Closed ecnelises closed 8 months ago
The macOS failure is reproducible locally, and previous commit is green. Looking.
https://github.com/curl/curl/commit/3aa3cc9b052353b12f57ae6b57ae5cd29c1060f1 breaks behavior of MIME multipart boundaries. I updated the tests and disabled them when using system curl.
I've been trying to investigate the upload_lots
test hanging, but not getting too far. I bisected the change to https://github.com/curl/curl/pull/11939, which resulted in a report of tests hanging in https://github.com/curl/curl/issues/12033, but there were two fixes that supposedly fixed the hangs (which are in 8.4).
I'm also wondering if the hanging is more related to mio, which is a very old version. Worringly, #358 tried to update, but ran into timeout problems, too.
If I can't make much progress soon, I think we should just disable the test for now to get the CVE fixes out. However, I don't have a grasp if that will make things worse if the hangs are legitimately a problem.
It is quite strange that it only fails on Linux.
I pushed a fix for the timeout. I also pushed a slightly different approach for the multipart boundary size change which should work with whatever curl version is in use.
I'm going to go ahead and merge to get the CVE fixes out.
Thanks!
cURL 8.4.0 fixes two vulnerabilities: