[pull] master from curl:master #163
Open
+15,792
−12,536
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
rather than the defo-project fork. Closes #17251
Remove member of conn->proto union. Closes #17224
Use connection meta hash for state struct instead of union pointer at connectdata. Closes #17235
- remove data->req.p.ftp and store `struct FTP` as easy meta data - place `struct ftp_conn` instance in connection meta data Closes #17249
Keep the pop3 related protocol information in the meta hashes at easy handle and connection. Move the struct definitions inside pop3.c Closes #17236
Keep RTMP* instance at connection meta hash. Closes #17237
Keep easy/connection related protoocl structs in the meta hash instead of the unions at request and connectdata. Closes #17238
Remove the connectdata proto and data->req.p member for rtsp and manage the structs as meta data at easy handle/connection. Closes #17254
- unit tests need no tool code as they are libcurl unit tests - unit test 1621 is now tunit test 1621 instead, as it tests tool code - build unit tests with BUILDING_LIBCURL as they pretent to be libcurl Closes #17259
- Do not include curlinfo.c as a ClCompile unit when compiling the curl tool. Prior to this change generate.bat would add curlinfo.c to the source files for the curl tool because it is located in the src directory. That caused ambiguous behavior in legacy versions of Visual Studio which had to guess between two main entry points (one in curlinfo and one in tool_main, the latter being correct). Closes #17263
To avoid adding this macro to the global `CURL_DEBUG_MACROS` variable, which may be used for targets defined after unit tests, and where this macro may not be necessary. As of this commit unit tests are defined last, so extending the global variable did not cause any issue. Follow-up to 220eda3 #17259 Closes #17264
Remove the imap protocol structs from connectdata->proto union and data->req.p and use the easy handle/connection meta hash for keeping them. Closes #17261
Move curlx_ functions into its own subdir. The idea is to use the curlx_ prefix proper on these functions, and use these same function names both in tool, lib and test suite source code. Stop the previous special #define setup for curlx_ names. The printf defines are now done for the library alone. Tests no longer use the printf defines. The tool code sets its own defines. The printf functions are not curlx, they are publicly available. The strcase defines are not curlx_ functions and should not be used by tool or server code. dynbuf, warnless, base64, strparse, timeval, timediff are now proper curlx functions. When libcurl is built statically, the functions from the library can be used as-is. The key is then that the functions must work as-is, without having to be recompiled for use in tool/tests. This avoids symbol collisions - when libcurl is built statically, we use those functions directly when building the tool/tests. When libcurl is shared, we build/link them separately for the tool/tests. Assisted-by: Jay Satiro Closes #17253
Where NULL pointers are not acceptable input. Closes #17268
Move `struct smtp_conn` and `struct STMP` into the meta data at easy handle/connection. Remove it from the unions at connectdata and request. Closes #17257
Spotted by Coverity Closes #17274
Removing the member of data->req.p Closes #17269
A dynbuf that never gets populated might return a NULL, and Coverity could find a way through like that. Closes #17275
Found by zizmor. Closes #17277
The pedantic level is experimental. If it causes issues, we may just
disable it alongside the ignore comments.
Also:
- silence error:
```
INFO audit: zizmor: completed label.yml
error[dangerous-triggers]: use of fundamentally insecure workflow trigger
--> label.yml:13:1
|
13 | 'on': [pull_request_target]
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^ pull_request_target is almost always used insecurely
|
= note: audit confidence -> Medium
```
- fix pedantic warning:
```
INFO audit: zizmor: completed label.yml
warning[excessive-permissions]: overly broad permissions
--> label.yml:1:1
... |
24 | | with:
25 | | repo-token: '${{ secrets.GITHUB_TOKEN }}'
| |____________________________________________________- default permissions used due to no permissions: block
|
= note: audit confidence -> Medium
```
- silence `template-injection` false positives like:
```
- note: ${{ matrix.build.torture && 'test-torture' || 'test-ci' }} may expand into attacker-controllable code
- note: ${{ contains(matrix.build.install_steps, 'pytest') && 'caddy httpd vsftpd' || '' }} may expand into attacker-controllable code
```
It doesn't seem like these could be controlled by an attacker.
Let me know if I'm missing something.
Closes #17278
It is not part of the curlx function collection, just a macro that might as well be a local version. Closes #17270
The limit is 5000 headers in a single transfer. To avoid problems caused by mistakes or malice. Add test 747 to verify Reported-by: wolfsage on hackerone Closes #17281
Remove the member of data->req.p Closes #17271
This file provides functions in the curlx set. Closes #17285
Not double quotes. Since the file is never local. Closes #17284
Add src/curlinfo to gitignore while we are here. Add tests/server/dnsd to gitignore while we are here. Closes #17252
Add possibility to reload QUIC test server with another certificate. Add tests for more coverage of handshakes. Closes #17382
And some general cleanups Closes #17384
... which makes the struct eight bytes smaller with no gaps. Closes #17386
They take about 4.5 minutes of CI time in GHA/macos. Also: - autotools: improve `caddy`, `vsftpd` detection. Bringing it closer to cmake. - autotools: fix `--with-test-caddy=no`, `--with-test-vsftps=no`, `--with-test-nghttpx=no` options. - cmake: sync `nghttpx` default with autotools. - pytest: disable failing mbedTLS tests on macOS CI. - pytest: disable failing earlydata tests on macOS CI. - GHA/macos: keep vsftpd pytests disabled due to lengthy run times. - pytest: fix test_05_04 for LibreSSL. Ref: #17367 Authored-by: Stefan Eissing Remaining issues: - some unidentified tests taking a long time with mbedTLS: `================= 462 passed, 278 skipped in 347.93s (0:05:47) =================` Ref: https://github.com/curl/curl/actions/runs/15073354301/job/42374999041#step:17:1536 Workaround: not enabling pytest for mbedTLS jobs - 17 FTP tests taking a long time (affecting all TLS backends): without vsftpd: `====================== 496 passed, 244 skipped in 56.15s =======================` Ref: https://github.com/curl/curl/actions/runs/15073354301/job/42374998230#step:17:1536 with vsftpd: `================= 513 passed, 227 skipped in 409.37s (0:06:49) =================` Ref: https://github.com/curl/curl/actions/runs/15073678568/job/42376039672?pr=17362#step:17:1537 Workaround: force-disable vsftpd. - 100 tests failing with SecureTransport. Let's ignore that due to imminent deprecation. Ref: https://github.com/curl/curl/actions/runs/15055652333/job/42320873732#step:17:15362 Follow-up to 30ef79e #17295 Follow-up to 9147903 #16518 Closes #17362
…outs To avoid redundant work in CI and to avoid a single checksrc issue make all autotools jobs fail. After this patch checksrc issues make fail the checksrc job, the `dist / verify-out-of-tree-autotools-debug`, `dist / maketgz-and-verify-in-tree` jobs and the fuzzer job (if run). Of these, the `dist` jobs replicate local builds, also testing the build logic. Also add a script to check the complete local repository, optionally with the build tree to verify generated C files. Also: - automatically run checksrc in subdirectories having a `checksrc` target. (examples, OS400, tests http/client, unit and tunit) - tests/libtest: make sure to run `checksrc` on generated `lib1521.c`. (requires in-tree autotools build.) - tests: run `checksrc` on targets also for non-`DEBUGBUILD` builds. It ensures to check `lib1521.c` in CI via job `dist / maketgz-and-verify-in-tree`. - src: drop redundant `$(builddir)` in autotools builds. - scripts: add `checksrc-all.sh` script to check all C sources and the build directory as an option. - use the above from CI, also make it verify all generated sources. - silence `checksrc` issues in generated C sources. - checksrc: add `-v` option to enable verbose mode. - checksrc: make verbose mode show checked filename and fix to only return error on failure. - make sure that generated C files pass `checksrc`. Assisted-by: Daniel Stenberg Closes #17376
The `struct Curl_dns_entry *` used to established a connection do not have the connection's lifetime, but the transfer's lifetime (of the transfer that initiates the connect). `Curl_dns_entry *` is reference counted with the "dns cache". That cache might be owned by the multi or the transfer's share. In the share, the reference count needs updating under lock. Therefore, the dns entry can only be kept *and* released using the same transfer it was initially looked up from. But a connection is often discarded using another transfer. So far, the problem of this has been avoided in clearing the connection's dns entries in the "multi_don()" handling. So, connections had NULL dns entries after the initial transfers and its connect had been handled. Keeping the dns entries in data->state seems therefore a better choice. Also: remove the `struct Curl_dns_entry *` from the connect filters contexts. Use `data->state.dns` every time instead and fail correctly when not present and needed. Closes #17383
These two conditions probably cannot actually happen, but these two checks make that certain and should please the static code analyzers. Pointed out by Coverity Closes #17397
Accidentally wiped out with 63e513b
was async, but is now reusedp. Closes #17401
- Simplify canon_query() a bit. Avoid unconditionally using length -1 where length risks being zero at times. Pointed out by Coverity. - Fix indent errors - narrow some variable scopes - fix keywords in tests Closes #17402
Pointed out by Coverity Closes #17400
Reduce Curl_ossl_ctx_init() complexity by splitting it up into sub functions. While splitting if ECH, add pytest fixed for AWS-LC and enable it in CI. Closes #17404
Add positive/negative test cases in pytest for pinned public keys. Closes #17412
Split off the function code into several static helpers according to aspects checked. closes #17408
So that they never wrap. More Coverity remarks. Closes #17406
To make everything easier to read and follow. Closes #17409
- Done with the new top-complexity script which uses the pmccabe tool. - Any function scoring over 100 makes the test fail - The script outputs all functions scoring over 70 - Two >100 functions are whitelisted by name, but they are not allowed to increase their scores. Closes #17398
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.1)
Can you help keep this open source service alive? 💖 Please sponsor : )