- drop redundant `--parallel` cmake option for Ninja builds.
- use Ninja for aws-lc, also simplify the script.
- use global default `MAKEFLAGS`. This also makes certain
steps faster due to missing parallelism before this patch.
- enable `-DBUILD_OSSFUZZ=ON` in a cmake job.
- split Cygwin job into steps. To sync with others.
- sync Cygwin build type name with other jobs.
Closes#1684
- use `cmake_path()` to query filenames, with CMake 3.20 or upper.
https://cmake.org/cmake/help/v4.1/command/cmake_path.html#query
- also quote the value passed to `get_filename_component()` where
missing. (Could not cause an actual issue as used in the code.)
Closes#1673
To avoid littering the Actions cache.
Another, libssh2-specific issue is that the cache is bound to codeql
version, master commit hash and platform. But in libssh2 we buidl 4
different configurations on Linux, which caused these caching failures:
```
C (OpenSSL) Failed to save: Unable to reserve cache with key codeql-trap-1-2.23.0-cpp-5bd1baed82ada192a2ae7e9801882813853e4d87, another job may be creating this cache.
C (wolfSSL) Failed to save: Unable to reserve cache with key codeql-trap-1-2.23.0-cpp-5bd1baed82ada192a2ae7e9801882813853e4d87, another job may be creating this cache.
C (mbedTLS) Failed to save: Unable to reserve cache with key codeql-trap-1-2.23.0-cpp-5bd1baed82ada192a2ae7e9801882813853e4d87, another job may be creating this cache.
```
Ref: https://github.com/libssh2/libssh2/actions/runs/17744827522
It's probably something to fix, because it suggests that it's unexpected
to build multiple configs in a matrix. Perhaps it's better to build them
after each other in the build step. Though it's not yet clear how
the CodeQL engine is considering coverage for different build
configurations of the same codebase.
Ref: https://github.com/curl/curl/pull/18613
Ref: 9618c337d1
- userauth: fix NULL dereference when out-of-memory.
Also fix indentation.
Follow-up to 3a6ab70dcf#1314
- openssl: drop redundant NULL check and logic.
Follow-up to ed439a29bb#698
Pointed out by CodeQL
Closes#1656
actions/upload-artifact from 4.6.1 to 4.6.2
cygwin/cygwin-install-action from 5 to 6
msys2/setup-msys2 from 2.26.0 to 2.29.0
Closes#1649Closes#1650Closes#1651
This version check may have never worked before this patch. Fixing it
uncovered another issue with assembling `gcov` compiler options. Fix
that issue too.
Follow-up to 09f0ffd9fbCloses#1648
Notes:
Added additional base64 decoding validation when parsing known_hosts and no longer assume what is going into _libssh2_base64_encode() is a null terminated C string, input now must have a length and buffer.
Reported by:
Dhiraj Mishra mishra.dhiraj95@gmail.com
Credit:
Will Cosgrove
Reviewed by:
Michael Buckley
By micromanaging the project dependency and its inclusion into the test
project. It feels like an awkward construct, but perhaps better than
nothing.
It's also fragile because it's a static build with no assistance from
the external project (curl in this case). Mitigated in test by disabling
all dependencies and some features.
Since there is no special core cmake logic to be tested here, in CI
the test is tested really. To keep CI jobs at minimum, only add 3 of
them, taking 26s in total. (All 6 would take 203s.)
Follow-up to 77df767784#1589Closes#1637
In `kex_method_diffie_hellman_group_exchange_sha256_key_exchange`,
`p` and `g` are later initialized with `_libssh2_bn_from_bin`, so they
should be initially created using `_libssh2_bn_init_from_bin` rather
than `_libssh2_bn_init`, as is done in
`kex_method_diffie_hellman_group_exchange_sha1_key_exchange`.
Fixing memory leaks when using the libgcrypt backend.
Follow-up to 09c5e59933
Ref: https://web.archive.org/web/trac.libssh2.org/ticket/168Closes#1599
- Reworking the `Libs.private` collector logic for INTERFACE targets,
broke the original lib order. Fix it by going back a single loop
to retain order.
Follow-up to df0563a857#1535
- Implement the above with one change: move implicit CMake libs
to the end of the list (was: the beginning).
I expect these to be libs that any custom libs may depend on,
like system libs, C runtime, compiler runtime lib.
Follow-up to c87f129630#1466Closes#1623
`LIBSSH2_PC_LIBS_PRIVATE` ends up in `Libs.private` in `libssh2.pc`.
The order and duplication may be significant for linkers that rely on
strict lib order and unable to resolve symbols without it. Such linker
is binutils `ld`. De-duplication can break it.
As of now there is no purposeful duplication in libs in libssh2, thus
the de-duplication most likely did not affect actual builds.
It was originally introduced to avoid a repeat `-lz` (with
a zlib-enabled OpenSSL or wolfSSL build.) To keep this feature, this
patch makes sure to only delete duplicates that are next to each other.
Follow-up to 6464301820#1131Closes#1621
The `libssh2.pc` generator logic automatically adds `-lws2_32` while
parsing `LIBSSH2_LIBS`, which contains this lib already. Then discard
the duplicate.
This patch introduces a change in the position of `ws2_32` within
the lib list advertised via `libssh2.pc` for static builds.
This order might in cases by significant, but:
- libssh2 no longer links against `libssl`, which was the library
also referencing `ws2_32` and breaking picky binutils `ld` linker
when not passed in strict dependency order.
Ref: c84745e34e#1128
- since switching to INTERFACE targets, cmake messes up the lib order
anyway, adding `OpenSSL:Crypto` last, instead of `ws2_32`. This did
not seem to cause an issue so far.
Ref: df0563a857#1535
For these reasons it seems unlikely this position change could break
Windows OpenSSL static gcc/ld builds relying on `libssh2.pc` for their
lib list. It least no more than it was before this patch.
Turns out these theories don't stand in practice and the order is broken
possibly by introducing INTERFACE targets, with or without this patch.
`libcrypto` (tested with LibreSSL) is in fact depending on `ws2_32`, and
the `bcrypt` dependency is also causing breakage with picky binutils ld.
I may try addressing it in a separate PR.
Ref: 33b6d5f89d#827
Ref: 31fb8860db#811Closes#1619
Also:
- merge CI check and shellcheck jobs into a single one.
To share the same shellcheck version and less overhead.
- use `set -eu` in more scripts.
- make sure CI scripts run from any cwd.
To make it easy to run them on local machine.
- minor tidy-ups.
Closes#1618
Also:
- fix old yamllint warnings.
- make quoting more consistent.
- drop stray step name: "checkout".
- merge REUSE workflow into main CI one.
Closes#1614
