle install --file /tmp/Brewfile; then break 2; else echo Error: wait to try again; sleep 10; fi; done; false Too many retries; done + # shellcheck disable=SC2181 + while [[ $? == 0 ]]; do + for i in 1 2 3; do + if brew update && brew install pkgconf libpsl libssh2 ${INSTALL_PACKAGES} ${MATRIX_INSTALL}; then + break 2 + else + echo "Error: wait to try again: $i" + sleep 10 + fi + done + false Too many retries + done - name: 'brew unlink openssl' if: ${{ contains(matrix.build.install, 'aws-lc') || contains(matrix.build.install, 'libressl') }} @@ -604,8 +658,18 @@ jobs: - name: 'install autotools' if: ${{ matrix.build == 'autotools' }} run: | - # shellcheck disable=SC2181,SC2034 - while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew install automake libtool; then break 2; else echo Error: wait to try again; sleep 10; fi; done; false Too many retries; done + # shellcheck disable=SC2181 + while [[ $? == 0 ]]; do + for i in 1 2 3; do + if brew update && brew install automake libtool; then + break 2 + else + echo "Error: wait to try again: $i" + sleep 10 + fi + done + false Too many retries + done - name: 'toolchain versions' run: | diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index f4ad554a76..6bee3d2eb3 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -80,8 +80,15 @@ jobs: strategy: matrix: include: - - { build: 'autotools', platform: 'x86_64', tflags: 'skiprun', config: '--with-openssl', install: 'libssl-devel libssh2-devel', name: 'openssl R' } - - { build: 'cmake' , platform: 'x86_64', tflags: '' , config: '-DENABLE_DEBUG=ON -DCURL_USE_OPENSSL=ON -DENABLE_THREADED_RESOLVER=OFF -DCURL_ENABLE_NTLM=ON', install: 'libssl-devel libssh2-devel', name: 'openssl' } + - { name: 'openssl R', + build: 'autotools', platform: 'x86_64', tflags: 'skiprun', + config: '--with-openssl', + install: 'libssl-devel libssh2-devel' } + - { name: 'openssl', + build: 'cmake', platform: 'x86_64', tflags: '', + config: '-DENABLE_DEBUG=ON -DCURL_USE_OPENSSL=ON -DENABLE_THREADED_RESOLVER=OFF -DCURL_ENABLE_NTLM=ON', + install: 'libssl-devel libssh2-devel' } + fail-fast: false steps: - uses: cygwin/cygwin-install-action@711d29f3da23c9f4a1798e369a6f01198c13b11a # v6.1 @@ -238,28 +245,75 @@ jobs: matrix: include: # MSYS - - { build: 'autotools', sys: 'msys' , env: 'x86_64' , tflags: '--min=1550', config: '--enable-debug --with-openssl --disable-threaded-resolver --disable-proxy --enable-ntlm', install: 'openssl-devel libssh2-devel', name: '!proxy' } - - { build: 'autotools', sys: 'msys' , env: 'x86_64' , tflags: 'skiprun' , config: '--enable-debug --with-openssl --disable-threaded-resolver --enable-ntlm', install: 'openssl-devel libssh2-devel', name: 'default' } - - { build: 'cmake' , sys: 'msys' , env: 'x86_64' , tflags: '' , config: '-DENABLE_DEBUG=ON -DENABLE_THREADED_RESOLVER=OFF -DCURL_ENABLE_NTLM=ON', install: 'openssl-devel libssh2-devel', name: 'default' } - - { build: 'autotools', sys: 'msys' , env: 'x86_64' , tflags: '' , config: '--with-openssl --enable-ntlm', install: 'openssl-devel libssh2-devel', name: 'default R' } + - { name: '!proxy', + build: 'autotools', sys: 'msys' , env: 'x86_64' , tflags: '--min=1550', + config: '--enable-debug --with-openssl --disable-threaded-resolver --disable-proxy --enable-ntlm', + install: 'openssl-devel libssh2-devel' } + - { name: 'default', + build: 'autotools', sys: 'msys' , env: 'x86_64' , tflags: 'skiprun' , + config: '--enable-debug --with-openssl --disable-threaded-resolver --enable-ntlm', + install: 'openssl-devel libssh2-devel' } + - { name: 'default', + build: 'cmake' , sys: 'msys' , env: 'x86_64' , tflags: '' , + config: '-DENABLE_DEBUG=ON -DENABLE_THREADED_RESOLVER=OFF -DCURL_ENABLE_NTLM=ON', + install: 'openssl-devel libssh2-devel' } + - { name: 'default R', + build: 'autotools', sys: 'msys' , env: 'x86_64' , tflags: '' , + config: '--with-openssl --enable-ntlm', install: 'openssl-devel libssh2-devel' } # MinGW - - { build: 'autotools', sys: 'mingw64' , env: 'x86_64' , tflags: 'skiprun' , config: '--enable-debug --with-openssl --disable-threaded-resolver --enable-static --without-zlib', install: 'mingw-w64-x86_64-openssl mingw-w64-x86_64-libssh2', name: 'default' } - - { build: 'autotools', sys: 'mingw64' , env: 'x86_64' , tflags: '' , config: '--enable-debug --with-openssl --enable-windows-unicode --enable-ares --enable-static --disable-shared --enable-ca-native --enable-ntlm', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-openssl mingw-w64-x86_64-nghttp3 mingw-w64-x86_64-libssh2', name: 'c-ares U' } - - { build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: '--min=1650', config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON -DCURL_DROP_UNUSED=ON', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-libssh2', type: 'Debug', name: 'schannel c-ares U' } + - { name: 'default', + build: 'autotools', sys: 'mingw64' , env: 'x86_64' , tflags: 'skiprun' , + config: '--enable-debug --with-openssl --disable-threaded-resolver --enable-static --without-zlib', + install: 'mingw-w64-x86_64-openssl mingw-w64-x86_64-libssh2' } + - { name: 'c-ares U', + build: 'autotools', sys: 'mingw64' , env: 'x86_64' , tflags: '' , + config: '--enable-debug --with-openssl --enable-windows-unicode --enable-ares --enable-static --disable-shared --enable-ca-native --enable-ntlm', + install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-openssl mingw-w64-x86_64-nghttp3 mingw-w64-x86_64-libssh2' } + - { name: 'schannel c-ares U', type: 'Debug', + build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: '--min=1650', + config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON -DCURL_DROP_UNUSED=ON', + install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-libssh2' } # MinGW torture - - { build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: '-t --shallow=13 --min=700 1 to 950' , config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-libssh2', type: 'Debug', name: 'schannel U torture 1' } - - { build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: '-t --shallow=13 --min=700 951 to 9999', config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-libssh2', type: 'Debug', name: 'schannel U torture 2' } + - { name: 'schannel U torture 1', type: 'Debug', + build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: '-t --shallow=13 --min=700 1 to 950' , + config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON', + install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-libssh2' } + - { name: 'schannel U torture 2', type: 'Debug', + build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: '-t --shallow=13 --min=700 951 to 9999', + config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON', + install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-libssh2' } # WARNING: libssh uses hard-coded world-writable paths (/etc/..., ~/.ssh/) to # read its configuration from, making it vulnerable to attacks on # Windows. Do not use this component till there is a fix for these. # https://github.com/curl/curl-for-win/blob/3951808deb04df9489ee17430f236ed54436f81a/libssh.sh#L6-L8 - - { build: 'cmake' , sys: 'clang64' , env: 'clang-x86_64' , tflags: '' , config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_GNUTLS=ON -DENABLE_UNICODE=OFF -DUSE_NGTCP2=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON -DCURL_ENABLE_NTLM=ON', install: 'mingw-w64-clang-x86_64-gnutls mingw-w64-clang-x86_64-nghttp3 mingw-w64-clang-x86_64-ngtcp2 mingw-w64-clang-x86_64-libssh', type: 'Debug', name: 'gnutls libssh' } - - { build: 'cmake' , sys: 'clangarm64', env: 'clang-aarch64', tflags: 'skiprun' , config: '-DENABLE_DEBUG=OFF -DBUILD_SHARED_LIBS=ON -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DCURL_DROP_UNUSED=ON', install: 'mingw-w64-clang-aarch64-libssh2', type: 'Release', name: 'schannel R', image: 'windows-11-arm' } - - { build: 'cmake' , sys: 'clang64' , env: 'clang-x86_64' , tflags: 'skiprun' , config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_OPENSSL=ON -DENABLE_UNICODE=OFF -DUSE_NGTCP2=ON', install: 'mingw-w64-clang-x86_64-openssl mingw-w64-clang-x86_64-nghttp3 mingw-w64-clang-x86_64-ngtcp2 mingw-w64-clang-x86_64-libssh2', type: 'Release', name: 'openssl', chkprefill: '_chkprefill' } - - { build: 'cmake' , sys: 'ucrt64' , env: 'ucrt-x86_64' , tflags: 'skiprun' , config: '-DENABLE_DEBUG=OFF -DBUILD_SHARED_LIBS=ON -DCURL_USE_OPENSSL=ON', install: 'mingw-w64-ucrt-x86_64-openssl mingw-w64-ucrt-x86_64-libssh2', type: 'Release', test: 'uwp', name: 'schannel' } - # { build: 'autotools', sys: 'ucrt64' , env: 'ucrt-x86_64' , tflags: 'skiprun' , config: '--without-debug --with-schannel --disable-static', install: 'mingw-w64-ucrt-x86_64-libssh2', type: 'Release', test: 'uwp', name: 'schannel' } - - { build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: 'skiprun' , config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=ON -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DCMAKE_VERBOSE_MAKEFILE=ON', install: 'mingw-w64-x86_64-libssh2', type: 'Debug', cppflags: '-DCURL_SCHANNEL_DEV_DEBUG', name: 'schannel dev debug', image: 'windows-2025' } - - { build: 'cmake' , sys: 'mingw32' , env: 'i686' , tflags: 'skiprun' , config: '-DENABLE_DEBUG=OFF -DBUILD_SHARED_LIBS=ON -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON', install: 'mingw-w64-i686-libssh2', type: 'Release', name: 'schannel R' } + - { name: 'gnutls libssh', type: 'Debug', + build: 'cmake' , sys: 'clang64' , env: 'clang-x86_64' , tflags: '' , + config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_GNUTLS=ON -DENABLE_UNICODE=OFF -DUSE_NGTCP2=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON -DCURL_ENABLE_NTLM=ON', + install: 'mingw-w64-clang-x86_64-gnutls mingw-w64-clang-x86_64-nghttp3 mingw-w64-clang-x86_64-ngtcp2 mingw-w64-clang-x86_64-libssh' } + - { name: 'schannel R', type: 'Release', image: 'windows-11-arm', + build: 'cmake' , sys: 'clangarm64', env: 'clang-aarch64', tflags: 'skiprun' , + config: '-DENABLE_DEBUG=OFF -DBUILD_SHARED_LIBS=ON -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DCURL_DROP_UNUSED=ON', + install: 'mingw-w64-clang-aarch64-libssh2' } + - { name: 'openssl', type: 'Release', chkprefill: '_chkprefill', + build: 'cmake' , sys: 'clang64' , env: 'clang-x86_64' , tflags: 'skiprun' , + config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_OPENSSL=ON -DENABLE_UNICODE=OFF -DUSE_NGTCP2=ON', + install: 'mingw-w64-clang-x86_64-openssl mingw-w64-clang-x86_64-nghttp3 mingw-w64-clang-x86_64-ngtcp2 mingw-w64-clang-x86_64-libssh2' } + - { name: 'schannel', type: 'Release', test: 'uwp', + build: 'cmake' , sys: 'ucrt64' , env: 'ucrt-x86_64' , tflags: 'skiprun' , + config: '-DENABLE_DEBUG=OFF -DBUILD_SHARED_LIBS=ON -DCURL_USE_OPENSSL=ON', + install: 'mingw-w64-ucrt-x86_64-openssl mingw-w64-ucrt-x86_64-libssh2' } + # { name: 'schannel', type: 'Release', test: 'uwp', + # build: 'autotools', sys: 'ucrt64' , env: 'ucrt-x86_64' , tflags: 'skiprun' , + # config: '--without-debug --with-schannel --disable-static', + # install: 'mingw-w64-ucrt-x86_64-libssh2' } + - { name: 'schannel dev debug', type: 'Debug', cppflags: '-DCURL_SCHANNEL_DEV_DEBUG', image: 'windows-2025', + build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: 'skiprun' , + config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=ON -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DCMAKE_VERBOSE_MAKEFILE=ON', + install: 'mingw-w64-x86_64-libssh2' } + - { name: 'schannel R', type: 'Release', + build: 'cmake' , sys: 'mingw32' , env: 'i686' , tflags: 'skiprun' , + config: '-DENABLE_DEBUG=OFF -DBUILD_SHARED_LIBS=ON -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON', + install: 'mingw-w64-i686-libssh2' } fail-fast: false steps: - uses: msys2/setup-msys2@4f806de0a5a7294ffabaff804b38a9b435a73bda # v2.30.0 diff --git a/CMake/PickyWarnings.cmake b/CMake/PickyWarnings.cmake index d53556d0c4..901e2f9aec 100644 --- a/CMake/PickyWarnings.cmake +++ b/CMake/PickyWarnings.cmake @@ -149,7 +149,7 @@ if(PICKY_COMPILER) list(APPEND _picky_enable ${_picky_common_old} -Wconditional-uninitialized # clang 3.0 - -Wno-used-but-marked-unused # clang 2.9 # Triggered by typecheck-gcc.h with clang 14+, dependency headers + -Wno-used-but-marked-unused # clang 2.9 # for typecheck-gcc.h with clang 14+, dependency headers -Wshift-sign-overflow # clang 2.9 -Wshorten-64-to-32 # clang 1.0 -Wformat=2 # clang 2.7 gcc 4.8 @@ -163,8 +163,7 @@ if(PICKY_COMPILER) if(CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 3.1) list(APPEND _picky_enable -Wno-covered-switch-default # clang 3.1 appleclang 3.1 # Annoying to fix or silence - -Wno-disabled-macro-expansion # clang 3.1 appleclang 3.1 # Triggered by standard headers, - # and curl/curl.h (in rare combinations) + -Wno-disabled-macro-expansion # clang 3.1 appleclang 3.1 # for std headers, and curl/curl.h (rare combos) ) if(MSVC) list(APPEND _picky_enable diff --git a/LICENSES/BSD-4-Clause-UC.txt b/LICENSES/BSD-4-Clause-UC.txt index 69edbe3242..0fffd039d8 100644 --- a/LICENSES/BSD-4-Clause-UC.txt +++ b/LICENSES/BSD-4-Clause-UC.txt @@ -1,15 +1,33 @@ BSD-4-Clause (University of California-Specific) -Copyright [various years] The Regents of the University of California. All rights reserved. +Copyright [various years] The Regents of the University of California. +All rights reserved. -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: -1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors. +3. All advertising materials mentioning features or use of this software must + display the following acknowledgement: This product includes software + developed by the University of California, Berkeley and its contributors. -4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. +4. Neither the name of the University nor the names of its contributors may be + used to endorse or promote products derived from this software without + specific prior written permission. -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY +EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/acinclude.m4 b/acinclude.m4 index 73dc052118..8c5aa48f7f 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -1345,7 +1345,8 @@ dnl AC_DEFUN([CURL_TRACE_PCDIR], [ dnl Example pkgconf line: - dnl libpkgconf/pkg.c:746 [pkgconf_pkg_t *pkgconf_pkg_try_specific_path(pkgconf_client_t *, [...]*)]: trying path: /usr/local/lib/pkgconfig for libngtcp2_crypto_gnutls + dnl libpkgconf/pkg.c:746 [pkgconf_pkg_t *pkgconf_pkg_try_specific_path(pkgconf_client_t *, [...]*)]: + dnl trying path: /usr/local/lib/pkgconfig for libngtcp2_crypto_gnutls dnl Rest of strings are for catching classic pkg-config lines. trc=`CURL_EXPORT_PCDIR([$2], [$3]) if test -n "$PKG_CONFIG_LIBDIR"; then @@ -1354,7 +1355,9 @@ AC_DEFUN([CURL_TRACE_PCDIR], [ if test -n "$PKG_CONFIG_PATH"; then echo "PKG_CONFIG_PATH: '$PKG_CONFIG_PATH'" fi - $PKGCONFIG --exists --debug $1 2>&1 | $EGREP '(trying path:|Adding directory|Looking for|Scanning directory|Cannot open directory)' | $SED 's/^.*trying path:/trying path:/'` + $PKGCONFIG --exists --debug $1 2>&1 | \ + $EGREP '(trying path:|Adding directory|Looking for|Scanning directory|Cannot open directory)' | \ + $SED 's/^.*trying path:/trying path:/'` msg=`CURL_EXPORT_PCDIR([$2], [$3]) $PKGCONFIG --exists --print-errors $1 2>&1` if test -n "$msg"; then diff --git a/configure.ac b/configure.ac index 5208a18d75..99ecbce5bc 100644 --- a/configure.ac +++ b/configure.ac @@ -235,7 +235,10 @@ AS_HELP_STRING([--without-ssl], [build without any TLS library]),[ ]) AC_ARG_WITH(openssl,dnl -AS_HELP_STRING([--with-openssl=PATH],[Where to look for OpenSSL, PATH points to the SSL installation (default: /usr/local/ssl); when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]),[ +AS_HELP_STRING([--with-openssl=PATH],[Where to look for OpenSSL, PATH points + to the SSL installation (default: /usr/local/ssl); when possible, set + the PKG_CONFIG_PATH environment variable instead of using this option]), +[ OPT_OPENSSL=$withval if test "x$withval" != "xno"; then TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }OpenSSL" @@ -1512,7 +1515,8 @@ dnl Brotli project home page: https://github.com/google/brotli dnl Default to compiler & linker defaults for BROTLI files & libraries. OPT_BROTLI=off AC_ARG_WITH(brotli,dnl -AS_HELP_STRING([--with-brotli=PATH],[Where to look for brotli, PATH points to the BROTLI installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AS_HELP_STRING([--with-brotli=PATH],[Where to look for brotli, PATH points to the BROTLI installation; + when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) AS_HELP_STRING([--without-brotli], [disable BROTLI]), OPT_BROTLI=$withval) @@ -1609,7 +1613,8 @@ dnl ********************************************************************** dnl Default to compiler & linker defaults for libzstd OPT_ZSTD=off AC_ARG_WITH(zstd,dnl -AS_HELP_STRING([--with-zstd=PATH],[Where to look for libzstd, PATH points to the libzstd installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AS_HELP_STRING([--with-zstd=PATH],[Where to look for libzstd, PATH points to the libzstd installation; + when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) AS_HELP_STRING([--without-zstd], [disable libzstd]), OPT_ZSTD=$withval) @@ -2191,7 +2196,8 @@ dnl ********************************************************************** dnl Default to compiler & linker defaults for LIBPSL files & libraries. OPT_LIBPSL=off AC_ARG_WITH(libpsl,dnl -AS_HELP_STRING([--with-libpsl=PATH],[Where to look for libpsl, PATH points to the LIBPSL installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AS_HELP_STRING([--with-libpsl=PATH],[Where to look for libpsl, PATH points to the LIBPSL installation; + when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) AS_HELP_STRING([--without-libpsl], [disable LIBPSL]), OPT_LIBPSL=$withval) @@ -2263,7 +2269,8 @@ dnl ********************************************************************** OPT_LIBGSASL=no AC_ARG_WITH(libgsasl,dnl -AS_HELP_STRING([--with-libgsasl=PATH],[Where to look for libgsasl, PATH points to the libgsasl installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AS_HELP_STRING([--with-libgsasl=PATH],[Where to look for libgsasl, PATH points to the libgsasl installation; + when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) AS_HELP_STRING([--without-libgsasl], [disable libgsasl support for SCRAM]), OPT_LIBGSASL=$withval) @@ -2336,13 +2343,15 @@ dnl ********************************************************************** dnl Default to compiler & linker defaults for libssh2 files & libraries. OPT_LIBSSH2=off AC_ARG_WITH(libssh2,dnl -AS_HELP_STRING([--with-libssh2=PATH],[Where to look for libssh2, PATH points to the libssh2 installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AS_HELP_STRING([--with-libssh2=PATH],[Where to look for libssh2, PATH points to the libssh2 installation; + when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) AS_HELP_STRING([--with-libssh2], [enable libssh2]), OPT_LIBSSH2=$withval, OPT_LIBSSH2=no) OPT_LIBSSH=off AC_ARG_WITH(libssh,dnl -AS_HELP_STRING([--with-libssh=PATH],[Where to look for libssh, PATH points to the libssh installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AS_HELP_STRING([--with-libssh=PATH],[Where to look for libssh, PATH points to the libssh installation; + when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) AS_HELP_STRING([--with-libssh], [enable libssh]), OPT_LIBSSH=$withval, OPT_LIBSSH=no) @@ -2525,7 +2534,8 @@ clean_LDAP_LDFLAGS=$LDFLAGS clean_LDAP_LIBS=$LIBS OPT_LDAP=off AC_ARG_WITH(ldap, -AS_HELP_STRING([--with-ldap=PATH],[Where to look for LDAP, PATH points to the LDAP installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AS_HELP_STRING([--with-ldap=PATH],[Where to look for LDAP, PATH points to the LDAP installation; + when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) AS_HELP_STRING([--without-ldap], [disable LDAP]), OPT_LDAP=$withval) diff --git a/docs/ECH.md b/docs/ECH.md index 127f0b208e..32beba267e 100644 --- a/docs/ECH.md +++ b/docs/ECH.md @@ -106,13 +106,15 @@ cut-and-paste, e.g.: ```sh dig +short https defo.ie -1 . ipv4hint=213.108.108.101 ech=AED+DQA8PAAgACD8WhlS7VwEt5bf3lekhHvXrQBGDrZh03n/LsNtAodbUAAEAAEAAQANY292ZXIuZGVmby5pZQAA ipv6hint=2a00:c6c0:0:116:5::10 +1 . ipv4hint=213.108.108.101 ech=AED+DQA8PAAgACD8WhlS7VwEt5bf3lekhHvXrQBGDrZh03n/LsNtAodbUAAEAAEAAQANY292ZXIuZGVmby5pZQAA + ipv6hint=2a00:c6c0:0:116:5::10 ``` Then paste the base64 encoded ECHConfigList onto the curl command line: ```sh -LD_LIBRARY_PATH=$HOME/code/openssl ./src/curl --ech ecl:AED+DQA8PAAgACD8WhlS7VwEt5bf3lekhHvXrQBGDrZh03n/LsNtAodbUAAEAAEAAQANY292ZXIuZGVmby5pZQAA https://defo.ie/ech-check.php +LD_LIBRARY_PATH=$HOME/code/openssl ./src/curl --ech ecl:AED+DQA8PAAgACD8WhlS7VwEt5bf3lekhHvXrQBGDrZh03n/LsNtAodbUAAEAAEAAQANY292ZXIuZGVmby5pZQAA \ + https://defo.ie/ech-check.php ... SSL_ECH_STATUS: success good
... @@ -124,7 +126,8 @@ If you paste in the wrong ECHConfigList (it changes hourly for `defo.ie`) you should get an error like this: ```sh -LD_LIBRARY_PATH=$HOME/code/openssl ./src/curl -vvv --ech ecl:AED+DQA8yAAgACDRMQo+qYNsNRNj+vfuQfFIkrrUFmM4vogucxKj/4nzYgAEAAEAAQANY292ZXIuZGVmby5pZQAA https://defo.ie/ech-check.php +LD_LIBRARY_PATH=$HOME/code/openssl ./src/curl -vvv --ech ecl:AED+DQA8yAAgACDRMQo+qYNsNRNj+vfuQfFIkrrUFmM4vogucxKj/4nzYgAEAAEAAQANY292ZXIuZGVmby5pZQAA \ + https://defo.ie/ech-check.php ... * OpenSSL/3.3.0: error:0A00054B:SSL routines::ech required ... @@ -139,9 +142,12 @@ good value, via the `retry_configs` mechanism. You can see that value in the verbose output, e.g.: ```sh -LD_LIBRARY_PATH=$HOME/code/openssl ./src/curl -vvv --ech ecl:AED+DQA8yAAgACDRMQo+qYNsNRNj+vfuQfFIkrrUFmM4vogucxKj/4nzYgAEAAEAAQANY292ZXIuZGVmby5pZQAA https://defo.ie/ech-check.php +LD_LIBRARY_PATH=$HOME/code/openssl ./src/curl -vvv --ech ecl:AED+DQA8yAAgACDRMQo+qYNsNRNj+vfuQfFIkrrUFmM4vogucxKj/4nzYgAEAAEAAQANY292ZXIuZGVmby5pZQAA \ + https://defo.ie/ech-check.php ... -* ECH: retry_configs AQD+DQA8DAAgACBvYqJy+Hgk33wh/ZLBzKSPgwxeop7gvojQzfASq7zeZQAEAAEAAQANY292ZXIuZGVmby5pZQAA/g0APEMAIAAgXkT5r4cYs8z19q5rdittyIX8gfQ3ENW4wj1fVoiJZBoABAABAAEADWNvdmVyLmRlZm8uaWUAAP4NADw2ACAAINXSE9EdXzEQIJZA7vpwCIQsWqsFohZARXChgPsnfI1kAAQAAQABAA1jb3Zlci5kZWZvLmllAAD+DQA8cQAgACASeiD5F+UoSnVoHvA2l1EifUVMFtbVZ76xwDqmMPraHQAEAAEAAQANY292ZXIuZGVmby5pZQAA +* ECH: retry_configs AQD+DQA8DAAgACBvYqJy+Hgk33wh/ZLBzKSPgwxeop7gvojQzfASq7zeZQAEAAEAAQANY292ZXIuZGVmby5pZQAA/g0APEMAIAAgXkT5r4cYs8z19q5rdittyIX + 8gfQ3ENW4wj1fVoiJZBoABAABAAEADWNvdmVyLmRlZm8uaWUAAP4NADw2ACAAINXSE9EdXzEQIJZA7vpwCIQsWqsFohZARXChgPsnfI1kAAQAAQABAA1jb3Zlci5kZWZvLmllAAD+DQA8c + QAgACASeiD5F+UoSnVoHvA2l1EifUVMFtbVZ76xwDqmMPraHQAEAAEAAQANY292ZXIuZGVmby5pZQAA * ECH: retry_configs for defo.ie from cover.defo.ie, 319 ... ``` @@ -453,7 +459,8 @@ In another window: ```sh cd $HOME/code/curl/ -./src/curl -vvv --insecure --connect-to foo.example.com:8443:localhost:8443 --ech ecl:AD7+DQA6uwAgACBix2B78sX+EQhEbxMspDOc8Z3xVS5aQpYP0Cxpc2AWPAAEAAEAAQALZXhhbXBsZS5jb20AAA== +./src/curl -vvv --insecure --connect-to foo.example.com:8443:localhost:8443 \ + --ech ecl:AD7+DQA6uwAgACBix2B78sX+EQhEbxMspDOc8Z3xVS5aQpYP0Cxpc2AWPAAEAAEAAQALZXhhbXBsZS5jb20AAA== ``` ### Automated use of `retry_configs` not supported so far... diff --git a/docs/FAQ.md b/docs/FAQ.md index f3f07220cb..830b5108f8 100644 --- a/docs/FAQ.md +++ b/docs/FAQ.md @@ -886,8 +886,7 @@ packet sent three seconds after the first and the third six seconds after the second. No more than three packets are sent, no matter how long the timeout is set. -See option `TcpMaxConnectRetransmissions` on [this -page](https://support.microsoft.com/topic/hotfix-enables-the-configuration-of-the-tcp-maximum-syn-retransmission-amount-in-windows-7-or-windows-server-2008-r2-1b6f8352-2c5f-58bb-ead7-2cf021407c8e). +See Windows option `TcpMaxConnectRetransmissions` for more. Also, even on non-Windows systems there may run a firewall or anti-virus software or similar that accepts the connection but does not actually do diff --git a/docs/HTTP3.md b/docs/HTTP3.md index a3db0253ff..41b1a3fbc1 100644 --- a/docs/HTTP3.md +++ b/docs/HTTP3.md @@ -78,7 +78,8 @@ Build ngtcp2: % cd ngtcp2 % autoreconf -fi # Change --with-openssl to --with-boringssl for AWS-LC and BoringSSL - % ./configure PKG_CONFIG_PATH=/path/to/openssl/lib/pkgconfig:/path/to/nghttp3/lib/pkgconfig LDFLAGS="-Wl,-rpath,/path/to/openssl/lib" --prefix=/path/to/ngtcp2 --enable-lib-only --with-openssl + % ./configure PKG_CONFIG_PATH=/path/to/openssl/lib/pkgconfig:/path/to/nghttp3/lib/pkgconfig LDFLAGS="-Wl,-rpath,/path/to/openssl/lib" \ + --prefix=/path/to/ngtcp2 --enable-lib-only --with-openssl % make % make install @@ -88,7 +89,8 @@ Build curl (with autotools): % git clone https://github.com/curl/curl % cd curl % autoreconf -fi - % ./configure PKG_CONFIG_PATH=/path/to/openssl/lib/pkgconfig LDFLAGS="-Wl,-rpath,/path/to/openssl/lib" --with-openssl=/path/to/openssl --with-ngtcp2=/path/to/ngtcp2 --with-nghttp3=/path/to/nghttp3 + % ./configure PKG_CONFIG_PATH=/path/to/openssl/lib/pkgconfig LDFLAGS="-Wl,-rpath,/path/to/openssl/lib" \ + --with-openssl=/path/to/openssl --with-ngtcp2=/path/to/ngtcp2 --with-nghttp3=/path/to/nghttp3 % make % make install @@ -97,7 +99,8 @@ Build curl (with CMake): % cd .. % git clone https://github.com/curl/curl % cd curl - % PKG_CONFIG_PATH=/path/to/openssl/lib/pkgconfig:/path/to/ngtcp2/lib/pkgconfig:/path/to/nghttp3/lib/pkgconfig cmake -B bld -DOPENSSL_ROOT_DIR=/path/to/openssl -DUSE_NGTCP2=ON + % PKG_CONFIG_PATH=/path/to/openssl/lib/pkgconfig:/path/to/ngtcp2/lib/pkgconfig:/path/to/nghttp3/lib/pkgconfig cmake -B bld \ + -DOPENSSL_ROOT_DIR=/path/to/openssl -DUSE_NGTCP2=ON % cmake --build bld ## Build with GnuTLS @@ -128,7 +131,8 @@ Build ngtcp2: % git clone -b $NGTCP2_VERSION https://github.com/ngtcp2/ngtcp2 % cd ngtcp2 % autoreconf -fi - % ./configure PKG_CONFIG_PATH=/path/to/gnutls/lib/pkgconfig:/path/to/nghttp3/lib/pkgconfig LDFLAGS="-Wl,-rpath,/path/to/gnutls/lib" --prefix=/path/to/ngtcp2 --enable-lib-only --with-gnutls + % ./configure PKG_CONFIG_PATH=/path/to/gnutls/lib/pkgconfig:/path/to/nghttp3/lib/pkgconfig LDFLAGS="-Wl,-rpath,/path/to/gnutls/lib" \ + --prefix=/path/to/ngtcp2 --enable-lib-only --with-gnutls % make % make install @@ -178,7 +182,8 @@ Build ngtcp2: % git clone -b $NGTCP2_VERSION https://github.com/ngtcp2/ngtcp2 % cd ngtcp2 % autoreconf -fi - % ./configure PKG_CONFIG_PATH=/path/to/wolfssl/lib/pkgconfig:/path/to/nghttp3/lib/pkgconfig LDFLAGS="-Wl,-rpath,/path/to/wolfssl/lib" --prefix=/path/to/ngtcp2 --enable-lib-only --with-wolfssl + % ./configure PKG_CONFIG_PATH=/path/to/wolfssl/lib/pkgconfig:/path/to/nghttp3/lib/pkgconfig LDFLAGS="-Wl,-rpath,/path/to/wolfssl/lib" \ + --prefix=/path/to/ngtcp2 --enable-lib-only --with-wolfssl % make % make install @@ -225,7 +230,8 @@ Build curl: % git clone https://github.com/curl/curl % cd curl % autoreconf -fi - % ./configure LDFLAGS="-Wl,-rpath,$PWD/../quiche/target/release" --with-openssl=$PWD/../quiche/quiche/deps/boringssl/src --with-quiche=$PWD/../quiche/target/release + % ./configure LDFLAGS="-Wl,-rpath,$PWD/../quiche/target/release" \ + --with-openssl=$PWD/../quiche/quiche/deps/boringssl/src --with-quiche=$PWD/../quiche/target/release % make % make install @@ -323,7 +329,9 @@ Get, build and install nghttp2: % git clone https://github.com/nghttp2/nghttp2 % cd nghttp2 % autoreconf -fi - % PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/home/daniel/build-quictls/lib/pkgconfig:/home/daniel/build-nghttp3/lib/pkgconfig:/home/daniel/build-ngtcp2/lib/pkgconfig LDFLAGS=-L/home/daniel/build-quictls/lib CFLAGS=-I/home/daniel/build-quictls/include ./configure --enable-maintainer-mode --prefix=/home/daniel/build-nghttp2 --disable-shared --enable-app --enable-http3 --without-jemalloc --without-libxml2 --without-systemd + % PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/path/to/quictls/lib/pkgconfig:/path/to/nghttp3/lib/pkgconfig:/path/to/ngtcp2/lib/pkgconfig \ + LDFLAGS=-L/path/to/quictls/lib CFLAGS=-I/path/to/quictls/include ./configure --enable-maintainer-mode \ + --prefix=/path/to/nghttp2 --disable-shared --enable-app --enable-http3 --without-jemalloc --without-libxml2 --without-systemd % make && make install Run the local h3 server on port 9443, make it proxy all traffic through to @@ -332,7 +340,7 @@ exists in curl's test dir. % CERT=/path/to/stunnel.pem % $HOME/bin/nghttpx $CERT $CERT --backend=localhost,80 \ - --frontend="localhost,9443;quic" + --frontend="localhost,9443;quic" ### Caddy diff --git a/docs/INSTALL-CMAKE.md b/docs/INSTALL-CMAKE.md index 7b50151f4b..7bbc27749e 100644 --- a/docs/INSTALL-CMAKE.md +++ b/docs/INSTALL-CMAKE.md @@ -254,7 +254,8 @@ target_link_libraries(my_target PRIVATE CURL::libcurl) - `CURL_CA_FALLBACK`: Use built-in CA store of OpenSSL. Default: `OFF` - `CURL_CA_NATIVE`: Use native CA store. Default: `OFF` Supported by GnuTLS, OpenSSL (including forks) on Windows, wolfSSL. -- `CURL_CA_PATH`: Absolute path to a directory containing CA certificates stored individually. Set `none` to disable or `auto` for auto-detection. Default: `auto` +- `CURL_CA_PATH`: Absolute path to a directory containing CA certificates stored individually. + Set `none` to disable or `auto` for auto-detection. Default: `auto` - `CURL_CA_SEARCH_SAFE`: Enable safe CA bundle search (within the curl tool directory) on Windows. Default: `OFF` ## Enabling features @@ -347,18 +348,21 @@ Details via CMake ## Dependencies - `CURL_BROTLI`: Use brotli (`ON`, `OFF` or `AUTO`). Default: `AUTO` -- `CURL_USE_CMAKECONFIG`: Enable detecting dependencies via CMake Config. Default: `ON` for MSVC (except under vcpkg), if not cross-compiling. (experimental) +- `CURL_USE_CMAKECONFIG`: Enable detecting dependencies via CMake Config. + Default: `ON` for MSVC (except under vcpkg), if not cross-compiling. (experimental) - `CURL_USE_GNUTLS`: Enable GnuTLS for SSL/TLS. Default: `OFF` - `CURL_USE_GSASL`: Use libgsasl. Default: `OFF` - `CURL_USE_GSSAPI`: Use GSSAPI implementation. Default: `OFF` -- `CURL_USE_LIBBACKTRACE`: Use [libbacktrace](https://github.com/ianlancetaylor/libbacktrace). Requires debug-enabled build and DWARF debug information. Default: `OFF` +- `CURL_USE_LIBBACKTRACE`: Use [libbacktrace](https://github.com/ianlancetaylor/libbacktrace). + Requires debug-enabled build and DWARF debug information. Default: `OFF` - `CURL_USE_LIBPSL`: Use libpsl. Default: `ON` - `CURL_USE_LIBSSH2`: Use libssh2. Default: `ON` - `CURL_USE_LIBSSH`: Use libssh. Default: `OFF` - `CURL_USE_LIBUV`: Use libuv for event-based tests. Default: `OFF` - `CURL_USE_MBEDTLS`: Enable mbedTLS for SSL/TLS. Default: `OFF` - `CURL_USE_OPENSSL`: Enable OpenSSL for SSL/TLS. Default: `ON` if no other TLS backend was enabled. -- `CURL_USE_PKGCONFIG`: Enable `pkg-config` to detect dependencies. Default: `ON` for Unix (except Android, Apple devices), vcpkg, MinGW if not cross-compiling. +- `CURL_USE_PKGCONFIG`: Enable `pkg-config` to detect dependencies. + Default: `ON` for Unix (except Android, Apple devices), vcpkg, MinGW if not cross-compiling. - `CURL_USE_RUSTLS`: Enable Rustls for SSL/TLS. Default: `OFF` - `CURL_USE_SCHANNEL`: Enable Windows native SSL/TLS (Schannel). Default: `OFF` - `CURL_USE_WOLFSSL`: Enable wolfSSL for SSL/TLS. Default: `OFF` @@ -378,13 +382,16 @@ Details via CMake - `OPENSSL_ROOT_DIR`: Absolute path to the root installation of OpenSSL (and forks). - `OPENSSL_INCLUDE_DIR`: Absolute path to OpenSSL include directory. -- `OPENSSL_SSL_LIBRARY`: Absolute path to `ssl` library. With MSVC, CMake uses variables `SSL_EAY_DEBUG`/`SSL_EAY_RELEASE` instead. -- `OPENSSL_CRYPTO_LIBRARY`: Absolute path to `crypto` library. With MSVC, CMake uses variables `LIB_EAY_DEBUG`/`LIB_EAY_RELEASE` instead. +- `OPENSSL_SSL_LIBRARY`: Absolute path to `ssl` library. + With MSVC, CMake uses variables `SSL_EAY_DEBUG`/`SSL_EAY_RELEASE` instead. +- `OPENSSL_CRYPTO_LIBRARY`: Absolute path to `crypto` library. + With MSVC, CMake uses variables `LIB_EAY_DEBUG`/`LIB_EAY_RELEASE` instead. - `OPENSSL_USE_STATIC_LIBS`: Look for static OpenSSL libraries. - `ZLIB_INCLUDE_DIR`: Absolute path to zlib include directory. - `ZLIB_LIBRARY`: Absolute path to `zlib` library. - `ZLIB_USE_STATIC_LIBS`: Look for static `zlib` library (requires CMake v3.24). -- `_DIR`: Absolute path to `` CMake Config directory where `*.cmake` files reside. Used when `CURL_USE_CMAKECONFIG` is enabled. +- `_DIR`: Absolute path to `` CMake Config directory where `*.cmake` files reside. + Used when `CURL_USE_CMAKECONFIG` is enabled. `` may be: `Libssh2`, `MbedTLS`, `NGHTTP2`, `NGHTTP3`, `NGTCP2` 1.19.0+ (with non-fork OpenSSL only), diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 790727100a..fb5e5ccbb8 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -221,7 +221,8 @@ understanding if you are not going to follow the advice given above. - [How To Use the C Runtime](https://learn.microsoft.com/troubleshoot/developer/visualstudio/cpp/libraries/use-c-run-time) - [Runtime Library Compiler Options](https://learn.microsoft.com/cpp/build/reference/md-mt-ld-use-run-time-library) -- [Potential Errors Passing CRT Objects Across DLL Boundaries](https://learn.microsoft.com/cpp/c-runtime-library/potential-errors-passing-crt-objects-across-dll-boundaries) +- [Potential Errors Passing CRT Objects + Across DLL Boundaries](https://learn.microsoft.com/cpp/c-runtime-library/potential-errors-passing-crt-objects-across-dll-boundaries) If your app is misbehaving in some strange way, or it is suffering from memory corruption, before asking for further help, please try first to rebuild every diff --git a/docs/wcurl.md b/docs/wcurl.md index 05f312f958..f0ed42baf2 100644 --- a/docs/wcurl.md +++ b/docs/wcurl.md @@ -127,7 +127,10 @@ Download a file passing the **--progress-bar** and **--http2** flags to curl: **wcurl --curl-options="--progress-bar --http2" example.com/filename.txt** -* Resume from an interrupted download. The options necessary to resume the download (`--clobber --continue-at -`) must be the **last** options specified in `--curl-options`. Note that the only way to resume interrupted downloads is to allow wcurl to overwrite the destination file: +Resume from an interrupted download. The options necessary to resume the download +(`--clobber --continue-at -`) must be the **last** options specified in `--curl-options`. +Note that the only way to resume interrupted downloads is to allow wcurl to overwrite +the destination file: **wcurl --curl-options="--clobber --continue-at -" example.com/filename.txt** diff --git a/lib/Makefile.am b/lib/Makefile.am index 0fa4d781a4..d02bf02250 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -175,7 +175,8 @@ endif tidy: (_csources=`echo ' $(CSOURCES)' | sed -E -e 's/ +$$//' -e 's/ +/ /g' -e 's| | $(srcdir)/|g'`; \ - @CLANG_TIDY@ --config-file=$(top_srcdir)/.clang-tidy.yml $(TIDYFLAGS) $(CURL_CLANG_TIDYFLAGS) $$_csources -- $(AM_CPPFLAGS) $(CPPFLAGS) -DHAVE_CONFIG_H $(_tidy_cflags)) + @CLANG_TIDY@ --config-file=$(top_srcdir)/.clang-tidy.yml $(TIDYFLAGS) $(CURL_CLANG_TIDYFLAGS) $$_csources \ + -- $(AM_CPPFLAGS) $(CPPFLAGS) -DHAVE_CONFIG_H $(_tidy_cflags)) optiontable: @PERL@ $(srcdir)/optiontable.pl $(top_srcdir)/include/curl/curl.h > $(srcdir)/easyoptions.c diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4 index 5519d48e6f..9fce552515 100644 --- a/m4/curl-compilers.m4 +++ b/m4/curl-compilers.m4 @@ -856,7 +856,7 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [ if test "$compiler_num" -ge "209"; then tmp_CFLAGS="$tmp_CFLAGS -Wno-sign-conversion" tmp_CFLAGS="$tmp_CFLAGS -Wno-padded" # Not used because we cannot change public structs - tmp_CFLAGS="$tmp_CFLAGS -Wno-used-but-marked-unused" # Triggered by typecheck-gcc.h with clang 14+, dependency headers + tmp_CFLAGS="$tmp_CFLAGS -Wno-used-but-marked-unused" # for typecheck-gcc.h with clang 14+, dependency headers CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [shift-sign-overflow]) fi # @@ -869,7 +869,7 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [ if test "$compiler_num" -ge "301"; then CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [format-non-iso]) tmp_CFLAGS="$tmp_CFLAGS -Wno-covered-switch-default" # Annoying to fix or silence - tmp_CFLAGS="$tmp_CFLAGS -Wno-disabled-macro-expansion" # Triggered by standard headers, and curl/curl.h (in rare combinations) + tmp_CFLAGS="$tmp_CFLAGS -Wno-disabled-macro-expansion" # for std headers, and curl/curl.h (rare combos) fi # dnl Only clang 3.2 or later diff --git a/scripts/mk-ca-bundle.pl b/scripts/mk-ca-bundle.pl index c2baaf1195..86e3f741f9 100755 --- a/scripts/mk-ca-bundle.pl +++ b/scripts/mk-ca-bundle.pl @@ -173,7 +173,9 @@ sub HELP_MESSAGE() { print "\t-l\tprint license info about certdata.txt\n"; print "\t-m\tinclude meta data in output\n"; print "\t-n\tno download of certdata.txt (to use existing)\n"; - print wrap("\t","\t\t", "-p\tlist of Mozilla trust purposes and levels for certificates to include in output. Takes the form of a comma separated list of purposes, a colon, and a comma separated list of levels. (default: $default_mozilla_trust_purposes:$default_mozilla_trust_levels)"), "\n"; + print wrap("\t","\t\t", "-p\tlist of Mozilla trust purposes and levels for certificates to include in output. " . + "Takes the form of a comma separated list of purposes, a colon, and a comma separated list of levels. " . + "(default: $default_mozilla_trust_purposes:$default_mozilla_trust_levels)"), "\n"; print "\t\t Valid purposes are:\n"; print wrap("\t\t ","\t\t ", join(", ", "ALL", @valid_mozilla_trust_purposes)), "\n"; print "\t\t Valid levels are:\n"; diff --git a/scripts/spacecheck.pl b/scripts/spacecheck.pl index d23bf9bd07..646487aed5 100755 --- a/scripts/spacecheck.pl +++ b/scripts/spacecheck.pl @@ -27,24 +27,33 @@ use strict; use warnings; my @tabs = ( - "^m4/zz40-xc-ovr.m4", - "Makefile\\.(am|example)\$", - "\\.sln\$", - "^tests/data/data1706-stdout.txt", - "^tests/data/test", + '^m4/zz40-xc-ovr\.m4$', + 'Makefile\.(am|example)$', + '\.sln$', + '^tests/data/data1706-stdout\.txt', + '^tests/data/test', ); my @need_crlf = ( - "\\.(bat|sln)\$", + '\.(bat|sln)$', ); my @double_empty_lines = ( - "RELEASE-NOTES", - "^lib/.+\\.(c|h)\$", - "^projects/OS400", - "^projects/vms", - "^tests/data/test", - "\\.(m4|py)\$", + '^RELEASE-NOTES$', + '^lib/.+\.(c|h)$', + '^projects/OS400/', + '^projects/vms/', + '^tests/data/test', + '\.(m4|py)$', +); + +my @longline = ( + '\.github/workflows/windows\.yml$', + '^renovate\.json$', + '^docs/DISTROS\.md$', + '^projects/Windows/tmpl/.+\.vcxproj$', + '^tests/certs/srp-verifier-', + '^tests/data/test', ); my @non_ascii_allowed = ( @@ -54,12 +63,12 @@ my @non_ascii_allowed = ( my $non_ascii_allowed = join(', ', @non_ascii_allowed); my @non_ascii = ( - ".github/scripts/pyspelling.words", - ".mailmap", - "RELEASE-NOTES", - "docs/BINDINGS.md", - "docs/THANKS", - "docs/THANKS-filter", + '^\.github/scripts/pyspelling\.words$', + '^\.mailmap$', + '^RELEASE-NOTES$', + '^docs/BINDINGS\.md$', + '^docs/THANKS$', + '^docs/THANKS-filter$', ); sub fn_match { @@ -80,19 +89,19 @@ sub eol_detect { my $lf = () = $content =~ /\n/g; if($cr > 0 && $lf == 0) { - return "cr"; + return 'cr'; } elsif($cr == 0 && $lf > 0) { - return "lf"; + return 'lf'; } elsif($cr == 0 && $lf == 0) { - return "bin"; + return 'bin'; } elsif($cr == $lf) { - return "crlf"; + return 'crlf'; } - return ""; + return ''; } my $issues = 0; @@ -109,23 +118,23 @@ while(my $filename = <$git_ls_files>) { if(!fn_match($filename, @tabs) && $content =~ /\t/) { - push @err, "content: has tab"; + push @err, 'content: has tab'; } my $eol = eol_detect($content); - if($eol eq "") { - push @err, "content: has mixed EOL types"; + if($eol eq '') { + push @err, 'content: has mixed EOL types'; } - if($eol ne "crlf" && + if($eol ne 'crlf' && fn_match($filename, @need_crlf)) { - push @err, "content: must use CRLF EOL for this file type"; + push @err, 'content: must use CRLF EOL for this file type'; } - if($eol ne "lf" && $content ne "" && + if($eol ne 'lf' && $content ne '' && !fn_match($filename, @need_crlf)) { - push @err, "content: must use LF EOL for this file type"; + push @err, 'content: must use LF EOL for this file type'; } if($content =~ /[ \t]\n/) { @@ -138,14 +147,14 @@ while(my $filename = <$git_ls_files>) { } } - if($content ne "" && + if($content ne '' && $content !~ /\n\z/) { - push @err, "content: has no EOL at EOF"; + push @err, 'content: has no EOL at EOF'; } if($content =~ /\n\n\z/ || $content =~ /\r\n\r\n\z/) { - push @err, "content: has multiple EOL at EOF"; + push @err, 'content: has multiple EOL at EOF'; } if((!fn_match($filename, @double_empty_lines) && @@ -159,7 +168,7 @@ while(my $filename = <$git_ls_files>) { $line++; if($l =~ /^$/) { if($blank) { - my $lineno = sprintf("duplicate empty line @ line %d", $line); + my $lineno = sprintf('duplicate empty line @ line %d', $line); push @err, $lineno; } $blank = 1; @@ -170,13 +179,33 @@ while(my $filename = <$git_ls_files>) { } } + if(!fn_match($filename, @longline)) { + my $line = 0; + my $max = 192; + for my $l (split(/\n/, $content)) { + $line++; + if(length($l) > $max) { + push @err, sprintf('line %d: long (%d > %d) line', $line, length($l), $max); + } + } + } + + my $line = 0; + my $max = 79; + for my $l (split(/\n/, $content)) { + $line++; + if($l =~ /( {$max,})/) { + push @err, sprintf('line %d: repeat spaces (%d > %d)', $line, length($1), $max); + } + } + my $search = $content; my $linepos = 0; - while($search =~ / "\n *" /) { + while($search =~ /[^ ] "\n *" [^ ]/) { my $part = substr($search, 0, $+[0]); $search = substr($search, $+[0]); my $line = ($part =~ tr/\n//); - push @err, sprintf("line %d: double spaces in folded string", $linepos + $line); + push @err, sprintf('line %d: double spaces in folded string', $linepos + $line); $linepos += $line; } @@ -201,7 +230,7 @@ while(my $filename = <$git_ls_files>) { } if($content =~ /([\x00-\x08\x0b\x0c\x0e-\x1f\x7f])/) { - push @err, "content: has binary contents"; + push @err, 'content: has binary contents'; } if($filename !~ /tests\/data/) { @@ -214,7 +243,7 @@ while(my $filename = <$git_ls_files>) { my $non = $1; my $hex; for my $e (split(//, $non)) { - $hex .= sprintf("%s%02x", $hex ? " ": "", ord($e)); + $hex .= sprintf('%s%02x', $hex ? ' ': '', ord($e)); } my $line; for my $l (split(/\n/, $content)) { diff --git a/src/Makefile.am b/src/Makefile.am index 807f84e30c..77dbbe26e9 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -226,7 +226,8 @@ endif tidy: $(HUGE) $(CA_EMBED_CSOURCE) (_curl_cfiles=`echo ' $(CURL_CFILES)' | sed -e 's/ +/ /g' -e 's| | $(srcdir)/|g'`; \ - @CLANG_TIDY@ --config-file=$(top_srcdir)/.clang-tidy.yml $(TIDYFLAGS) $(CURL_CLANG_TIDYFLAGS) $$_curl_cfiles $(curl_cfiles_gen) -- $(curl_CPPFLAGS) $(CPPFLAGS) $(AM_CPPFLAGS) -DHAVE_CONFIG_H $(_tidy_cflags)) + @CLANG_TIDY@ --config-file=$(top_srcdir)/.clang-tidy.yml $(TIDYFLAGS) $(CURL_CLANG_TIDYFLAGS) $$_curl_cfiles $(curl_cfiles_gen) \ + -- $(curl_CPPFLAGS) $(CPPFLAGS) $(AM_CPPFLAGS) -DHAVE_CONFIG_H $(_tidy_cflags)) listhelp: (cd $(top_srcdir)/docs/cmdline-opts && make listhelp) diff --git a/tests/libtest/lib557.c b/tests/libtest/lib557.c index 3261670231..c31da947ab 100644 --- a/tests/libtest/lib557.c +++ b/tests/libtest/lib557.c @@ -1404,14 +1404,26 @@ static int test_float_formatting(void) /* check negative width argument when used signed, is treated as positive and maxes out the internal float width == 325 */ curl_msnprintf(buf, sizeof(buf), "%*f", INT_MIN, 9.1); - errors += string_check(buf, "9.100000 "); + errors += string_check(buf, "9.100000 " + " " + " " + " " + " "); /* curl_msnprintf() limits a single float output to 325 bytes maximum width */ curl_msnprintf(buf, sizeof(buf), "%*f", (1 << 30), 9.1); - errors += string_check(buf, " 9.100000"); + errors += string_check(buf, " " + " " + " " + " " + " 9.100000"); curl_msnprintf(buf, sizeof(buf), "%100000f", 9.1); - errors += string_check(buf, " 9.100000"); + errors += string_check(buf, " " + " " + " " + " " + " 9.100000"); curl_msnprintf(buf, sizeof(buf), "%f", MAXIMIZE); errors += strlen_check(buf, 317); diff --git a/tests/test1119.pl b/tests/test1119.pl index 9561f701ab..796a2816ca 100755 --- a/tests/test1119.pl +++ b/tests/test1119.pl @@ -105,13 +105,18 @@ sub scanallheaders { sub checkmanpage { my ($m) = @_; + # detect global-looking 'CURL[BLABLA]_*' symbols + my $global_pat = '\W(CURL(AUTH|E|H|MOPT|OPT|SHOPT|UE|M|SSH|SSLBACKEND|HEADER|FORM|FTP|PIPE|MIMEOPT|GSSAPI|' . + 'ALTSVC|PROTO|PROXY|UPART|USESSL|_READFUNC|_WRITEFUNC|_CSELECT|_FORMADD|_IPRESOLVE|_REDIR|_RTSPREQ|'. + '_TIMECOND|_VERSION)_[a-zA-Z0-9_]+)'; + my $global_re = qr/$global_pat/; + open(my $mh, "<", $m); my $line = 1; while(<$mh>) { # strip off formatting $_ =~ s/(^|[^A-Z0-9])[*_]+/ /; - # detect global-looking 'CURL[BLABLA]_*' symbols - while(s/\W(CURL(AUTH|E|H|MOPT|OPT|SHOPT|UE|M|SSH|SSLBACKEND|HEADER|FORM|FTP|PIPE|MIMEOPT|GSSAPI|ALTSVC|PROTO|PROXY|UPART|USESSL|_READFUNC|_WRITEFUNC|_CSELECT|_FORMADD|_IPRESOLVE|_REDIR|_RTSPREQ|_TIMECOND|_VERSION)_[a-zA-Z0-9_]+)//) { + while(s/$global_re//) { my $s = $1; # skip two "special" ones if($s !~ /(^(CURLE_OBSOLETE|CURLOPT_TEMPLATE))|_$/) {