GitLab

This was necessary to ensure compilation with Visual Studio's cl.exe on
conda-forge (see https://github.com/conda-forge/staged-recipes/pull/12226).

This fixes compilation with Visual Studio, as the explicit declaration
of soup_brotli_decompressor_get_type and the one generated by G_DECLARE_FINAL_TYPE
are apparently not identical for the cl.exe compiler.

This adds very basic support for dumping HTTP connection information to
sysprof, if the process is being run under a sysprof session.

See sysprof#43 for plans of how
this could be expanded in future. This is just a starting point.

The code in this commit dumps a message to the sysprof capture which
includes the URI, total time for the connection (request + response),
and the amount of data transferred in the request and response.

It adds an optional dependency on `libsysprof-capture-4.a`, and a
subproject for building that if it’s not available on the system.
Signed-off-by: Philip Withnall <withnall@endlessm.com>

Fedora 30 reached end of life earlier in 2020, and rebuilding the image
no longer works as some of the repository mirrors are down.
Signed-off-by: Philip Withnall <withnall@endlessm.com>

podman provides a `docker` command and claims to interoperate with it,
but then silently builds OCI images in a format which is incompatible
with some `dockerd` versions, which run on some of the GNOME GitLab CI
runners. Sigh.
Signed-off-by: Philip Withnall <withnall@endlessm.com>

This is not needed for libsoup itself at the moment, but is needed if
sysprof is built as a subproject, because Meson doesn’t currently seem
to support different C standards for subprojects.

See: !131 (comment 873102)Signed-off-by: Philip Withnall <withnall@endlessm.com>

Renamed as soup_message_is_feature_disabled(). We need this in WebKit to
check if cookies are available in an existing SoupMessage.

This way disabling the same feature twice doesn't add a new element to
the list.

We are currently using the hash table value as a key in the lookup. So,
we compare the feature type with the registewred schemes. We should get
the list of schemes and find one in the table whose value matches the
given type.

This new policy matches the Safari behavior when ITP is disabled and
third-party cookies are blocked. The SOUP_COOKIE_JAR_ACCEPT_NO_THIRD_PARTY
policy does not allow subresources to set cookies unless they match the
domain of the main resource. The new policy makes an exception for domains
that have previously stored cookies (when being visited).

This patch was written by Michael Catanzaro, but it changed the behavior
of SOUP_COOKIE_JAR_ACCEPT_NO_THIRD_PARTY. I just updated it to add a new
policy instead.

There are two instances in `SoupURI` where `g_ascii_isxdigit()` is
called two bytes ahead of the read pointer to check if a %-encoding is
valid. This is fine when the string being parsed is nul-terminated (as
the first `g_ascii_isxdigit()` call will safely return `FALSE`), but
will result in a read off the end of the buffer if it’s
length-terminated (and doesn’t happen to also be nul-terminated).

Thankfully, that’s not the case in any of the code paths in `SoupURI`
leading to these two instances, so this is not a security issue.

However, the functions should probably be fixed to do an appropriate
length check, just in case they get called from somewhere else in
future.

Spotted by oss-fuzz in oss-fuzz#23815 and oss-fuzz#23818, when it was
fuzzing the new `GUri` implementation in GLib, which is heavily based
off this code.

Includes two unit tests which don’t actually trigger the original
failure (as all strings passed into `SoupURI` are forced to be
nul-terminated), but would trigger it if the nul termination was not
present.
Signed-off-by: Philip Withnall <withnall@endlessm.com>

It broke 32-bit architectures.

- Fixes encoding issues on file names
- Adds sorting support
- Adds translations
- Add CSS for nicer design

Closes !123

Don't use the presence of curl at configure time to decide whether to
run these tests when installed.

Instead of always respecting HAVE_CURL which makes no sense for the
installed tests, simply check if curl is present at test runtime and
skip if not.

Also remove HAVE_CURL from meson.build as this removes all users.

A SOUP_AVAILABLE_IN_2_68 (which expands to __dllspec(dllexport) extern
was missed in the use of G_DECLARE_FINAL_TYPE (SoupBrotliDecompressor...),
which broke Visual Studio builds because the first prototype of
soup_brotli_decompressor_get_type() (that results from the
G_DECLARE_FINAL_TYPE macro) was not marked with __declspec(dllexport)
but the second one at line 35 is, which Visual Studio does not allow.

The files test-cert.pem, test-key.pem, and index.txt are used in several
tests, not just the ones using Apache:

ross@bob /usr/libexec/installed-tests/libsoup-2.4 $ ./chunk-test
Unable to create server: Failed to open file “./test-key.pem”: No such
file or directory

Always install these files if installed tests are enabled, not just when
apache tests are enabled.

SOUP_TESTS_IN_MAKE_CHECK used to be used for the Autotools build system.
I mistakenly thought it was a way to skip the Apache-dependent tests
during `make check`, but in fact the Autotools build system used to
start a single instance of Apache, then run all the tests against that
single instance, and finally shut it down.

This mechanism is currently unused, but resurrecting it might be one way
to avoid #175.

This has been forgotten for a few releases now, so also add a note.