Commit Graph

30993 Commits

Author SHA1 Message Date
Dan Fandrich
d6d458b1cf test1474: make precheck more robust on non-Solaris systems
If uname -r returns something odd, perl could return an error code and
the test would be erroneously skipped. The qx// syntax avoid this.

Followup to 08f9b2148
2023-09-20 14:26:32 -07:00
Dan Fandrich
dd12b452a8 github/labeler: switch to the 5 beta version
This version adds an important feature that will allow more PRs to be
labelled. Rather than being limited to labeling PRs with files that
match a single glob, it can now label them if multiple changed files
match any one of a number of globs.
2023-09-20 12:42:07 -07:00
Daniel Stenberg
ff5e502316
lib: enable hmac for digest as well
Previously a build that disabled NTLM and aws-sigv4 would fail to build
since the hmac was disabled, but it is also needed for digest auth.

Follow-up to e92edfbef6

Fixes #11890
Reported-by: Aleksander Mazur
Closes #11896
2023-09-20 13:38:42 +02:00
Daniel Stenberg
7cf269dd1c
idn: if idn2_check_version returns NULL, return error
... this avoids a NULL dereference for this unusual case.

Reported-by: s0urc3_ on hackerone
Closes #11898
2023-09-20 13:36:51 +02:00
Daniel Stenberg
0d3956b8c6
http: fix CURL_DISABLE_BEARER_AUTH breakage
When bearer auth was disabled, the if/else logic got wrong and caused
problems.

Follow-up to e92edfbef6
Fixes #11892
Reported-by: Aleksander Mazur
Closes #11895
2023-09-20 13:33:31 +02:00
Michael Osipov
452182332d
wolfssl: allow capath with CURLOPT_CAINFO_BLOB
Remain consistent with OpenSSL. While CAfile is nulled as documented
with CURLOPT_CAINFO_BLOB, CApath remains intact.

Closes #11886
2023-09-20 13:30:41 +02:00
Michael Osipov
cc123e2757
wolfssl: use ssl_cafile/ssl_capath variables consistent with openssl.c
Closes #11886
2023-09-20 13:30:34 +02:00
Dan Fandrich
08f9b21483 test1474: disable test on NetBSD, OpenBSD and Solaris 10
These kernels only send a fraction of the requested amount of the first
large block, invalidating the assumptions of the test and causing it to
fail.

Assisted-by: Christian Weisgerber
Ref: https://curl.se/mail/lib-2023-09/0021.html
Closes #11888
2023-09-19 23:49:08 -07:00
Ryan Schmidt
6ab7e1990b
cmake, configure: also link with CoreServices
When linking with CoreFoundation, also link with CoreServices which is
apparently required to avoid an NSInvalidArgumentException in software
linking with libcurl on macOS Sonoma 14 and later.

Fixes #11893
Closes #11894
2023-09-20 08:38:19 +02:00
Marc Hoersken
c6dc25f111
CI/azure: remove pip, wheel, cryptography, pyopenssl and impacket
These dependencies are now already included in the Docker image.

Ref: 2607a31bca

Closes #11889
2023-09-19 22:13:11 +02:00
Daniel Stenberg
8420fef590
wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files
Ref: #11883
Reported-by: Michael Osipov
Closes #11884
2023-09-19 12:59:56 +02:00
Daniel Stenberg
becd1e86a8
RELEASE-NOTES: synced 2023-09-19 08:32:38 +02:00
Daniel Stenberg
a878864a48
test3103: CURLOPT_COOKIELIST test 2023-09-19 08:26:14 +02:00
Daniel Stenberg
73c82ed941
cookie: set ->running in cookie_init even if data is NULL
This is a regression introduced in b1b326ec50 (shipped in curl 8.1.0)

Test 3103 verifies.

Fixes #11875
Reported-by: wangp on github
Closes #11876
2023-09-19 08:26:07 +02:00
Daniel Stenberg
7f225456d1
test498: total header size for all redirects is larger than accepted 2023-09-18 22:57:04 +02:00
Daniel Stenberg
2cb0d346aa
http: use per-request counter to check too large headers
Not the counter that accumulates all headers over all redirects.

Follow-up to 3ee79c1674

Do a second check for 20 times the limit for the accumulated size for
all headers.

Fixes #11871
Reported-by: Joshix-1 on github
Closes #11872
2023-09-18 22:57:01 +02:00
Jay Satiro
68ee7f8b7e THANKS: add Eric Murphy
He reported #11850 (quiche build error) but I forgot to add a
'reported-by' entry in the fix 267e14f1.
2023-09-18 14:38:43 -04:00
Daniel Stenberg
f6e5435cef h2-proxy: remove left-over mistake in drain_tunnel()
Left-over from 331b89a319

Reported-by: 南宫雪珊

Closes https://github.com/curl/curl/pull/11877
2023-09-18 14:30:20 -04:00
vvb2060
746dbc1488
lib: failf/infof compiler warnings
Closes #11874
2023-09-18 09:56:25 +02:00
Daniel Stenberg
706eff9f1f
rand: fix 'alnum': array is too small to include a terminating null character
It was that small on purpose, but this change now adds the null byte to
avoid the error.

Follow-up to 3aa3cc9b05

Reported-by: Dan Fandrich
Ref: #11838
Closes #11870
2023-09-17 17:43:52 +02:00
Mathias Fuchs
adbb7a030d
cmake: fix the help text to the static build option in CMakeLists.txt
Closes #11843
2023-09-16 23:38:36 +02:00
John Haugabook
9764bfc368
MANUAL.md: change domain to example.com
Closes #11866
2023-09-16 23:36:45 +02:00
Daniel Stenberg
f8cee8cc31
doh: inherit DEBUGFUNCTION/DATA
When creating new transfers for doing DoH, they now inherit the debug
settings from the initiating transfer, so that the application can
redirect and handle the verbose output correctly even for the DoH
transfers.

Reported-by: calvin2021y on github
Fixes #11864
Closes #11869
2023-09-16 18:27:38 +02:00
Dan Fandrich
c879203538 http_aws_sigv4: fix sorting with empty parts
When comparing with an empty part, the non-empty one is always
considered greater-than. Previously, the two would be considered equal
which would randomly place empty parts amongst non-empty ones. This
showed as a test 439 failure on Solaris as it uses a different
implementation of qsort() that compares parts differently.

Fixes #11855
Closes #11868
2023-09-16 08:35:16 -07:00
Dan Fandrich
589dca761c CI: ignore the "flaky" and "timing-dependent" test results
CI builds will now run these tests, but will ignore the results if they
fail. The relevant tests are ones that are sensitive to timing or
have edge conditions that make them more likely to fail on CI servers,
which are often heavily overloaded and slow.

This change only adds two additional tests to be ignored, since the
others already had the flaky keyword.

Closes #11865
2023-09-16 08:33:59 -07:00
Dan Fandrich
989e1f35e8 runtests: eliminate a warning on old perl versions
The warning "Use of implicit split to @_ is deprecated" showed between
perl versions about 5.8 through 5.11.
2023-09-16 08:33:45 -07:00
Dan Fandrich
06cdfad49f tests: log the test result code after each libtest
This makes it easier to determine the test status. Also, capitalize
FAILURE and ABORT messages in log lines to make them easier to spot.
2023-09-16 08:33:45 -07:00
Harry Sintonen
3aa3cc9b05
misc: better random strings
Generate alphanumerical random strings.

Prior this change curl used to create random hex strings. This was
mostly okay, but having alphanumerical random strings is better: The
strings have more entropy in the same space.

The MIME multipart boundary used to be mere 64-bits of randomness due
to being 16 hex chars. With these changes the boundary is 22
alphanumerical chars, or little over 130 bits of randomness.

Closes #11838
2023-09-16 11:37:57 +02:00
Daniel Stenberg
f88cc654ec
cookie: reduce variable scope, add const 2023-09-15 22:09:43 +02:00
Daniel Stenberg
8c285a76ee
cookie: do not store the expire or max-age strings
Convert it to an expire time at once and save memory.

Closes #11862
2023-09-15 22:09:39 +02:00
Daniel Stenberg
61275672b4
cookie: remove unnecessary struct fields
Plus: reduce the hash table size from 256 to 63. It seems unlikely to
make much of a speed difference for most use cases but saves 1.5KB of
data per instance.

Closes #11862
2023-09-15 22:09:06 +02:00
Daniel Stenberg
6f17656c20
RELEASE-NOTES: synced
Bumped to 8.4.0, the next presumed version
2023-09-15 09:03:34 +02:00
Dan Fandrich
3514a394f3 test2600: remove special case handling for USE_ALARM_TIMEOUT
This was originally added to handle platforms that supported only 1
second granularity in connect timeouts, but after some recent changes
the test currently permafails on several Windows platforms.

The need for this special-case was removed in commit 8627416, which
increased the connect timeout in all cases to well above 1 second.

Fixes #11767
Closes #11849
2023-09-14 11:57:00 -07:00
Daniel Stenberg
46d4ae5e11
SECURITY-PROCESS.md. call it vulnerability disclosure policy
SECURITY-PROCESS.md -> VULN-DISCLOSURE-POLICY.md

This a name commonly used for a document like this. This name helps
users find it.

Closes #11852
2023-09-14 17:04:33 +02:00
Junho Choi
267e14f1ba quiche: fix build error with --with-ca-fallback
- Fix build error when curl is built with --with-quiche
  and --with-ca-fallback.

- Add --with-ca-fallback to the quiche CI job.

Fixes https://github.com/curl/curl/issues/11850
Closes https://github.com/curl/curl/pull/11847
2023-09-14 03:10:18 -04:00
Jay Satiro
7a2421dbb7 escape: replace Curl_isunreserved with ISUNRESERVED
- Use the ALLCAPS version of the macro so that it is clear a macro is
  being called that evaluates the variable multiple times.

- Also capitalize macro isurlpuntcs => ISURLPUNTCS since it evaluates
  a variable multiple times.

This is a follow-up to 291d225a which changed Curl_isunreserved into an
alias macro for ISUNRESERVED. The problem is the former is not easily
identified as a macro by the caller, which could lead to a bug.

For example, ISUNRESERVED(*foo++) is easily identifiable as wrong but
Curl_isunreserved(*foo++) is not even though they both are the same.

Closes https://github.com/curl/curl/pull/11846
2023-09-14 03:07:45 -04:00
Dan Fandrich
23c3f81ed7 tests: increase the default server logs lock timeout
This timeout is used to wait for the server to finish writing its logs
before checking them against the expected values. An overloaded machine
could take more than the two seconds previously allocated, so increase
the timeout to 5 seconds.

Ref: #11328
Closes #11834
2023-09-13 11:26:08 -07:00
Dan Fandrich
c725ec72a3 tests: increase TEST_HANG_TIMEOUT in two tests
These tests had a 5 second timeout compared to 60 seconds for all other
tests. Make these consistent with the others for more reliability on
heavily-loaded machines.

Ref: #11328
2023-09-13 11:26:08 -07:00
Dan Fandrich
223f601c04 test1056: disable on Windows
This test relies on the IPv6 scope field being ignored when connecting to
ipv6-localhost (i.e. [::1%259999] is treated as [::1]). Maybe this is a bit
dodgy, but it works on all our test platforms except Windows. This
test was disabled manually on all Windows CI builds already, so instead
add an incompatible feature and precheck so it's skipped on Windows
everywhere automatically.
2023-09-13 11:26:08 -07:00
Dan Fandrich
2e2fc007c8 test587: add a slight delay after test
This test is designed to connect to the server, then immediately send a
few bytes and disconnect. In some situations, such as on a loaded
server, this doesn't give the server enough time to write its lock file
before its existence is checked. The test harness then fails to find the
server's input log file (because it hasn't been written yet) and fails
the test. By adding a short delay after the test, the HTTP server has
enough time to write its lock file which gives itself more time to write
its remaining files.

Ref: #11328
2023-09-13 11:26:08 -07:00
Dan Fandrich
d29a62d738 tests: stop overriding the lock timeout
These tests reduce the server lock wait timeout which can increase
flakiness on loaded machines. Since this is merely an optimization,
eliminate them in favour of reliability.

Ref: #11328
2023-09-13 11:26:08 -07:00
Dan Fandrich
2ef67901cc tests: add some --expect100-timeout to reduce timing dependencies
These tests can fail when the test machine is so slow that the test HTTP
server didn't get a chance to complete before the client's one second
100-continue timeout triggered. Increase that 1 second to 999 seconds so
this situation doesn't happen.

Ref: #11328
2023-09-13 11:26:08 -07:00
Dan Fandrich
f0e4fa445d test661: return from test early in case of curl error 2023-09-13 11:26:08 -07:00
Dan Fandrich
381792dfbf tests: add the timing-dependent keyword on several tests
These are ones likely to fail on heavily-loaded machines that alter the
normal test timing. Most of these tests already had the flaky keyword
since this condition makes them more likely to fail on CI.
2023-09-13 11:26:08 -07:00
Dan Fandrich
ae84a52c42 test1592: greatly increase the maximum test timeout
It was too short to be reliable on heavily loaded CI machines, and
as a fail-safe only, it didn't need to be short.

Ref: #11328
2023-09-13 11:26:08 -07:00
Dan Fandrich
7d56d2e50d test: minor test cleanups
Remove an obsolete block of code in tests 2032 & 576.
Add a comment in test 1474.
2023-09-13 11:26:08 -07:00
Dan Fandrich
9db7f17135 tests: quadruple the %FTPTIME2 and %FTPTIME3 timeouts
This gives more of a margin for error when running on overloaded CI
servers.

Ref: #11328
2023-09-13 11:26:07 -07:00
Dan Fandrich
ad3c83599e tests: improve SLOWDOWN test reliability by reducing sent data
These tests are run in SLOWDOWN mode which adds a 10 msec delay after
each character output, which means it takes at least 1.6 seconds (and
320 kernel calls) just to get through the long welcome banner. On an
overloaded system, this can end up taking much more than 1.6 seconds,
and even more than the 7 or 16 second curl timeout that the tests rely
on, causing them to fail. Reducing the size of the welcome banner drops
the total number of characters sent before the transfer starts by more
than half, which reduces the opportunity for test-breaking slowdowns by
the same amount.

Ref: #11328
2023-09-13 11:26:07 -07:00
Dan Fandrich
877e103584 test650: fix an end tag typo 2023-09-13 11:26:07 -07:00
Jay Satiro
73980f9ace tool_cb_wrt: fix debug assertion
- Fix off-by-one out-of-bounds array index in Windows debug assertion.

Bug: https://github.com/curl/curl/commit/af3f4e41#r127212213
Reported-by: Gisle Vanem
2023-09-13 14:00:05 -04:00