Resolve conf #16
Merged
Resolve conf #16
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When the async threaded resolver thread returned, clear the started EXPIRE_ASYNC_NAME timeout. Closes curl#18769
When attempts on all addresses have been started, do no longer set any EXPIRE_HAPPY_EYEBALLS timeouts. Fixes curl#18767 Reported-by: Johannes Schindelin Closes curl#18768
Closes curl#18788
- exclude visual studio project templates - exclude test cases - allow 'proxys' which is used for "secure proxy" in test code - allow Tru64 and secur32 Closes curl#18789
Also: - point the source tarball to a working URL. The GitHub release page misses the official source tarball for 4.1.1. - GHA/linux: switch LibreSSL build to cmake (syncing with http3-linux.) - GHA/macos: drop no longer needed LibreSSL build workaround. Closes curl#18792
Since it isn't linked and users might not understand what it refers to. Ref: curl#18755 Closes curl#18790
By checking the size of the actual buffer and using that as memcpy target instead of another union member, this helps readers and static code analyzers to determine that this is not a buffer overflow. Ref: curl#18677 Closes curl#18787
HTTP/3 defines "reserved stream types" that are intended to be ignored by a receiver. This is part of the "greasing" effort that flexes parts of the protocol that are needed for future extensions. curl's OpenSSL-QUIC implementation treated all unexpected streams as an error. Which seems the right thing to do *but* for these reserved types. However OpenSSL does not expose this type and thus, curl needs to silently discard all unexpected streams opened by the server to allow interop with servers that flex the GREASE parts. Fixes curl#18780 Reported-by: Pocs Norbert Closes curl#18791
They use Linuxbrew instead of locally built components. Linuxbrew limitations compared to the locally built components in GHA/http3-linux: - libngtcp2 currently supports OpenSSL only. - wolfssl can't coexist with openssl. - somewhat tricky configuration with autotools. Upside is easy of use, always the latest versions (may be downside), and availability of almost all packages. Closes curl#18693
- asyn-ares: fix compiler warning:
```
lib/asyn-ares.c:751:17: error: code will never be executed [clang-diagnostic-unreachable-code,-warnings-as-errors]
751 | char *csv = ares_get_servers_csv(ares->channel);
| ^~~~~~~~~~~~~~~~~~~~
```
- curl_trc: fix missing symbol:
```
/usr/bin/ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_trc_timer'
collect2: error: ld returned 1 exit status
```
Ref: https://app.circleci.com/pipelines/github/curl/curl/15446/workflows/67afa113-9c49-4249-9180-f6f01fc7dfdd/jobs/149177
Ref: https://github.com/curl/curl/actions/runs/18174250400/job/51736249444#step:33:623
Follow-up to b022389 curl#18768
- multi: fix `-Wunreachable-code`:
```
lib/multi.c:1107:28: error: code will never be executed [-Werror,-Wunreachable-code]
1107 | size_t timeout_count = Curl_llist_count(&data->state.timeoutlist);
| ^~~~~~~~~~~~~~~~
lib/multi.c:3054:35: error: code will never be executed [-Werror,-Wunreachable-code]
3054 | struct Curl_llist_node *e = Curl_llist_head(&data->state.timeoutlist);
| ^~~~~~~~~~~~~~~
lib/multi.c:3380:7: error: code will never be executed [-Werror,-Wunreachable-code]
3380 | Curl_llist_head(&data->state.timeoutlist);
| ^~~~~~~~~~~~~~~
```
Cherry-picked from curl#18797
Closes curl#18799
To skip them when curl has verbose strings disabled, instead of failing. Cherry-picked from curl#18797 Closes curl#18800
Detect via curlinfo if curl has verbose strings disabled, and skip tests that require it. Also: - cmake: make pytests depend on curlinfo. Cherry-picked from curl#18797 Closes curl#18801
Instead of a list of conditions. Makes a unified decimal output when the value is less than 100. Prepares for > 64 bit data type. Closes curl#18807
Since the tool code itself adds the ids (controlled with "ids"), getting them (also) added by the library adds nothing good. Always disable the lib-ids even when "--trace-config all" is selected. Also: change "== Info:" into just "* " to reduce output redundancy. Ref: curl#18755 Reported-by: Alice Lee Poetics Closes curl#18805
- it's just too random who got mentioned - we can't mention all, so better consistently mention none - make sure they all are mentioned in THANKS - also remove some unnecessary comment ramblings Closes curl#18803
…ests To test it in GHA and catch issues at PR time. Before this patch, Circle CI caught them after pushing to master (or non-fork PR branches.) GHA also run runtests, pytests and static analysis on these builds, after this patch. - GHA/linux: enable no-verbose in an existing job. - GHA/linux: enable no-verbose in the H3 scan-build job too. - GHA/macos: enable no-verbose in one build (= 3 jobs with different compilers). - GHA/codeql: enable no-verbose in the MultiSSL Linux build. - circleci: delete openssl no-verbose job in favor of the above. Closes curl#18797
It's implied by the minimum requirement of Windows XP. Also Windows CE is soon to be deleted via curl#17927. Closes curl#18808
Ref: curl#3316 (comment) Follow-up to ea4ba6d curl#18803 Follow-up to 558814e Closes curl#18810
…C updates monthly Also: - enable pip bumps in Dependabot. - reduce dependabot to check monthly (was: weekly) Dependabot acts as a backup for mend/renovate. Closes curl#18761
Released on 2016-Dec-19, it's the first "revamped" stable version, and the earliest available as a source tarball at the official repository: https://github.com/heimdal/heimdal/releases/tag/heimdal-7.1.0 It's also the first version hosted by Homebrew. It builds fine locally with curl, and also builds in CI with old linux: 7.1.0+dfsg-13+deb9u4. Closes curl#18809
- Lock before counting the cache sessions. Prior to this change when taking a session a trace command counted the sessions but not under lock, which caused a race condition. Reported by: Viktor Szakats Fixes curl#18806 Closes curl#18813
- replace with macos-14. - refresh tables, exceptions. - apply a pending TODO. Closes curl#18818
When delaying an IP happy eyeball restart, set an actual timer or the connection will stall when running event based. Closes curl#18815
- Treat HTTP response codes 522 and 524 as a transient error since Cloudflare may use them instead of 504 to signal timeout. For example here is a 522 error message from Cloudflare: "The initial connection between Cloudflare's network and the origin web server timed out. As a result, the web page can not be displayed." Prior to this change the curl tool did not retry on HTTP response codes 522 and 524 when --retry was used. Fixes curl#16143 Closes curl#19011
- Fix logic that checks whether a size_t will fit in a curl_off_t. Reported-by: Viktor Szakats Fixes curl#19017 Closes curl#19036
- it could find a wrong string - this is faster Closes curl#19065
If there are more than two of them in a function, use a local 'conn' variable instead. Closes curl#19063
Since it needs to be a trailing piece of the path avoiding strstr() is faster and more reliable. Also stopped checking the host name since it cannot actually be there since quite a long while back. The URL parser doesn't allow such a hostname. Moved the check into its own subfunction too. Closes curl#19069
RFC 3617 defines two specific modes, "netascii" and "octet". This code now checks only for those trailing ones - and not in the hostname since they can't be there anymore. Assisted-by: Jay Satiro Closes curl#19070
The transfer loop used to check the socket and if no poll events were seen, triggered a "DATA_IDLE" event into the filters to let them schedule times/do things anyway. Since we no longer check the socket, the filters have been called already and the DATA_IDLE event is unnecessary work. Remove it. Closes curl#19060
Reported-by: plv1313 on github Fixes curl#18926 Closes curl#19066
They always point to a string. The string might be zero length. Closes curl#19059
Since it only counts up to 5 Closes curl#19071
Instead of long (up to 64-bit) as the maximum allowed value set since b059f7d is 0x7fff. Saves 2 or 6 bytes. Closes curl#19072
Pointed out by CodeSonar Closes curl#19079
It should be visible in the feature list that libcurl is build with Apple SecTrust enabled. Closes curl#19057
MIT Kerberos version detection is implemented for autotools and cmake.
Examples:
```
curl 8.17.0-DEV (x86_64-pc-linux-gnu) ... mbedTLS/3.6.4 libidn2/2.3.7 nghttp2/1.59.0 libgss/1.0.4 OpenLDAP/2.6.7
curl 8.17.0-DEV (x86_64-pc-linux-gnu) ... LibreSSL/4.1.1 libidn2/2.3.7 nghttp2/1.59.0 mit-krb5/1.20.1 OpenLDAP/2.6.7
curl 8.17.0-DEV (x86_64-pc-linux-gnu) ... LibreSSL/4.1.1 libidn2/2.3.7 nghttp2/1.59.0 mit-krb5 OpenLDAP/2.6.7
curl 8.17.0-DEV (x86_64-pc-linux-gnu) ... LibreSSL/4.1.1 nghttp2/1.59.0 mit-krb5/1.20.1 OpenLDAP/2.6.7
curl 8.17.0-DEV (aarch64e-apple-darwin24.6.0) ... GnuTLS/3.8.10 libidn2/2.3.8 libssh2/1.11.1 nghttp2/1.67.1 mit-krb5/1.22.1
```
Also:
- cmake/FindGSS: strip project name ("Kerberos 5 release") from
the version string when detected via `krb5-config`.
Closes curl#19073
Also move back URLs to GitHub, sources are available there again. Ref: https://github.com/libressl/portable/releases/tag/v4.2.0 Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-4.2.0-relnotes.txt Ref: curl#19050 Ref: curl#19081 Closes curl#19082
It's complex and did not help stabilizing CI runs. Hard to say, but I'm suspicious it's related to the CI errors -1073741502, 0xC0000142, seen in the 'build examples' and 'disk space used' steps. Ref: curl#18526 Reverts 52775a7 curl#18296 Closes curl#19083
Also to make it easier to recognize. Also: - GHA/linux-old: split steps to match other jobs. - GHA: add `--disable` where missing. Closes curl#19084
Also: - GHA/checkdocs: escape `.` in -E regex expression. Closes curl#19076
Cherry-picked from curl#19076 Closes curl#19086
Set the maximum allowed size of an incoming LDAP message, which to OpenLDAP means that it allows malloc() up to this size. If not set, there is no limit and we instead risk a malloc() failure. The limit is arbitrarily set to 256K as I can't figure out what a reasonable value should be. OpenLDAP docs: https://openldap.org/software/man.cgi?query=lber-sockbuf&apropos=0&sektion=0&manpath=OpenLDAP+2.6-Release&arch=default&format=html Bug: https://issues.oss-fuzz.com/issues/432441303 Closes curl#19087
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.