Builder curl-ares-solaris10-sparc Build #3664

Build In Progress:

ETA: 04:24:23 [15 mins, 30 secs]

SourceStamp:

BuildSlave:

Reason:

The SingleBranchScheduler scheduler named 'schedule-curl-ares-solaris10-sparc' triggered this build

Steps and Logfiles:

1. git  
   1. - no logs -
2. setproperty  
   1. - no logs -
3. setproperty_1  
   1. - no logs -
4. Runtest  
   1. - no logs -
5. Mail result  
   1. - no logs -

Build Properties:

Forced Build Properties:

Responsible Users:

1. Daniel Stenberg

   danielohnoyoudont@haxx.se
2. Dave Walker

   daveohnoyoudont@daviey.com
3. Stefan Eissing

   stefanohnoyoudont@eissing.org
4. Tobias Frauenschläger

   tobiasohnoyoudont@wolfssl.com
5. Viktor Szakats

   commitohnoyoudont@vsz.me

Timing:

All Changes:

:

1. Change #271122

   Category	curl
   Changed by	Viktor Szakats <commitohnoyoudont@vsz.me>
   Changed at	Mon 15 Jun 2026 14:27:07
   Repository	https://github.com/curl/curl.git
   Project	curl
   Branch	master
   Revision	0882e3951d910b923f3463fa98604df9fcb13a0c

   Comments

   servers: mask to `S_IFMT` in unix socket path attribute check
   Instead of `S_IFSOCK` before this patch. For correctness; it is probably
   not an issue in most environments.
   
   Spotted by Copilot
   Bug: https://github.com/curl/curl/pull/22021#discussion_r3413049506
   Follow-up to 99fb36797a3f0b64ad20fcb8b83026875640f8e0
   
   Closes #22026

   Changed files

   • tests/server/util.c

2. Change #271130

   Category	curl
   Changed by	Daniel Stenberg <danielohnoyoudont@haxx.se>
   Changed at	Mon 15 Jun 2026 14:32:35
   Repository	https://github.com/curl/curl.git
   Project	curl
   Branch	master
   Revision	b0d733e143e53d2e99cd2d2b935741ce21561e1a

   Comments

   VULN-DISCLOSURE-POLICY: non-released code
   Closes #22025

   Changed files

   • docs/VULN-DISCLOSURE-POLICY.md

3. Change #271136

   Category	curl
   Changed by	Daniel Stenberg <danielohnoyoudont@haxx.se>
   Changed at	Mon 15 Jun 2026 14:42:52
   Repository	https://github.com/curl/curl.git
   Project	curl
   Branch	master
   Revision	9f25dcea55713aa37451c52b809e16ae1509bfe4

   Comments

   checksrc: detect and warn for (void)!
   It's plain weird. Don't do it.
   
   Closes #22023

   Changed files

   • scripts/checksrc.pl

4. Change #271137

   Category	curl
   Changed by	Daniel Stenberg <danielohnoyoudont@haxx.se>
   Changed at	Mon 15 Jun 2026 14:43:09
   Repository	https://github.com/curl/curl.git
   Project	curl
   Branch	master
   Revision	c8d8f081fd62c68c588f8963a8e441c730a23b5b

   Comments

   src/test: avoid (void)! constructs
   The reason to use them seems to be that just (void) before a function
   call is not enough to silence compiler warnings when return codes are
   ignored and -Werror=unused-result is used.
   
   While (void)! apparently works to silence those warnings, it is just too
   weird and surprising to readers to use.
   
   It is rather a reason to reconsider the usefulness of the warning.
   
   Closes #22023

   Changed files

   • src/tool_setopt.c
   • tests/server/util.c

5. Change #271146

   Category	curl
   Changed by	Stefan Eissing <stefanohnoyoudont@eissing.org>
   Changed at	Mon 15 Jun 2026 15:42:22
   Repository	https://github.com/curl/curl.git
   Project	curl
   Branch	master
   Revision	7333f6674c8d3dbbe3728c2bf18f24d43a666ea0

   Comments

   cf-capsule: complete filter
   Make the capsule filter complete, implement:
   
   - pollset handling
   - flush handling and querying
   - shutdown handling
   - replace allocated send buffer with a bufq
   
   Closes #22019

   Changed files

   • lib/vquic/capsule.c
   • lib/vquic/capsule.h
   • lib/vquic/cf-capsule.c
   • lib/vquic/cf-capsule.h
   • lib/vquic/vquic.c
   • lib/vquic/vquic_int.h
   • tests/unit/unit3400.c

6. Change #271147

   Category	curl
   Changed by	Daniel Stenberg <danielohnoyoudont@haxx.se>
   Changed at	Mon 15 Jun 2026 15:44:08
   Repository	https://github.com/curl/curl.git
   Project	curl
   Branch	master
   Revision	6ce740403eeb6b948d769b0418ea6066541a7f07

   Comments

   verify-release: verify more thoroughly with git
   If the script is invoked in a git repository it verifies the tarball
   better.
   
   Closes #22018

   Changed files

   • docs/VERIFY.md
   • scripts/verify-release

7. Change #271152

   Category	curl
   Changed by	Viktor Szakats <commitohnoyoudont@vsz.me>
   Changed at	Mon 15 Jun 2026 15:52:28
   Repository	https://github.com/curl/curl.git
   Project	curl
   Branch	master
   Revision	7d09426187a1a0e3ad735fc257c6b8eed3612f9a

   Comments

   servers: accept `unlink()` failing due to the file missing
   In `bind_unix_socket()`, before retrying `bind()`.
   
   This patch uses `ENOENT`. This was last time in source between
   d25b0503795f1fbf557632ce870298f52f2a78c1 (2018) and
   dffd996e3b54a0c9314b1c93c7f837a5b2b1fc3d (2023), and also earlier. Also
   defined by supported Windows envs. Seems safe to use.
   
   Reported-by CodeQL
   Follow-up to 99fb36797a3f0b64ad20fcb8b83026875640f8e0
   Cherry-picked from #22010
   
   Closes #22028

   Changed files

   • tests/server/util.c

8. Change #271153

   Category	curl
   Changed by	Viktor Szakats <commitohnoyoudont@vsz.me>
   Changed at	Mon 15 Jun 2026 15:55:29
   Repository	https://github.com/curl/curl.git
   Project	curl
   Branch	master
   Revision	8932063828393b76403e1048948257ccdd2965e9

   Comments

   lib668: do not assume null-terminator in test input data
   For correctness. Did not cause an issue, because the null-terminator is
   present.
   
   Also:
   - change a size type to avoid casts.
   - reuse input length value.
   
   Spotted by GitHub Code Quality
   
   Follow-up to 1e4cb333ef632bf081045bb7b36f0736bec52708 #4826
   
   Closes #22027

   Changed files

   • tests/libtest/lib668.c

9. Change #271154

   Category	curl
   Changed by	Stefan Eissing <stefanohnoyoudont@eissing.org>
   Changed at	Mon 15 Jun 2026 15:55:58
   Repository	https://github.com/curl/curl.git
   Project	curl
   Branch	master
   Revision	f497b25672227df564e523097845f7169724520e

   Comments

   cf-setup: own source file
   Move the setup filter into its own source file.
   
   Move the main connect driving function, `Curl_conn_connect()`,
   from cfilters.c to connect.c.
   
   Closes #22022

   Changed files

   • lib/Makefile.inc
   • lib/cf-https-connect.c
   • lib/cf-setup.c
   • lib/cf-setup.h
   • lib/cfilters.c
   • lib/cfilters.h
   • lib/connect.c
   • lib/connect.h
   • lib/curl_trc.c

10. Change #271156

    Category	curl
    Changed by	Stefan Eissing <stefanohnoyoudont@eissing.org>
    Changed at	Mon 15 Jun 2026 15:59:10
    Repository	https://github.com/curl/curl.git
    Project	curl
    Branch	master
    Revision	eb6d1e098e98f6e15cb8fdd24f87419bd7a8787f

    Comments

    ratelimits: use minimal burst rate
    Some protocols (and servers) prefer to batch IO and will not send data
    unless the window is of sufficient size. Set the burst rate for our
    rate limits to a minimum of 32KB to prevent stalling.
    
    Reported-by: Tatsuhiro Tsujikawa
    
    Closes #22016

    Changed files

    • lib/ratelimit.c
    • lib/setopt.c

11. Change #271165

    Category	curl
    Changed by	Viktor Szakats <commitohnoyoudont@vsz.me>
    Changed at	Mon 15 Jun 2026 16:43:21
    Repository	https://github.com/curl/curl.git
    Project	curl
    Branch	master
    Revision	0dae3b2690ad280d010f1ca9073801040aca947b

    Comments

    servers: accept `lstat()` failing due to the file missing
    In `bind_unix_socket()`, before retrying `bind()`.
    
    Before this patch the code wanted to check if the to-be-deleted unix
    socket path was indeed a socket, before deleting it and retrying to
    bind. If `lstat()` failed for any reason, it skipped retry. Fix to retry
    if `lstat()` failed because of the file missing.
    
    Ref: https://pubs.opengroup.org/onlinepubs/9799919799/functions/lstat.html
    
    Follow-up to 0882e3951d910b923f3463fa98604df9fcb13a0c #22026
    Follow-up to 03bc93bd327e06e86af0b0c14a888f7482affedc #22021
    Follow-up to e70f8ebd34edade24df442152f52b361abaf4309 #22020
    Follow-up to 30e491e5c921aecca5a16083d8185840dc64eccd #7034
    Follow-up to 99fb36797a3f0b64ad20fcb8b83026875640f8e0
    
    Closes #22010

    Changed files

    • tests/server/util.c

12. Change #271167

    Category	curl
    Changed by	Viktor Szakats <commitohnoyoudont@vsz.me>
    Changed at	Mon 15 Jun 2026 16:57:21
    Repository	https://github.com/curl/curl.git
    Project	curl
    Branch	master
    Revision	adb606eae752eaeea9a5fcea77fc46498e2ecf05

    Comments

    curl_formdata: fix to pass long where missing, document `CURLFORM_NAMELENGTH`
    - lib650: pass `long` to `CURLFORM_NAMELENGTH` in test.
      Spotted by Copilot.
      https://github.com/curl/curl/pull/22011#discussion_r3412407235
      Follow-up to 3620e569b312476f1e63b298106f942079b5afe8
    
    - lib650: drop an interim variable, and interim casts.
      Follow-up to 60776a0515c2a8f572902ad5bcc9f63eeaeafa84 #2747
    
    - curl_formdata.md: document `CURLFORM_NAMELENGTH` on man page.
    
    - curl_formdata.md: pass `long` to `CURLFORM_BUFFERLENGTH` on man page.
    
    - formdata: pass `long` to `CURLFORM_CONTENTSLENGTH` in comment.
    
    Closes #22017

    Changed files

    • docs/libcurl/curl_formadd.md
    • lib/formdata.c
    • tests/libtest/lib650.c

13. Change #271189

    Category	curl
    Changed by	Viktor Szakats <commitohnoyoudont@vsz.me>
    Changed at	Mon 15 Jun 2026 18:38:29
    Repository	https://github.com/curl/curl.git
    Project	curl
    Branch	master
    Revision	46ba384b1b03fec7115e2caa3fdc4587f6973e37

    Comments

    winldap: avoid NULL pointer deref on `ldap_get_dn()` fail
    In non-Unicode builds.
    
    Assisted-by: Jay Satiro
    
    Closes #22000

    Changed files

    • lib/ldap.c

14. Change #271190

    Category	curl
    Changed by	Viktor Szakats <commitohnoyoudont@vsz.me>
    Changed at	Mon 15 Jun 2026 18:38:29
    Repository	https://github.com/curl/curl.git
    Project	curl
    Branch	master
    Revision	5687d211c48b38facb9e77c59b233dc25dadb330

    Comments

    servers: fix off-by-3 OOB write for large `loghex()` inputs
    Spotted by GitHub Code Quality
    
    Closes #22031

    Changed files

    • tests/server/util.c

15. Change #271217

    Category	curl
    Changed by	Viktor Szakats <commitohnoyoudont@vsz.me>
    Changed at	Mon 15 Jun 2026 22:04:39
    Repository	https://github.com/curl/curl.git
    Project	curl
    Branch	master
    Revision	526d3b8a53f19874544a8cc9695ac88ddbde3493

    Comments

    servers: silence `-Wunused-result` with pragma
    In some configurations the `write()` functions gets the
    `warn_unused_result` attribute, that makes casting to `(void)`
    ineffective to silence this warning. Seen with glibc, in 5 CI jobs.
    The warning option appeared in GCC 4.5 and comes enabled by default.
    
    ```
    tests/server/util.c:329:5: error: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result]
      329 |     write(STDERR_FILENO, msg, sizeof(msg) - 1);
          |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ```
    Ref: https://github.com/curl/curl/actions/runs/27548333990/job/81427544632
    
    Refs:
    https://github.com/curl/curl/pull/22023#issuecomment-4708455631
    https://gcc.gnu.org/onlinedocs/gcc-16.1.0/gcc/Warning-Options.html#index-Wunused-result
    https://gcc.gnu.org/onlinedocs/gcc-16.1.0/gcc/Common-Attributes.html#index-warn_005funused_005fresult
    https://stackoverflow.com/questions/40576003/ignoring-warning-wunused-result
    
    Follow-up to c8d8f081fd62c68c588f8963a8e441c730a23b5b #22023
    Follow-up to e95f509c66abdd88ae02e3243cdc217f19c4a330 #16852
    
    Closes #22034

    Changed files

    • tests/server/util.c

16. Change #271222

    Category	curl
    Changed by	Tobias Frauenschläger <tobiasohnoyoudont@wolfssl.com>
    Changed at	Mon 15 Jun 2026 22:18:29
    Repository	https://github.com/curl/curl.git
    Project	curl
    Branch	master
    Revision	50ffc359e943b2b55268b6c8507524fb0c23dc9c

    Comments

    tls: wolfssl: fixes for PQC key shares
    This PR makes the wolfssl TLS backend work properly for PQC key
    exchanges. The following issues are fixed:
    * WOLFSSL_HAVE_KYBER is not present anymore in upstream wolfssl (for a
      long time actually), so it has no use and the ML-KEM functionality was
      never turned on properly.
    * Key share group selection (via --curves) is now handled via the
      generic wolfSSL_CTX_set1_groups_list() method instead of the prior
      wolfSSL_CTX_set1_curves_list() and the additonal PQC handling. This
      removes a lot of PQC related special handling and the behavior now
      matches the OpenSSL backend.
    * The default QUIC group setting has been removed. For QUIC, the key
      share as well as the list in the supported_groups extension is now
      handled all within wolfssl. This also supports --curves properly now.
    
    Closes #22030

    Changed files

    • lib/vtls/wolfssl.c

17. Change #271226

    Category	curl
    Changed by	Dave Walker <daveohnoyoudont@daviey.com>
    Changed at	Mon 15 Jun 2026 22:30:14
    Repository	https://github.com/curl/curl.git
    Project	curl
    Branch	master
    Revision	b9702f8c487135695ee07a69a24d85e4f7eba40e

    Comments

    cookie: use origin scheme for secure context check
    `Curl_secure_context()` checked `conn->scheme` to determine if Secure
    cookies may be sent. Since 73daec6, `conn->scheme` is set to the proxy's
    scheme when using an HTTPS forwarding proxy, causing the function to
    return TRUE for HTTP origins. This leaked Secure cookies over the
    plaintext connection between proxy and origin.
    
    Use `data->state.origin->scheme` instead, which always reflects the
    origin's scheme regardless of proxy configuration.
    
    Not an approved vulnerability because the regression was introduced
    after the last release and is not present in any released version.
    
    Verified by test 3401
    
    Follow-up to 73daec6620bf9983df89e8df3660bfa3b8fd501d
    Reported-by: daviey on hackerone
    URL: https://hackerone.com/reports/3803415
    Closes #22024

    Changed files

    • lib/cookie.c
    • lib/cookie.h
    • lib/http.c
    • tests/data/Makefile.am
    • tests/data/test3401

18. Change #271227

    Category	curl
    Changed by	Stefan Eissing <stefanohnoyoudont@eissing.org>
    Changed at	Mon 15 Jun 2026 22:32:15
    Repository	https://github.com/curl/curl.git
    Project	curl
    Branch	master
    Revision	bb72413b03c8f74f1bc88c7292a53a15db74cd20

    Comments

    cf-https-connect: do not engage on proxy origin
    When talking to a forwarding proxy, do not start HTTPS Eyeballing.
    We might support this in the future, but for now, the --httpx.x
    arguments to do not apply to such a setup.
    
    Add a test case for forward proxying without use of ALPN.
    
    Closes #22033

    Changed files

    • lib/cf-https-connect.c
    • tests/http/test_10_proxy.py

19. Change #271228

    Category	curl
    Changed by	Daniel Stenberg <danielohnoyoudont@haxx.se>
    Changed at	Mon 15 Jun 2026 22:35:33
    Repository	https://github.com/curl/curl.git
    Project	curl
    Branch	master
    Revision	7f57aeec40926dce22d997cf05810fb9c9c721d3

    Comments

    verify-release: don't unpack in git repo
    - Clarify that the tarball to verify should be put in the same dir you
      run the script.
    
    - Verify that the curl version number in the file name matches the
      version number within the tarball. To reduce risk for mistakes.
    
    - When verifying using git, do not unpack the tarball. It avoids the
      security risk with malicious tarball contents playing tricks on git.
    
    - Only unpack the tarball for git-less verfication.
    
    - Move the source tarball into _tarballs/ instead of overwriting it,
      which can be useful in case the verification fails
    
    Closes #22032

    Changed files

    • scripts/verify-release

20. Change #271232

    Category	curl
    Changed by	Daniel Stenberg <danielohnoyoudont@haxx.se>
    Changed at	Mon 15 Jun 2026 23:08:59
    Repository	https://github.com/curl/curl.git
    Project	curl
    Branch	master
    Revision	5d1ac48088cf4e04e689e98732024997b56d1511

    Comments

    setopt: mark function argument as unused *properly*
    Closes #22035

    Changed files

    • lib/setopt.c

21. Change #271243

    Category	curl
    Changed by	Viktor Szakats <commitohnoyoudont@vsz.me>
    Changed at	Tue 16 Jun 2026 00:41:29
    Repository	https://github.com/curl/curl.git
    Project	curl
    Branch	master
    Revision	678e63934cc4bd1941b20c5111d37a6e530d2a5d

    Comments

    perl: `|| die` -> `or die`
    Usage was fifty-fifty between these syntaxes before this patch.
    
    Closes #22036

    Changed files

    • .github/scripts/cleancmd.pl
    • docs/examples/version-check.pl
    • scripts/cdall
    • scripts/checksrc-all.pl
    • scripts/checksrc.pl
    • scripts/completion.pl
    • scripts/extract-unit-protos
    • scripts/managen
    • scripts/singleuse.pl
    • tests/certs/genserv.pl
    • tests/getpart.pm
    • tests/libtest/test1013.pl
    • tests/libtest/test1022.pl
    • tests/libtest/test610.pl
    • tests/libtest/test613.pl
    • tests/runner.pm
    • tests/runtests.pl
    • tests/secureserver.pl
    • tests/servers.pm
    • tests/sshserver.pl
    • tests/test1119.pl
    • tests/test1135.pl
    • tests/test1165.pl
    • tests/test1167.pl
    • tests/test1222.pl
    • tests/test1477.pl
    • tests/test1707.pl
    • tests/test745.pl
    • tests/test971.pl