Exclude test data files (4 of them) based on existing feature tags:
`codeset-utf8` and `Unicode`.
Add the new keyword `non-ascii` to mark remaining exceptions (9 files).
Follow-up to 838dc53bb7#17247Closes#17329
Since the test servers are not built with libcurl the *printf code
needed to get built separately, and they are not in the curlx
collection.
snprintf() is provided in all modern systems these days.
Move curlx functions from lib/strerror.c to lib/curlx/winapi.c
Assisted-by: Viktor Szakats
Closes#17294
When cancelling a threaded resolve and the thread is
still running, detach from it under the mutex lock.
Otherwise, the detach might happen after the thread finished
and access already freed memory.
Fixes#17256
Reported-by: Mathieu Garaud
Closes#17320
The offical Firefox source code has moved to GitHub:
https://github.com/mozilla-firefox/firefox
This change adjusts to the new URLs. The old branches nss and central
are not provided so they are removed and the new 'autoland' is added.
Closes#17321
- Clarify that the ssl_version in MultiSSL builds contains all SSL
backend names with the inactive backend names in parentheses.
Closes https://github.com/curl/curl/pull/17308
- add more unusual input cases
- add a valid non-http protocol
- fix tests so an input that should be stripped but isn't is a failure
- fix detection of when stripcredentials() would be available to test
- avoid using a NULL pointer
Closes#17304
Drop the interim macro `PRESERVE_WINDOWS_ERROR_CODE` and always preserve
error code for `_WIN32`. To make sure this is always done in
`curlx_winapi_strerror()`.
Follow-up to c74d3e10d2#17299Closes#17302
It is not provided as a curlx function so should not be used outside of
libcurl.
I strongly suspect that no system we build the test suite on lack strdup
so this will not cause any harm.
The private version was added in b0936b8007 for Ultrix.
Closes#17297
It was not a function properly exposed in the curlx set. SMB cannot
possibly need to send a real pid, now sends a made up number.
The only real users of this function are test servers, so move the logic
over there.
Closes#17298
Tests with old cmake are slow. (no Ninja, no unity, and running slower
than recent versions.)
It also revealed that 3.7.2 2017-01-13 is too old to consume curl via
`find_package()` due to:
```
CMake Error at bld-curl/_pkg/lib/cmake/CURL/CURLConfig.cmake:69 (add_library):
add_library cannot create ALIAS target "CURL::libcurl" because target
"CURL::libcurl_shared" is IMPORTED.
Call Stack (most recent call first):
CMakeLists.txt:48 (find_package)
CMake Error at bld-curl/_pkg/lib/cmake/CURL/CURLConfig.cmake:69 (add_library):
add_library cannot create ALIAS target "CURL::libcurl" because target
"CURL::libcurl_shared" is IMPORTED.
Call Stack (most recent call first):
CMakeLists.txt:49 (find_package)
```
The mitigation for this issue requires 3.11.
Also:
- rename a few existing envs to use the `TEST_` prefix.
- make the `find_package` test provider stage verbose.
- fix issue when consuming with cmake 3.7.2 (all platforms):
```
CMake Error at /home/runner/cmake-3.7.2-Linux-x86_64/share/cmake-3.7/Modules/CMakeFindDependencyMacro.cmake:25 (message):
Invalid arguments to find_dependency. VERSION is empty
Call Stack (most recent call first):
bld-curl/_pkg/lib/cmake/CURL/CURLConfig.cmake:52 (find_dependency)
CMakeLists.txt:48 (find_package)
```
Ref: https://github.com/curl/curl/actions/runs/14906066962/job/41868621979?pr=17293#step:9:1199Closes#17293
The limit is 5000 headers in a single transfer. To avoid problems caused
by mistakes or malice.
Add test 747 to verify
Reported-by: wolfsage on hackerone
Closes#17281
The pedantic level is experimental. If it causes issues, we may just
disable it alongside the ignore comments.
Also:
- silence error:
```
INFO audit: zizmor: completed label.yml
error[dangerous-triggers]: use of fundamentally insecure workflow trigger
--> label.yml:13:1
|
13 | 'on': [pull_request_target]
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^ pull_request_target is almost always used insecurely
|
= note: audit confidence -> Medium
```
- fix pedantic warning:
```
INFO audit: zizmor: completed label.yml
warning[excessive-permissions]: overly broad permissions
--> label.yml:1:1
... |
24 | | with:
25 | | repo-token: '${{ secrets.GITHUB_TOKEN }}'
| |____________________________________________________- default permissions used due to no permissions: block
|
= note: audit confidence -> Medium
```
- silence `template-injection` false positives like:
```
- note: ${{ matrix.build.torture && 'test-torture' || 'test-ci' }} may expand into attacker-controllable code
- note: ${{ contains(matrix.build.install_steps, 'pytest') && 'caddy httpd vsftpd' || '' }} may expand into attacker-controllable code
```
It doesn't seem like these could be controlled by an attacker.
Let me know if I'm missing something.
Closes#17278
Move `struct smtp_conn` and `struct STMP` into the meta data at easy
handle/connection. Remove it from the unions at connectdata and request.
Closes#17257
