Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Builder curl-unthreaded-solaris10-i386 Build #16476

Results:

Failed runtest

SourceStamp:

Projectcurl
Repositoryhttps://github.com/curl/curl.git
Branchmaster
Revisionad9836dfa46a565f02f58835d08f9aa08dc773e8
Got Revisionad9836dfa46a565f02f58835d08f9aa08dc773e8
Changes15 changes

BuildSlave:

unstable10x

Reason:

The SingleBranchScheduler scheduler named 'schedule-curl-unthreaded-solaris10-i386' triggered this build

Steps and Logfiles:

  1. git update ( 12 secs )
    1. stdio
  2. Runtest './tests/testcurl.pl --nogitpull ...' failed ( 5 hrs, 9 mins, 27 secs )
    1. stdio
    2. resultlog
  3. Mail result 'cat resultlog ...' ( 4 secs )
    1. stdio

Build Properties:

NameValueSource
branch master Build
builddir /export/home/buildbot/slave/curl-unthreaded-solaris10-i386 slave
buildername curl-unthreaded-solaris10-i386 Builder
buildnumber 16476 Build
codebase Build
got_revision ad9836dfa46a565f02f58835d08f9aa08dc773e8 Git
osplatform I386 SetPropertyFromCommand Step
osrelease 10 SetPropertyFromCommand Step
project curl Build
repository https://github.com/curl/curl.git Build
revision ad9836dfa46a565f02f58835d08f9aa08dc773e8 Build
scheduler schedule-curl-unthreaded-solaris10-i386 Scheduler
slavename unstable10x BuildSlave
workdir /export/home/buildbot/slave/curl-unthreaded-solaris10-i386 slave (deprecated)

Forced Build Properties:

NameLabelValue

Responsible Users:

  1. Daniel Stenberg
  2. Ercan Ermis
  3. Stefan Eissing
  4. Viktor Szakats
  5. renovate[bot]

Timing:

StartThu Mar 19 01:46:18 2026
EndThu Mar 19 16:39:09 2026
Elapsed14 hrs, 52 mins, 50 secs

All Changes:

:

  1. Change #261417

    Category curl
    Changed by Daniel Stenberg <danielohnoyoudont@haxx.se>
    Changed at Wed 18 Mar 2026 10:24:53
    Repository https://github.com/curl/curl.git
    Project curl
    Branch master
    Revision b11f43a4db96cb0533f29739faced172c07244f6

    Comments

    top-complexity: prevent filename-based shell injection risk
As we run this script in CI, this should reduce the risk of mischief

Found by Codex Security

Closes #20969

    Changed files

    • scripts/top-complexity

  2. Change #261418

    Category curl
    Changed by Daniel Stenberg <danielohnoyoudont@haxx.se>
    Changed at Wed 18 Mar 2026 10:25:52
    Repository https://github.com/curl/curl.git
    Project curl
    Branch master
    Revision 02e04eaee7cce029f88b2cf35885646c1b9c922b

    Comments

    asyn-ares: fix HTTPS-lookup when not on port 443
Follow-up to 8d0bfe74fba1e8394e73d

Spotted by Codex Security

Closes #20966

    Changed files

    • lib/asyn-ares.c

  3. Change #261419

    Category curl
    Changed by Daniel Stenberg <danielohnoyoudont@haxx.se>
    Changed at Wed 18 Mar 2026 10:34:48
    Repository https://github.com/curl/curl.git
    Project curl
    Branch master
    Revision a43ea5943bb553c73777d33e353ccffcc52a23fb

    Comments

    http2: clear the h2 session at delete
When calling nghttp2 to delete session, clear the pointer to avoid risk
of UAF.

Pointed out by Codex Security

Closes #20975

    Changed files

    • lib/http2.c

  4. Change #261420

    Category curl
    Changed by Daniel Stenberg <danielohnoyoudont@haxx.se>
    Changed at Wed 18 Mar 2026 10:40:19
    Repository https://github.com/curl/curl.git
    Project curl
    Branch master
    Revision acb4fcb2ef38e318ce60f3b8ae413c5760bf366f

    Comments

    tool_msgs: avoid null pointer deref for early errors
When errorf()/warnf() is used early on, before the global pointer is
setup, curl would previosly deref the null pointer.

Follow-up to 3b40128b0f11a3

Found by Codex Security

Closes #20967

    Changed files

    • src/tool_msgs.c

  5. Change #261434

    Category curl
    Changed by Daniel Stenberg <danielohnoyoudont@haxx.se>
    Changed at Wed 18 Mar 2026 11:14:20
    Repository https://github.com/curl/curl.git
    Project curl
    Branch master
    Revision 3f06e27502d616e42e28e3545d2624571a561421

    Comments

    urlapi: make dedotdotify handle leading dots correctly
Paths starting with one or two leading dots but without a following
slash were not handled correctly.

Follow-up to c31dd6631f9a0177aa9045cdbb

Extended test 1395 accordingly with a set of new test string.

Reported by Codex Security

Closes #20974

    Changed files

    • lib/urlapi.c
    • tests/unit/unit1395.c

  6. Change #261435

    Category curl
    Changed by Viktor Szakats <commitohnoyoudont@vsz.me>
    Changed at Wed 18 Mar 2026 11:22:23
    Repository https://github.com/curl/curl.git
    Project curl
    Branch master
    Revision 650b33a3dbcb6a48dc52f735401bb75f52bc3121

    Comments

    badwords: pass config as filename arg
Instead of stdin.

To simplify the command-line, and allow using a safe and portable
`system()` call from `badwords-all`.

Ref: https://perldoc.perl.org/functions/system

Closes #20970

    Changed files

    • scripts/badwords
    • scripts/badwords-all

  7. Change #261436

    Category curl
    Changed by Ercan Ermis <epostaohnoyoudont@ercanermis.com>
    Changed at Wed 18 Mar 2026 11:24:41
    Repository https://github.com/curl/curl.git
    Project curl
    Branch master
    Revision c3f04e76ae2b1c3ee9283010538769d54a878a59

    Comments

    ftp: reject PWD responses containing control characters
A malicious or compromised FTP server could include control characters
(e.g. bare \r, or bytes 0x01-0x1f/0x7f) inside the quoted directory path
of its 257 PWD response. That string is stored verbatim as
ftpc->entrypath and later sent unescaped in a CWD command on connection
reuse via Curl_pp_sendf(), which performs no sanitization before
appending \r\n.

Reject the entire path if any control character is encountered during
extraction so that tainted data never reaches a subsequent FTP command.

Add test case 3217 and 3218 to verify. Adjusted test 1152 accordingly.

Closes #20949

    Changed files

    • lib/ftp.c
    • tests/data/Makefile.am
    • tests/data/test1152
    • tests/data/test3217
    • tests/data/test3218

  8. Change #261441

    Category curl
    Changed by Viktor Szakats <commitohnoyoudont@vsz.me>
    Changed at Wed 18 Mar 2026 11:33:37
    Repository https://github.com/curl/curl.git
    Project curl
    Branch master
    Revision 578ee6b79b240a0b41de039913357b100e19283e

    Comments

    gcc: guard `#pragma diagnostic` in core code for <4.6, disable picky warnings
Extend `#pragma diagnostic push`/`pop` guards to the whole codebase
(from tests and examples only) to disable it for GCC <4.6. Rename guard
to `CURL_HAVE_DIAG` and make it include llvm/clang to be interchangeable
with `__GNUC__ || __clang__` in this context.

The above means no longer disabling certain warnings locally, so pair
this with disabling all picky warnings for GCC <4.6.

Also:
- drop global workarounds for misbehaving GCC <4.6 compiler warnings.
  Not needed with picky warnings disabled.

Reported-by: fds242 on github
Reported-by: Sergey Fedorov
Thanks-to: Orgad Shaneh
Follow-up to f07a98ae113b832a8748ba66e1554a7f14c6897e #20366
Fixes #20892
Fixes #20924
Closes #20902
Closes #20907

    Changed files

    • CMake/PickyWarnings.cmake
    • docs/examples/sendrecv.c
    • lib/content_encoding.c
    • lib/curl_gssapi.c
    • lib/curl_setup.h
    • lib/curlx/snprintf.c
    • lib/ftp.c
    • lib/if2ip.c
    • lib/ldap.c
    • lib/mprintf.c
    • lib/socks_gssapi.c
    • lib/vauth/krb5_gssapi.c
    • lib/vauth/spnego_gssapi.c
    • lib/version.c
    • m4/curl-compilers.m4
    • src/tool_cb_prg.c
    • src/tool_main.c
    • src/tool_writeout.c
    • tests/libtest/first.h
    • tests/libtest/lib557.c
    • tests/server/util.c
    • tests/unit/unit1398.c
    • tests/unit/unit1652.c
    • tests/unit/unit2604.c
    • tests/unit/unit3200.c

  9. Change #261442

    Category curl
    Changed by Viktor Szakats <commitohnoyoudont@vsz.me>
    Changed at Wed 18 Mar 2026 11:37:15
    Repository https://github.com/curl/curl.git
    Project curl
    Branch master
    Revision c5daffe5f3c0b4a2740d8a77cffd4547617cd51e

    Comments

    delta: avoid potential zero division
Found by Codex Security

Closes #20977

    Changed files

    • scripts/delta

  10. Change #261443

    Category curl
    Changed by Viktor Szakats <commitohnoyoudont@vsz.me>
    Changed at Wed 18 Mar 2026 11:37:15
    Repository https://github.com/curl/curl.git
    Project curl
    Branch master
    Revision a3699e8b9eeb3f58949d8c5f5394b215f32092e4

    Comments

    examples/websocket: fix to sleep more on Windows
Found by Codex Security

Follow-up to d4b85890555388bec212b75f47a5c1a48705b156 #13771

Closes #20978

    Changed files

    • docs/examples/websocket.c

  11. Change #261444

    Category curl
    Changed by Viktor Szakats <commitohnoyoudont@vsz.me>
    Changed at Wed 18 Mar 2026 11:40:13
    Repository https://github.com/curl/curl.git
    Project curl
    Branch master
    Revision 454db7aeee4114583a26b2c14ebc594028fe6342

    Comments

    badwords: prefer 'null-terminated'
Aligning with existing text.

Closes #20979

    Changed files

    • docs/examples/log_failed_transfers.c
    • docs/examples/synctime.c
    • docs/internals/BUFREF.md
    • lib/curlx/base64.c
    • lib/http.c
    • lib/transfer.c
    • lib/vtls/mbedtls.c
    • scripts/badwords.txt

  12. Change #261458

    Category curl
    Changed by Viktor Szakats <commitohnoyoudont@vsz.me>
    Changed at Wed 18 Mar 2026 13:07:13
    Repository https://github.com/curl/curl.git
    Project curl
    Branch master
    Revision 77c5470147a8fb31c79184f2d373e441c6131efa

    Comments

    scripts: drop unused CI scripts
Replaced by Test Clutch:
https://testclutch.curl.se/static/reports/feature-matrix.html

Closes #20981

    Changed files

    • .github/scripts/distfiles.sh
    • scripts/ciconfig.pl
    • scripts/cijobs.pl

  13. Change #261460

    Category curl
    Changed by Stefan Eissing <stefanohnoyoudont@eissing.org>
    Changed at Wed 18 Mar 2026 13:38:51
    Repository https://github.com/curl/curl.git
    Project curl
    Branch master
    Revision 41aaac61e215a827619b896d5b8588200cfdae28

    Comments

    lib: always use Curl_1st_fatal instead of Curl_1st_err
Curl_1st_err() does not return the second error if the first result is
CURLE_AGAIN. This may cause errors to not become noticeable when they
should be.

Replace all use of Curl_1st_err() with Curl_1st_fatal(), which handles
CURLE_AGAIN as a not-a-real-error case.

Closes #20980

    Changed files

    • lib/easy.c
    • lib/http.c
    • lib/multi.c
    • lib/url.c
    • lib/url.h
    • lib/vquic/curl_ngtcp2.c
    • lib/vquic/curl_quiche.c

  14. Change #261467

    Category curl
    Changed by Viktor Szakats <commitohnoyoudont@vsz.me>
    Changed at Wed 18 Mar 2026 14:47:39
    Repository https://github.com/curl/curl.git
    Project curl
    Branch master
    Revision d986b89c88f35d909ac39c52ae7718ea2b8f50c5

    Comments

    rand: use `BCryptGenRandom()` in UWP builds
Also:
- fix build configuration to correctly set Win10 target in the mingw-w64
  CI build, to enable the `BCryptGenRandom()` prototype in v6+ SDK
  headers.

Ref: https://learn.microsoft.com/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom

Issue raised by Codex Security

Closes #20983

    Changed files

    • .github/workflows/windows.yml
    • lib/rand.c

  15. Change #261469

    Category curl
    Changed by renovate[bot] <29139614+renovate[bot]ohnoyoudont@users.noreply.github.com>
    Changed at Wed 18 Mar 2026 15:06:44
    Repository https://github.com/curl/curl.git
    Project curl
    Branch master
    Revision ad9836dfa46a565f02f58835d08f9aa08dc773e8

    Comments

    GHA: update dependency nghttp2/nghttp2 to v1.68.1
Closes #20982

    Changed files

    • .github/workflows/http3-linux.yml
    • .github/workflows/linux.yml
BuildBot (0.8.14) working for the OpenCSW Buildbot project.
Page built: Sat 21 Mar 2026 17:07:12 (CET)