ecnelises
commented
8 months ago The macOS failure is reproducible locally, and previous commit is green. Looking.
Closed ecnelises closed 8 months ago
ecnelises
commented
8 months ago The macOS failure is reproducible locally, and previous commit is green. Looking.
ecnelises
commented
8 months ago https://github.com/curl/curl/commit/3aa3cc9b052353b12f57ae6b57ae5cd29c1060f1 breaks behavior of MIME multipart boundaries. I updated the tests and disabled them when using system curl.
ehuss
commented
8 months ago I've been trying to investigate the upload_lots test hanging, but not getting too far. I bisected the change to https://github.com/curl/curl/pull/11939, which resulted in a report of tests hanging in https://github.com/curl/curl/issues/12033, but there were two fixes that supposedly fixed the hangs (which are in 8.4).
I'm also wondering if the hanging is more related to mio, which is a very old version. Worringly, #358 tried to update, but ran into timeout problems, too.
If I can't make much progress soon, I think we should just disable the test for now to get the CVE fixes out. However, I don't have a grasp if that will make things worse if the hangs are legitimately a problem.
It is quite strange that it only fails on Linux.
ehuss
commented
8 months ago I pushed a fix for the timeout. I also pushed a slightly different approach for the multipart boundary size change which should work with whatever curl version is in use.
I'm going to go ahead and merge to get the CVE fixes out.
ecnelises
commented
8 months ago Thanks!
cURL 8.4.0 fixes two vulnerabilities: