This issue was not addressed with CMake builds so far. curl-for-win
worked thanks to its `-Wl,--start-group` workaround. It affects
binutils `ld` linking statically. Shared linking and llvm's `lld`
doesn't need strict lib order, and are not affected.
The solution is to pass libs in dependency order, with least dependent
(e.g. system) libs last. In case of cyclic dependency, may pass libs
twice.
Fix most issues by moving Windows system libs `ws2_32` and `bcrypt`
last, and move SSH libs first due to their dependence on crypto
backends and zlib compression.
Also:
- modify an existing Linux curl-for-win job to use gcc.
- add a specific Windows gcc job to test this. Make it use different
options than the default to extend build coverage too: `libssh`,
`zlib-ng`, 32-bit.
- prefer CMake imported targets for OpenSSL and ZLIB.
Examples of issues fixed:
Windows LibreSSL, libpsl vs. ws2_32:
```
x86_64-w64-mingw32-ld: curl/libressl/lib/libcrypto.a(bss_sock.c.obj):bss_sock.c:(.text$sock_ctrl[sock_ctrl]+0x59): undefined reference to `__imp_shutdown'
x86_64-w64-mingw32-ld: curl/libressl/lib/libcrypto.a(gcm128.c.obj):gcm128.c:(.text$CRYPTO_gcm128_init[CRYPTO_gcm128_init]+0x65): undefined reference to `__imp_ntohl'
x86_64-w64-mingw32-ld: curl/libpsl/_x64-win-ucrt/usr/lib/libpsl.a(psl.o):(.text$psl_is_cookie_domain_acceptable+0xef): undefined reference to `__imp_WSAStringToAddressW'
```
Ref: https://github.com/curl/curl/actions/runs/13157579253/job/36718144881?pr=16182#step:3:5354
Linux libssh2 vs. zlib:
```
/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/bin/ld: curl/libssh2/_a64-linux-gnu-libressl/usr/lib/libssh2.a(unity_0_c.c.o): in function `comp_method_zlib_dtor':
(.text.comp_method_zlib_dtor+0x8c): undefined reference to `deflateEnd'
/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/bin/ld: curl/libssh2/_a64-linux-gnu-libressl/usr/lib/libssh2.a(unity_0_c.c.o): in function `comp_method_zlib_comp':
(.text.comp_method_zlib_comp+0x50): undefined reference to `deflate'
/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/bin/ld: curl/libssh2/_a64-linux-gnu-libressl/usr/lib/libssh2.a(unity_0_c.c.o): in function `comp_method_zlib_init':
(.text.comp_method_zlib_init+0x8c): undefined reference to `deflateInit_'
```
Ref: https://github.com/curl/curl/actions/runs/13157270420/job/36717189086?pr=16182#step:3:5285
Windows libssh vs. ws2_32 and LibreSSL:
```
/usr/bin/i686-w64-mingw32-ld: curl/libssh/_x86-win-ucrt-libressl/usr/lib/libssh.a(connect.c.obj):(.text$ssh_connect_host_nonblocking+0x92): undefined reference to `WspiapiGetAddrInfo@16'
/usr/bin/i686-w64-mingw32-ld: curl/libssh/_x86-win-ucrt-libressl/usr/lib/libssh.a(connect.c.obj):(.text$ssh_connect_host_nonblocking+0x3d9): undefined reference to `gai_strerrorA'
/usr/bin/i686-w64-mingw32-ld: curl/libssh/_x86-win-ucrt-libressl/usr/lib/libssh.a(kex.c.obj):(.text$ssh_client_select_hostkeys+0xd2): undefined reference to `FIPS_mode'
/usr/bin/i686-w64-mingw32-ld: curl/libssh/_x86-win-ucrt-libressl/usr/lib/libssh.a(options.c.obj):(.text$ssh_options_set+0x942): undefined reference to `FIPS_mode'
```
Ref: https://github.com/curl/curl/actions/runs/13163986294/job/36739557888?pr=16182#step:3:5127
Ref: https://github.com/curl/curl/actions/runs/13163986294/job/36739557888?pr=16182#step:3:5121Closes#16182
It should be done if "threaded-resolver" is enabled, but the detection
was slightly broken for builds that add c-ares for the asyn-rr feature.
Closes#16226
libssh 0.9.0 was shipped on June 28 2019 and is the first version
featuring the knownhosts API
Drop libssh from the GHA/linux-old CI job since it gets a libssh 0.7.3
version, too old for us now.
Closes#16200
Instead of picky-backing on the libcurl one using the curlx shortcut,
which is fragile since the libcurl one is not present in all builds.
Reported-by: mschroeder-fzj on github
Fixes#16201Closes#16203
In certain Windows configurations, Perl resides under `C:/Program Files`
causing tests to fail when executing Perl. Fix by quoting the command.
Seen in `dl-mingw` jobs when switching to the default `bash` shell
offered by the `windows-latest` runner on GHA.
Also:
- apply the same fix for `valgrind` for consistency.
- make more use of `shell_quote()` when passing the `srcdir` directory
over the command-line. This doesn't come up in CI, but seems like
good practice. There are lots more unquoted arguments and possibly
also commands.
```
-------e--- OK (940 out of 1537, remaining: 00:32, took 0.217s, duration: 00:50)
test 1167...[Verify curl prefix of public symbols in header files]
/C/Program Files/Git/usr/bin/perl -I. -ID:/a/curl/curl/tests returned 127, when expecting 0
1167: exit FAILED
[...]
=== Start of file stderr1167
sh: line 1: /C/Program: No such file or directory
```
Ref: https://github.com/curl/curl/actions/runs/13181757313/job/36794072190?pr=16217#step:13:2107Closes#16220
Sync the test path with test1515. If fixes the test when the perl tool
resides on a path with spaces in it. E.g. when using the perl from Git
for Windows. This is a workaround, there may be a better fix this
type of issue.
Similar fix for test1515: 38b055446ae46e4568328fa90e96a87fe71c56a7
Failure:
```
test 1516...[caching of manual libcurl DNS entries after dead connection]
lib1515.exe returned 3, when expecting 0
1516: exit FAILED
=== Start of file stderr1516
Test: lib1515
[...]
17:59:32.390000 == Info: Expire cleared
request http://testserver.example.com:63621/C:/Program Files/Git/path/15160001 failed with 3
Test ended with result 3
=== End of file stderr1516
```
Ref: https://github.com/curl/curl/actions/runs/13184790755/job/36804217128?pr=16217#step:13:2805Closes#16223
It was wrongly bumped to 1.16.0 in db50fc6e95816ec. While we strongly
recommend using 1.16.0 or later, we still allow builds using older
versions.
It would make sense to raise the requirement to at least 1.11.0 (Feb 19
2016) but that's not done right now.
Closes#16221
As `tool_hugehelp.c` is no longer included into `Makefile.inc`,
I did add it explicitly to list of source files built on IBMi.
Follow-up to 96843f4ef74e02452972fd97fe15d8ff656f46ec #16068Fixes#16214Closes#16215
Made the netrc parser return a more consistent set of error codes and
error messages, and also return error properly if the .netrc file is
missing.
Add test 697 to verify error on missing netrc file.
Fixes#16163
Reported-by: arlt on github
Closes#16165
The previous runtime check using strcmp() risks failing when zlib
reaches 1.10. While this instead changes the logic to a cruder
build-time instead of runtime, it avoids the 1.10 risk.
I verified that ZLIB_VERNUM has been provided since at least the 1.2.0.3
release.
1.2.0.4 was released on 10 August 2003.
Reported-by: Fay Stegerman
Closes#16202
- Better explain that if the requested range (--range or CURLOPT_RANGE)
contains multiple ranges then the response contains meta information
in addition to the requested bytes.
Prior to this change it was noted that a multiple part response was
returned as-is but not what that meant. In particular, meta information
is returned in addition to the requested bytes and that may have been
unexpected.
Reported-by: Ralf A. Timmermann
Fixes https://github.com/curl/curl/issues/16139
Closes https://github.com/curl/curl/pull/16150
Seen with GCC 13 with Windows x86:
```
lib/vssh/libssh.c: In function 'myssh_statemach_act':
lib/vssh/libssh.c:1851:41: error: conversion from 'curl_off_t' {aka 'long long int'} to 'size_t' {aka 'unsigned int'} may change value [-Werror=conversion]
1851 | data->state.infilesize,
| ~~~~~~~~~~~^~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/13161422041/job/36737994642?pr=16182#step:3:5111Closes#16194
Include `netinet/in.h` for FreeBSD/OpenBSD. Also include `sys/socket.h`
just in case, based on earlier code in `tests/libtest/lib1960.c`.
Also:
- document these in `CMakeLists.txt`.
- add a CI job testing FreeBSD with no unity and no test bundles.
(without running tests to keep it fast)
FreeBSD (autotools):
```
../../../tests/libtest/lib1960.c:66:22: error: variable has incomplete type 'struct sockaddr_in'
66 | struct sockaddr_in serv_addr;
| ^
../../../tests/libtest/lib1960.c:66:10: note: forward declaration of 'struct sockaddr_in'
66 | struct sockaddr_in serv_addr;
| ^
```
Ref: https://github.com/curl/curl/actions/runs/13159721509/job/36725114118?pr=16188#step:3:5289
OpenBSD (cmake):
```
/home/runner/work/curl/curl/tests/libtest/lib1960.c:66:22: error: variable has incomplete type 'struct sockaddr_in'
struct sockaddr_in serv_addr;
^
/home/runner/work/curl/curl/tests/libtest/lib1960.c:66:10: note: forward declaration of 'struct sockaddr_in'
struct sockaddr_in serv_addr;
^
1 error generated.
```
Ref: https://github.com/curl/curl/actions/runs/13159721509/job/36725102004?pr=16188#step:3:2166
Reported-by: CueXXIII on Github
Fixes#16184
Follow-up to a3585c9576abccddbd27200058912cef900c3c0f #15543Closes#16188
By removing 'data' from the thread struct and passing it in as an
argument we avoid the case it could be dereferenced before stored when
shutting down HTTPS RR.
Also reordered the struct fields a little to remove holes.
Closes#16169
Before this patch it returned `CURLE_FAILED_INIT` on init failures, with
the value of 2. Fix it to return `false`.
Seen with clang 18.1.8:
```
../lib/transfer.c(181,12): warning: integer constant not in range of enumerated type 'bool' [-Wassign-enum]
181 | return CURLE_FAILED_INIT;
| ^
../lib/transfer.c(181,12): warning: implicit conversion from enumeration type 'CURLcode' to different enumeration type 'bool' [-Wenum-conversion]
181 | return CURLE_FAILED_INIT;
| ~~~~~~ ^~~~~~~~~~~~~~~~~
../lib/transfer.c(183,12): warning: integer constant not in range of enumerated type 'bool' [-Wassign-enum]
183 | return CURLE_FAILED_INIT;
| ^
../lib/transfer.c(183,12): warning: implicit conversion from enumeration type 'CURLcode' to different enumeration type 'bool' [-Wenum-conversion]
183 | return CURLE_FAILED_INIT;
| ~~~~~~ ^~~~~~~~~~~~~~~~~
```
Follow-up to 35bf766280a77cde3055e0f4e249ab02a0dcd275 #14253Closes#16170
As reported in #16166, the STLS hangs with the check for SSL connection
filters, but is working with the old protocol handler way. Revert the
change, although it is unclear why it was no good here.
Fixes#16166
Reported-by: ralfjunker on github
Closes#16172
We don't pursue this, and the necessary `#pragma` got in the way of
compiling curl with gcc 4.2 and older. Drop the logic completely.
Follow-up to 8a266ac4883958c339fe16796081a296cd66acb3 #15939
Reported-by: prpr19xx on Github
Fixes#16152Closes#16157
For ASN.1 tags with indefinite length, curl's own parser for TLS
backends that do not support certificate inspection calls itself
recursively. A malicious server certificate can then lead to high
recursion level exhausting the stack space.
This PR limits the recursion level to 16 which should be safe on all
architectures.
Added unit test 1657 to verify behaviour.
Fixes#16135
Reported-by: z2_
Closes#16137
The condition `!$cmdtype eq "perl"` (introduced in a4765b0551) is always
false. It checks whether a logical negation (giving true/false) is equal
to the string `"perl"`. This is impossible, so the logging never worked.
The intent was probably to negate the result of the string
comparison:`!($cmdtype eq "perl")` or simply `$cmdtype ne "perl"`.
Fixes#16128
Reported-by: Igor Todorovski
Closes#16129
While this is useful on CI to highlight issues in the scripts, it's a
recipe for pain when enabled on users' builds.
Suggested-by: Leon Timmermans
Ref: #16128
- replace deprecated `ares_init()` call with `ares_init_options()`.
Follow-up to 0d4fdbf15d8eec908b3e63b606f112b18a63015e #16054
- dedupe `CARES_STATICLIB` initalizations into `curl_setup.h`, to
ensure it's defined before the first (and every) `ares.h` include and
avoid a potential confusion.
- move `CARES_NO_DEPRECATED` from build level to `curl_setup.h`.
To work regardless of build system.
It is necessary because curl calls `ares_getsock()` from two places,
of which one feeds a chain of wrappers: `Curl_ares_getsock()`,
`Curl_resolver_getsock()`, `Curl_resolv_getsock()`.
Closes#16131
- drop `--quiet 2` option where used, to have uniform output.
- replace `apt` with `apt-get` in one job. sync options with rest.
- replace deprecated `apt-key` command with the alternative recommended
by `apt-key(8)`.
- drop stray `cd /tmp`, no longer needed after migrating to GHA.
- shorten `--option Dpkg::Use-Pty=0` to `-o Dpkg::Use-Pty=0`.
- add `-o Dpkg::Use-Pty=0` to hide `apt-get` progress bars taking
vertical log space, where missing.
- drop `-y --no-install-suggests --no-install-recommends` `apt-get`
options. They are the default in the ubuntu-24.04 image.
- GHA/distcheck: move `name:` to top in steps where not there.
- scripts/cijobs.pl: catch `apt-get` lines with the `-o` option.
Closes#16127
