diff options
| author | dartraiden <wowemuh@gmail.com> | 2023-06-09 22:16:15 +0300 |
|---|---|---|
| committer | dartraiden <wowemuh@gmail.com> | 2023-06-09 22:24:54 +0300 |
| commit | 77c3c9d94a04796dcf7847a39b84f929f9639d61 (patch) | |
| tree | f7b22d02e98f4f4e17d60b045de9eb68ca18bafb /libs/libcurl/docs/CHANGES | |
| parent | 927f00cc19b7239a1fe12abe30b472d61b753d8d (diff) | |
libcurl: update to 8.1.2
Diffstat (limited to 'libs/libcurl/docs/CHANGES')
| -rw-r--r-- | libs/libcurl/docs/CHANGES | 7466 |
1 files changed, 3412 insertions, 4054 deletions
diff --git a/libs/libcurl/docs/CHANGES b/libs/libcurl/docs/CHANGES index a9e2dcf620..3fe822bc9e 100644 --- a/libs/libcurl/docs/CHANGES +++ b/libs/libcurl/docs/CHANGES @@ -6,6 +6,3418 @@ Changelog
+Version 8.1.2 (30 May 2023)
+
+Daniel Stenberg (30 May 2023)
+
+- RELEASE-NOTES: synced
+
+ 8.1.2 release
+
+- THANKS: contributors from 8.1.2
+
+- lib1560: verify more scheme guessing
+
+ - on 2nd level domains
+ - on names without dots
+
+ As mentioned in #11161, "imap.com" will be guessed IMAP
+
+ Closes #11219
+
+- page-header: minor wording polish in the URL segment
+
+ Closes #11217
+
+- page-header: mention curl version and how to figure out current release
+
+ Closes #11216
+
+- RELEASE-NOTES: synced
+
+- configure: without pkg-config and no custom path, use -lnghttp2
+
+ Reported-by: correctmost on github
+ Fixes #11186
+ Closes #11210
+
+Stefan Eissing (28 May 2023)
+
+- curl: cache the --trace-time value for a second
+
+ - caches HH:MM:SS computed and reuses it for logging during
+ the same second.
+ - common function for plain log line start formatting
+
+ Closes #11211
+
+Kev Jackson (28 May 2023)
+
+- libcurl.m4: remove trailing 'dnl' that causes this to break autoconf
+
+ Closes #11212
+
+Stefan Eissing (26 May 2023)
+
+- http3: send EOF indicator early as possible
+
+ - ngtcp2 and quiche implementations relied on the DONE_SEND event
+ to forward the EOF for uploads to the libraries. This often
+ result in a last 0 length EOF data. Tracking the amount of
+ data left to upload allows EOF indication earlier.
+ - refs #11205 where CloudFlare DoH servers did not like to
+ receive the initial upload DATA without EOF and returned
+ a 400 Bad Request
+
+ Reported-by: Sergey Fionov
+ Fixes #11205
+ Closes #11207
+
+Daniel Stenberg (26 May 2023)
+
+- scripts/contri*sh: no longer grep -v ' '
+
+ Originally these scripts filtered out names that have no space so that
+ they better avoid nick names not intended for credits. Such names are
+ not too commonly used, plus we now give credit even to those.
+
+ Additionally: non-latin names, like Asian, don't have spaces at all so
+ they were also filtered out and had to be manually added which made it
+ an error-prone operation where Asian names eventually easily fell off by
+ mistake.
+
+ Closes #11206
+
+- cf-socket: restore Curl_sock_assign_addr()
+
+ Regression since it was not private. Also used by msh3.c
+
+ Follow-up to 8e85764b7bd7f05f5
+ Reported-by: Gisle Vanem
+ Fixes #11202
+ Closes #11204
+
+- RELEASE-NOTES: synced
+
+ Taken down to 8.1.2 now for pending patch release
+
+- libssh: when keyboard-interactive auth fails, try password
+
+ The state machine had a mistake in that it would not carry on to that
+ next step.
+
+ This also adds a verbose output what methods that are available from the
+ server and renames the macros that change to the next auth methods to
+ try.
+
+ Reported-by: 左潇峰
+ Fixes #11196
+ Closes #11197
+
+Emanuele Torre (25 May 2023)
+
+- configure: fix build with arbitrary CC and LD_LIBRARY_PATH
+
+ Since ./configure and processes that inherit its environment variables
+ are the only callers of the run-compiler script, we can just save the
+ current value of the LD_LIBRARY_PATH and CC variables to another pair of
+ environment variables, and make run-compiler a static script that
+ simply restores CC and LD_LIBRARY_PATH to the saved value, and before
+ running the compiler.
+
+ This avoids having to inject the values of the variables in the script,
+ possibly causing problems if they contains spaces, quotes, and other
+ special characters.
+
+ Also add exports in the script just in case LD_LIBRARY_PATH and CC are
+ not already in the environment.
+
+ follow-up from 471dab2
+
+ Closes #11182
+
+Daniel Stenberg (25 May 2023)
+
+- urlapi: remove superfluous host name check
+
+ ... as it is checked later more proper.
+
+ Closes #11195
+
+Stefan Eissing (25 May 2023)
+
+- http2: fix EOF handling on uploads with auth negotiation
+
+ - doing a POST with `--digest` does an override on the initial request
+ with `Content-Length: 0`, but the http2 filter was unaware of that
+ and expected the originally request body. It did therefore not
+ send a final DATA frame with EOF flag to the server.
+ - The fix overrides any initial notion of post size when the `done_send`
+ event is triggered by the transfer loop, leading to the EOF that
+ is necessary.
+ - refs #11194. The fault did not happen in testing, as Apache httpd
+ never tries to read the request body of the initial request,
+ sends the 401 reply and closes the stream. The server used in the
+ reported issue however tried to read the EOF and timed out on the
+ request.
+
+ Reported-by: Aleksander Mazur
+ Fixes #11194
+ Cloes #11200
+
+Daniel Stenberg (23 May 2023)
+
+- RELEASE-NOTES: synced
+
+ bump to 8.2.0
+
+- lib: remove unused functions, make single-use static
+
+ Closes #11174
+
+- scripts/singleuse.pl: add more API calls
+
+Christian Hesse (23 May 2023)
+
+- configure: quote the assignments for run-compiler
+
+ Building for multilib failed, as the compiler command contains an
+ extra argument. That needs quoting.
+
+ Regression from b78ca50cb3dda361f9c1
+
+ Fixes #11179
+ Closes #11180
+
+Daniel Stenberg (23 May 2023)
+
+- misc: fix spelling mistakes
+
+ Reported-by: musvaage on github
+ Fixes #11171
+ Closes #11172
+
+Version 8.1.1 (23 May 2023)
+
+Daniel Stenberg (23 May 2023)
+
+- RELEASE-NOTES: synced
+
+ curl 8.1.1
+
+- THANKS: contributors from the 8.1.1 release
+
+Dan Fandrich (22 May 2023)
+
+- docs: fix fuzzing documentation link
+
+ Follow-up to 4c712a1b
+
+- CI: add an Alpine build with MUSL
+
+ MUSL is another libc implementation which has its own unique issues
+ worth testing.
+
+ Ref: #11140
+ Closes #11178
+
+- runtests: add a missing \n at the end of a log message
+
+correctmost on github (22 May 2023)
+
+- SECURITY-PROCESS.md: link security advisory doc and fix typo
+
+ Closes #11177
+
+Daniel Stenberg (22 May 2023)
+
+- TODO: build curl with Windows Unicode support
+
+ Closes #7229
+
+- KNOWN_BUGS: hyper memory-leaks
+
+ Closes #10803
+
+Stefan Eissing (22 May 2023)
+
+- http/2: unstick uploads
+
+ - refs #11157 and #11175 where uploads get stuck or lead to RST streams
+ - fixes our h2 send behaviour to continue sending in the nghttp2 session
+ as long as it wants to. This will empty our send buffer as long as
+ the remote stream/connection window allows.
+ - in case the window is exhausted, the data remaining in the send buffer
+ will wait for a WINDOW_UPDATE from the server. Which is a socket event
+ that engages our transfer loop again
+ - the problem in the issue was that we did not exhaust the window, but
+ left data in the sendbuffer and no further socket events did happen.
+ The server was just waiting for us to send more.
+ - relatedly, there was an issue fixed that closing a stream with KEEP_HOLD
+ set kept the transfer from shutting down - as it should have - leading
+ to a timeout.
+
+ Closes #11176
+
+Daniel Stenberg (21 May 2023)
+
+- workflows/macos: add a job using gcc + debug + secure transport
+
+Jay Satiro (21 May 2023)
+
+- lib: fix conversion warnings with gcc on macOS
+
+Daniel Stenberg (21 May 2023)
+
+- sectransp.c: make the code c89 compatible
+
+ Follow-up to dd2bb485521c2ec713001b3a
+
+ Reported-by: FeignClaims on github
+ Fixes #11155
+ Closes #11159
+
+Emanuele Torre (21 May 2023)
+
+- Revert "urlapi: respect CURLU_ALLOW_SPACE and CURLU_NO_AUTHORITY for redirect
+ s"
+
+ This reverts commit df6c2f7b544f1f35f2a3e0be11f345affeb6fe9c.
+ (It only keep the test case that checks redirection to an absolute URL
+ without hostname and CURLU_NO_AUTHORITY).
+
+ I originally wanted to make CURLU_ALLOW_SPACE accept spaces in the
+ hostname only because I thought
+ curl_url_set(CURLUPART_URL, CURLU_ALLOW_SPACE) was already accepting
+ them, and they were only not being accepted in the hostname when
+ curl_url_set(CURLUPART_URL) was used for a redirection.
+
+ That is not actually the case, urlapi never accepted hostnames with
+ spaces, and a hostname with a space in it never makes sense.
+ I probably misread the output of my original test when I they were
+ normally accepted when using CURLU_ALLOW_SPACE, and not redirecting.
+
+ Some other URL parsers seems to allow space in the host part of the URL,
+ e.g. both python3's urllib.parse module, and Chromium's javascript URL
+ object allow spaces (chromium percent escapes the spaces with %20),
+ (they also both ignore TABs, and other whitespace characters), but those
+ URLs with spaces in the hostname are useless, neither python3's requests
+ module nor Chromium's window.location can actually use them.
+
+ There is no reason to add support for URLs with spaces in the host,
+ since it was not a inconsistency bug; let's revert that patch before it
+ makes it into release. Sorry about that.
+
+ I also reverted the extra check for CURLU_NO_AUTHORITY since that does
+ not seem to be necessary, CURLU_NO_AUTHORITY already worked for
+ redirects.
+
+ Closes #11169
+
+Dan Fandrich (20 May 2023)
+
+- runtests: use the correct fd after select
+
+ The code was using the wrong fd when determining which runner was ready
+ with a response.
+
+ Ref: #10818
+ Closes #11160
+
+- test425: fix the log directory for the upload
+
+ This must be %LOGDIR to let it work with parallel tests.
+
+ Ref: #10969
+
+- runtests: handle interrupted reads from IPC pipes
+
+ These can be interrupted by signals, especially SIGINT to shut down, and
+ must be restarted so the IPC call arrives correctly. If the read just
+ returns an error instead, the IPC calling state will go out of sync and
+ a proper shutdown won't happen.
+
+ Ref: #10818
+
+Stefan Eissing (20 May 2023)
+
+- http2: upload improvements
+
+ Make send buffer smaller to have progress and "upload done" reporting
+ closer to reality. Fix handling of send "drain" condition to no longer
+ trigger once the transfer loop reports it is done sending. Also do not
+ trigger the send "drain" on RST streams.
+
+ Background:
+ - a upload stall was reported in #11157 that timed out
+ - test_07_33a reproduces a problem with such a stall if the
+ server 404s the request and RSTs the stream.
+ - test_07_33b verifies a successful PUT, using the parameters
+ from #11157 and checks success
+
+ Ref: #11157
+ Closes #11165
+
+- http2: increase stream window size to 10 MB
+
+ Reported-by: pandada8 on github
+
+ Fixes #11162
+ Closes #11167
+
+Daniel Stenberg (20 May 2023)
+
+- lib: rename struct 'http_req' to 'httpreq'
+
+ Because FreeBSD 14 kidnapped the name.
+ Ref: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271526
+
+ Fixes #11163
+ Closes #11164
+
+Viktor Szakats (20 May 2023)
+
+- cmake: avoid `list(PREPEND)` for compatibility
+
+ `list(PREPEND)` requires CMake v3.15, our minimum is v3.7.
+
+ Ref: https://cmake.org/cmake/help/latest/command/list.html#prepend
+
+ Regression from 1e3319a167d2f32d295603167486e9e88af9bb4e
+
+ Reported-by: Keitagit-kun on Github
+ Fixes #11141
+ Closes #11144
+
+Daniel Stenberg (19 May 2023)
+
+- RELEASE-NOTES: synced
+
+Stefan Eissing (19 May 2023)
+
+- ngtcp2: proper handling of uint64_t when adjusting send buffer
+
+ Fixes #11149
+ Closes #11153
+
+- ngtcp2: fix compiler warning about possible null-deref
+
+ - compiler analyzer did not include the call context for this
+ static function where the condition had already been checked.
+ - eleminating the problem by making stream a call parameter
+
+ Fixes #11147
+ Closes #11151
+
+Emanuele Torre (19 May 2023)
+
+- docs: document that curl_url_cleanup(NULL) is a safe no-op
+
+ This has always been the case, but it was not documented.
+
+ The paragraph was copied verbatim from curl_easy_cleanup.3
+
+ Closes #11150
+
+Antoine Pitrou (19 May 2023)
+
+- select: avoid returning an error on EINTR from select() or poll()
+
+ This was already done for the poll() and select() calls
+ made directly from Curl_poll(), but was missed in
+ Curl_wait_ms(), which is called when there are no fds
+ to wait on.
+
+ Fixes #11135
+ Closes #11143
+
+Daniel Stenberg (19 May 2023)
+
+- vquic.c: make recvfrom_packets static, avoid compiler warning
+
+ warning: no previous prototype for 'recvfrom_packets'
+
+ Reported-by: Keitagit-kun on github
+ Fixes #11146
+ Closes #11148
+
+- urlapi: allow numerical parts in the host name
+
+ It can only be an IPv4 address if all parts are all digits and no more than
+ four parts, otherwise it is a host name. Even slightly wrong IPv4 will now be
+ passed through as a host name.
+
+ Regression from 17a15d88467 shipped in 8.1.0
+
+ Extended test 1560 accordingly.
+
+ Reported-by: Pavel Kalyugin
+ Fixes #11129
+ Closes #11131
+
+Emilio Cobos Álvarez (19 May 2023)
+
+- http2: double http request parser max line length
+
+ This works around #11138, by doubling the limit, and should be a
+ relatively safe fix.
+
+ Ideally the buffer would grow as needed and there would be no need for a
+ limit? But that might be follow-up material.
+
+ Fixes #11138
+ Closes #11139
+
+Emanuele Torre (18 May 2023)
+
+- configure: fix --help alignment
+
+ AC_ARG_ENABLE seems to only trim off whitespace from the start and end
+ of its help-string argument, while prepending two spaces of indentation
+ to all lines.
+
+ This means that the two spaces of indentation between the --enable-rtsp
+ and the --disable-rtsp line were not removed causing ./configure --help
+ to print:
+
+ Optional Features:
+ [...]
+ --enable-rtsp Enable RTSP support
+ --disable-rtsp Disable RTSP support
+
+ I removed the indentation to fix the issue, now it prints:
+
+ Optional Features:
+ [...]
+ --enable-rtsp Enable RTSP support
+ --disable-rtsp Disable RTSP support
+
+ The --enable-hsts and --disable-hsts lines had the same problems, and
+ have been fixed too.
+
+ Closes #11142
+
+Deal(一线灵) (18 May 2023)
+
+- cmake: repair cross compiling
+
+ It cannot *run* code for testing purposes when cross-compiling.
+
+ Closes #11130
+
+Daniel Stenberg (18 May 2023)
+
+- configure: generate a script to run the compiler
+
+ in the CURL_RUN_IFELSE macro, with LD_LIBRARY_PATH set to the value of
+ the configure invoke, and not the value that might be used later,
+ intended for the execution of the output the compiler ouputs.
+
+ For example when the compiler uses the same library (like libz) that
+ configure checks for.
+
+ Reported-by: Jonas Bülow
+ Fixes #11114
+ Closes #11120
+
+Stefan Eissing (18 May 2023)
+
+- cf-socket: completely remove the disabled USE_RECV_BEFORE_SEND_WORKAROUND
+
+ Closes #11118
+
+Emanuele Torre (18 May 2023)
+
+- urlapi: respect CURLU_ALLOW_SPACE and CURLU_NO_AUTHORITY for redirects
+
+ curl_url_set(uh, CURLUPART_URL, redirurl, flags) was not respecing
+ CURLU_ALLOW_SPACE and CURLU_NO_AUTHORITY in the host part of redirurl
+ when redirecting to an absolute URL.
+
+ Closes #11136
+
+Colin Cross (18 May 2023)
+
+- hostip: move easy_lock.h include above curl_memory.h
+
+ Similar to #9561, move easy_lock.h above curl_memory.h to fix building
+ against musl libc.
+
+ Closes #11140
+
+Hind Montassif (18 May 2023)
+
+- curl_easy_getinfo: clarify on return data types
+
+ Closes #11126
+
+Emanuele Torre (18 May 2023)
+
+- checksrc: disallow spaces before labels
+
+ Out of 415 labels throughout the code base, 86 of those labels were
+ not at the start of the line. Which means labels always at the start of
+ the line is the favoured style overall with 329 instances.
+
+ Out of the 86 labels not at the start of the line:
+ * 75 were indented with the same indentation level of the following line
+ * 8 were indented with exactly one space
+ * 2 were indented with one fewer indentation level then the following
+ line
+ * 1 was indented with the indentation level of the following line minus
+ three space (probably unintentional)
+
+ Co-Authored-By: Viktor Szakats
+
+ Closes #11134
+
+Daniel Stenberg (18 May 2023)
+
+- cookie: update the comment on cookie length and size limits
+
+ To refer to the proper cookie RFC and the upcoming RFC refresh.
+
+ Closes #11127
+
+- url: provide better error message when URLs fail to parse
+
+ By providing the URL API error message into the error message.
+
+ Ref: #11129
+ Closes #11137
+
+- RELEASE-NOTES: synced
+
+ bumped to 8.1.1
+
+Jon Rumsey (18 May 2023)
+
+- os400: update chkstrings.c
+
+ Compensate changes for recent changes to urldata.h to reclassify
+ STRING_AWS_SIGV4.
+
+ Fixes #11132
+ Closes #11133
+
+Version 8.1.0 (17 May 2023)
+
+Daniel Stenberg (17 May 2023)
+
+- RELEASE-NOTES: synced
+
+- THANKS: contributors from the 8.1.0 release
+
+- hostip: include easy_lock.h before using GLOBAL_INIT_IS_THREADSAFE
+
+ Since that header file is the only place that define can be defined.
+
+ Reported-by: Marc Deslauriers
+
+ Follow-up to 13718030ad4b3209
+
+ Closes #11121
+
+Thomas Taylor (16 May 2023)
+
+- aws-sigv4.d: fix region identifier in example
+
+ Closes #11117
+
+Philip Heiduck (15 May 2023)
+
+- mlc_config.json: remove this linkcheck CI job config file
+
+ Closes #11113
+
+Daniel Silverstone (15 May 2023)
+
+- ssh: Add support for libssh2 read timeout
+
+ Hook the new (1.11.0 or newer) libssh2 support for setting a read timeout
+ into the SERVER_RESPONSE_TIMEOUT option. With this done, clients can use
+ the standard curl response timeout setting to also control the time that
+ libssh2 will wait for packets from a slow server. This is necessary to
+ enable use of very slow SFTP servers.
+
+ Signed-off-by: Daniel Silverstone <daniel.silverstone@codethink.co.uk>
+
+ Closes #10965
+
+Osama Albahrani (14 May 2023)
+
+- GIT-INFO: add --with-openssl
+
+ Closes #11110
+
+Daniel Stenberg (13 May 2023)
+
+- RELEASE-NOTES: synced
+
+Marcel Raad (13 May 2023)
+
+- md(4|5): don't use deprecated iOS functions
+
+ They are marked as deprecated in iOS 13.0, which might result in
+ warnings-as-errors.
+
+ Also, use `*_MIN_REQUIRED` instead of `*_MIN_ALLOWED`, which seems to
+ be what's currently used.
+
+ Bug: https://github.com/curl/curl/issues/11098
+ Closes https://github.com/curl/curl/pull/11102
+
+- md4: only build when used
+
+ Its only usage in curl_ntlm_core.c is guarded by `USE_CURL_NTLM_CORE`,
+ so let's use this here too.
+
+ Ref: https://github.com/curl/curl/issues/11098
+ Closes https://github.com/curl/curl/pull/11102
+
+Vítor Galvão (12 May 2023)
+
+- write-out.d: Use response_code in example
+
+ Closes #11107
+
+Shohei Maeda (12 May 2023)
+
+- url: fix null dispname for --connect-to option
+
+ Closes #11106
+
+Daniel Stenberg (12 May 2023)
+
+- test2306: verify getting a second response with folded headers
+
+ Reproduces the isue #11101 and verifies the fix.
+
+ Verifies a17b2a503f
+
+- headers: clear (possibly) lingering pointer in init
+
+ The "prevhead" pointer is used for the headers storage but was not
+ cleared correctly in init, which made it possible to act up when a
+ handle is reused.
+
+ Reported-by: Steve Herrell
+ Fixes #11101
+ Closes #11103
+
+- RELEASE-NOTES: synced
+
+- ngtcp2: use 0.15.0
+
+ - nghttp3 0.11.0
+ - nghttp2 1.53.0
+
+ Adapt to new API calls
+
+ Closes #11031
+
+Jay Satiro (10 May 2023)
+
+- openssl: fix indent
+
+Daniel Stenberg (10 May 2023)
+
+- CURLOPT_DNS_CACHE_TIMEOUT.3: fix spelling
+
+ Follow-up to 9ed7d56e044f5aa1b29
+
+ Closes #11096
+
+- hostip: use time_t for storing oldest DNS entry
+
+ Theoretically, the oldest time could overflow an int. In practice that
+ won't happen, but let's do this to please analyzers.
+
+ Follow-up to 9ed7d56e044f5aa1b2928ccde6245d0
+
+ Pointed out by Coverity.
+ Closes #11094
+
+- http: free the url before storing a new copy
+
+ To avoid a memory-leak.
+
+ Reported-by: Hiroki Kurosawa
+
+ Closes #11093
+
+- compressed.d: clarify the words on "not notifying headers"
+
+ Reported-by: Dylan Anthony
+ Fixes #11091
+ Closes #11092
+
+- libssh2: free fingerprint better
+
+ Reported-by: Wei Chong Tan
+ Closes #11088
+
+- CURLOPT_IPRESOLVE.3: clarify that this for host names, not IP addresses
+
+ Reported-by: Harry Sintonen
+ Closes #11087
+
+- hostip: enforce a maximum DNS cache size independent of timeout value
+
+ To reduce the damage an application can cause if using -1 or other
+ ridiculous timeout values and letting the cache live long times.
+
+ The maximum number of entries in the DNS cache is now totally
+ arbitrarily and hard-coded set to 29999.
+
+ Closes #11084
+
+- hostip: store dns timeout as 'int'
+
+ ... because it set and held as an 'int' elsewhere and can never be
+ larger.
+
+- RELEASE-NOTES: synced
+
+- tool_operate: refuse (--data or --form) and --continue-at combo
+
+ libcurl assumes that a --continue-at resumption is done to continue an
+ upload using the read callback and neither --data nor --form use
+ that and thus won't do what the user wants. Whatever the user wants
+ with this strange combination.
+
+ Add test 426 to verify.
+
+ Reported-by: Smackd0wn on github
+ Fixes #11081
+ Closes #11083
+
+- transfer: refuse POSTFIELDS + RESUME_FROM combo
+
+ The code assumes that such a resume is wanting to continue an upload
+ using the read callback, and since POSTFIELDS is done without callback
+ libcurl will just misbehave.
+
+ This combo will make the transfer fail with CURLE_BAD_FUNCTION_ARGUMENT
+ with an explanation in the error message.
+
+ Reported-by: Smackd0wn on github
+ Fixes #11081
+ Closes #11083
+
+- ipv4.d/ipv6.d: they are "mutex", not "boolean"
+
+ ... which for example means they do not have --no-* versions.
+
+ Reported-by: Harry Sintonen
+ Fixes #11085
+ Closes #11086
+
+- docs/SECURITY-ADVISORY.md: how to write a curl security advisory
+
+ Closes #11080
+
+nobedee on github (5 May 2023)
+
+- MANUAL.md: add dict example for looking up a single definition
+
+ Closes #11077
+
+Dan Fandrich (5 May 2023)
+
+- runtests: fix -c option when run with valgrind
+
+ The curl binary argument wasn't being quoted properly. This seems to
+ have broken at some point after quoting was added in commit 606b29fe.
+
+ Reported-by: Daniel Stenberg
+ Ref: #11073
+ Fixes #11074
+ Closes #11076
+
+- runtests: support creating more than one runner process
+
+ The controller currently only creates and uses one, but more are now
+ possible.
+
+ Ref: #10818
+
+- runtests: spawn a new process for the test runner
+
+ When the -j option is given, a new process is spawned in which the test
+ programs are run and from which test servers are started. Only one
+ process can be started at once, but this is sufficient to test that the
+ infrastructure can isolate those functions in a new task. There should
+ be no visible difference between the two modes at the moment.
+
+ Ref: #10818
+ Closes #11064
+
+- runtests: turn singletest() into a state machine
+
+ This allows it to run in a non-blocking manner.
+
+ Ref: #10818
+
+- runtests: change runner interface to be asynchronous
+
+ Program arguments are marshalled and then written to the end of a pipe
+ which is later read from and the arguments unmarshalled before the
+ desired function is called normally. The function return values are
+ then marshalled and written into another pipe when is later read from
+ and unmarshalled before being returned to the caller.
+
+ The implementation is currently blocking but can be made non-blocking
+ without any changes to the API. This allows calling multiple runners
+ without blocking in the future.
+
+ Ref: #10818
+
+- runtests: call citest_finishtest in singletest
+
+ This is where citest_starttest is called.
+
+ Ref: #10818
+
+- runtests: add a runner initialization function
+
+ This sets up the runner environment to start running tests.
+
+ Ref: #10818
+
+- runtests: remove directory from server filename variables
+
+ There will soon be multiple log directories so the paths will no longer
+ be static in runtests.pl. Also, get rid of $SERVER2IN which was not
+ used.
+
+ Ref: #10818
+
+- runtests: reduce package exports after refactoring
+
+ Some recent refactoring made these export no longer necessary. Also,
+ stop displaying the Unix socket paths at startup since there will soon
+ be many of them and they're not that interesting.
+
+ Ref: #10818
+
+- runtests: use a function to obtain $LOGDIR for a test
+
+ This will no longer be static soon.
+
+ Ref: #10818
+
+Jay Satiro (5 May 2023)
+
+- tool_cb_hdr: Fix 'Location:' formatting for early VTE terminals
+
+ - Disable hyperlink formatting for the 'Location:' header value in VTE
+ 0.48.1 and earlier, since it is buggy in some of those versions.
+
+ Prior to this change those terminals may show the location header value
+ as gibberish or show it twice.
+
+ Ref: https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3cb5feda#backw
+ ard-compatibility
+
+ Fixes https://github.com/curl/curl/issues/10428
+ Closes https://github.com/curl/curl/pull/11071
+
+François Michel (3 May 2023)
+
+- quiche: disable pacing while pacing is not actually performed
+
+ Closes #11068
+
+Daniel Stenberg (2 May 2023)
+
+- easy_cleanup: require a "good" handle to act
+
+ By insisting that the passed in handle is "good" (the magic number is
+ intact), this can limit the potential damage if a bad pointer is passed
+ in. Like when this function is called twice on the same handle pointer.
+
+ Ref: #10964
+ Closes #11061
+
+Andreas Falkenhahn (1 May 2023)
+
+- amiga: Fix CA certificate paths for AmiSSL and MorphOS
+
+ AmiSSL stores certificates in `AmiSSL:Certs` and MorphOS stores them in
+ `MOSSYS:Data/SSL/curl-ca-bundle.crt`.
+
+ Closes https://github.com/curl/curl/pull/11059
+
+Daniel Stenberg (30 Apr 2023)
+
+- http2: (void)-mark when we explicitly ignore the return code
+
+ When h2_progress_egress() is called. Pointed out by Coverity.
+
+ Closes #11057
+
+- checksrc: find bad indentation in conditions without open brace
+
+ If the previous line starts with if/while/for AND ends with a closed
+ parenthesis and there's an equal number of open and closed parentheses
+ on that line, verify that this line is indented $indent more steps, if
+ not a cpp line.
+
+ Also adjust the fall-out from this fix.
+
+ Closes #11054
+
+Diogo Teles Sant'Anna (28 Apr 2023)
+
+- CI: Set minimal permissions on workflow ngtcp2-quictls.yml
+
+ Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
+
+ Closes #11055
+
+Dan Fandrich (28 Apr 2023)
+
+- CI: use another glob syntax for matching files on Appveyor
+
+ The previous globbing syntax was not matching files recursively in
+ directories, so try appending a /* to more closely match the examples at
+ https://www.appveyor.com/docs/how-to/filtering-commits/
+
+Daniel Stenberg (28 Apr 2023)
+
+- multi: add multi-ignore logic to multi_socket_action
+
+ The multi-ignore logic that was previously applied to
+ curl_multi_perform() (#10750) is here applied to the loop within
+ curl_multi_socket_action() to make it use the same optimization: most
+ handles have the same signal-ignore option state so this drastically
+ reduces the number of ignore/unignore calls per libcurl function invoke.
+
+ Follow-up to bc90308328afb8
+
+ Closes #11045
+
+Stefan Eissing (28 Apr 2023)
+
+- http2: do flow window accounting for cancelled streams
+
+ - nghttp2 does not free connection level window flow for
+ aborted streams
+ - when closing transfers, make sure that any buffered
+ response data is "given back" to the flow control window
+ - add tests test_02_22 and test_02_23 to reproduce
+
+ Closes #11052
+
+- pingpong: fix compiler warning "assigning an enum to unsigned char"
+
+ Closes #11050
+
+Daniel Stenberg (28 Apr 2023)
+
+- configure: fix detection of apxs (for httpd)
+
+ The condition check was turned the wrong way around!
+
+ Closes #11051
+
+Viktor Szakats (28 Apr 2023)
+
+- ci: `-Wno-vla` no longer necessary
+
+ We handle this issue in the source now.
+
+ Follow-up to b725fe1944b45406676ea3aff333ae3085a848d9
+
+ Reviewed-by: Marcel Raad
+ Reviewed-by: Daniel Stenberg
+ Closes #11048
+
+Marcel Raad (28 Apr 2023)
+
+- tests/http: make curl_setup.h the first include
+
+ This is required for the macros there to take effect for system
+ libraries. Specifically, including the system libraries first led to
+ warnings about `_FILE_OFFSET_BITS` being redefined in curl_config.h on
+ the Solaris autobuilds for ws-data.c and ws-pingpong.c.
+ Also make the curl includes come first for the other source files here
+ for consistency.
+
+ Closes https://github.com/curl/curl/pull/11046
+
+Emanuele Torre (27 Apr 2023)
+
+- checksrc: check for spaces before the colon of switch labels
+
+ Closes #11047
+
+Daniel Stenberg (27 Apr 2023)
+
+- RELEASE-NOTES: synced
+
+- libssh: tell it to use SFTP non-blocking
+
+ Reported-by: Andreas Huebner
+ Fixes #11020
+ Closes #11039
+
+Stefan Eissing (27 Apr 2023)
+
+- http2: enlarge the connection window
+
+ - fixes stalled connections
+
+ - Make the connection window large enough, so that there is
+ some room left should 99/100 streams be PAUSED by the application
+
+ Reported-by: Paweł Wegner
+ Fixes #10988
+ Closes #11043
+
+Daniel Stenberg (27 Apr 2023)
+
+- checksrc: fix SPACEBEFOREPAREN for conditions starting with "*"
+
+ The open paren check wants to warn for spaces before open parenthesis
+ for if/while/for but also for any function call. In order to avoid
+ catching function pointer declarations, the logic allows a space if the
+ first character after the open parenthesis is an asterisk.
+
+ I also spotted what we did not include "switch" in the check but we should.
+
+ This check is a little lame, but we reduce this problem by not allowing
+ that space for if/while/for/switch.
+
+ Reported-by: Emanuele Torre
+ Closes #11044
+
+- docs: minor polish
+
+ - "an HTTP*" (not "a")
+ - remove a few contractions
+ - remove a spurious "a"
+ - reduce use of "I" in texts
+
+ Closes #11040
+
+- ws: fix CONT opcode check
+
+ Detected by Coverity. Follow-up to 930c00c259
+
+ Closes #11037
+
+Dan Fandrich (27 Apr 2023)
+
+- CI: switch the awslc builds to build out-of-tree
+
+ This is a common configuration that should be tested to avoid
+ regressions. The awsls cmake build was already out-of-tree so the
+ automake build now joins it.
+
+ Ref: #11006
+
+- tests/http: fix out-of-tree builds
+
+ Add both lib/ directories (src & build) to the search path so
+ curl_setup.h and its dependencies can be found.
+
+ Followup-to acd82c8b
+
+ Ref: #11006
+ Closes #11036
+
+Daniel Stenberg (27 Apr 2023)
+
+- urlapi: make internal function start with Curl_
+
+ Curl_url_set_authority() it is.
+
+ Follow-up to acd82c8bfd
+
+ Closes #11035
+
+YX Hao (26 Apr 2023)
+
+- cf-socket: turn off IPV6_V6ONLY on Windows if it is supported
+
+ IPV6_V6ONLY refs:
+ https://en.wikipedia.org/wiki/IPv6#IPv4-mapped_IPv6_addresses
+ https://github.com/golang/go/blob/master/src/net/ipsock_posix.go
+ https://en.wikipedia.org/wiki/Unix-like
+ https://learn.microsoft.com/en-us/windows/win32/winsock/ipproto-ipv6-socket-o
+ ptions
+
+ default value refs:
+ https://datatracker.ietf.org/doc/html/rfc3493#section-5.3
+ https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html#proc-sys-net
+ -ipv6-variables
+
+ Closes #10975
+
+Daniel Stenberg (26 Apr 2023)
+
+- urldata: shrink *select_bits int => unsigned char
+
+ - dselect_bits
+ - cselect_bits
+
+ ... are using less than 8 bits. Changed types and moved them towards
+ the end of the structs to fit better.
+
+ Closes #11025
+
+Stefan Eissing (26 Apr 2023)
+
+- tests/http: more tests with specific clients
+
+ - Makefile support for building test specific clients in tests/http/clients
+ - auto-make of clients when invoking pytest
+ - added test_09_02 for server PUSH_PROMISEs using clients/h2-serverpush
+ - added test_02_21 for lib based downloads and pausing/unpausing transfers
+
+ curl url parser:
+ - added internal method `curl_url_set_authority()` for setting the
+ authority part of a url (used for PUSH_PROMISE)
+
+ http2:
+ - made logging of PUSH_PROMISE handling nicer
+
+ Placing python test requirements in requirements.txt files
+ - separate files to base test suite and http tests since use
+ and module lists differ
+ - using the files in the gh workflows
+
+ websocket test cases, fixes for we and bufq
+ - bufq: account for spare chunks in space calculation
+ - bufq: reset chunks that are skipped empty
+ - ws: correctly encode frames with 126 bytes payload
+ - ws: update frame meta information on first call of collect
+ callback that fills user buffer
+ - test client ws-data: some test/reporting improvements
+
+ Closes #11006
+
+Jay Satiro (26 Apr 2023)
+
+- libssh2: fix crash in keyboard callback
+
+ - Always set the libssh2 'abstract' user-pointer to the libcurl easy
+ handle associated with the ssh session, so it is always passed to the
+ ssh keyboard callback.
+
+ Prior to this change and since 8b5f100 (precedes curl 8.0.0), if libcurl
+ was built without CURL_DEBUG then it could crash during the ssh auth
+ phase due to a null dereference in the ssh keyboard callback.
+
+ Reported-by: Andreas Falkenhahn
+
+ Fixes https://github.com/curl/curl/pull/11024
+ Closes https://github.com/curl/curl/pull/11026
+
+Daniel Stenberg (26 Apr 2023)
+
+- docs: clarify that more backends have HTTPS proxy support
+
+ Closes #11033
+
+- KNOWN_BUGS: remove two not-bugs
+
+ - 11.7 signal-based resolver timeouts
+
+ Not considered a bug anymore but just implementation details. People
+ should avoid using timeouts with the synchronous name resolver.
+
+ - 11.16 libcurl uses renames instead of locking for atomic operations
+
+ Not a bug, just a description of how it works
+
+ Closes #11032
+
+Harry Sintonen (26 Apr 2023)
+
+- hostip: add locks around use of global buffer for alarm()
+
+ When building with the sync name resolver and timeout ability we now
+ require thread-safety to be present to enable it.
+
+ Closes #11030
+
+Daniel Stenberg (26 Apr 2023)
+
+- curl_path: bring back support for SFTP path ending in /~
+
+ libcurl used to do a directory listing for this case (even though the
+ documentation says a URL needs to end in a slash for this), but
+ 4e2b52b5f7a3 modified the behavior.
+
+ This change brings back a directory listing for SFTP paths that are
+ specified exactly as /~ in the URL.
+
+ Reported-by: Pavel Mayorov
+ Fixes #11001
+ Closes #11023
+
+Emanuele Torre (26 Apr 2023)
+
+- docs/libcurl/curl_*escape.3: rename "url" argument to "input"/"string"
+
+ Also reword the DESCRIPTION section to mention "input"/"string" argument
+ in bold.
+
+ Closes #11027
+
+- docs/libcurl: minor cleanups
+
+ I was reading curl_unescape(3) and I noticed that there was an extra
+ space after the open parenthesis in the SYNOPSIS; I removed the extra
+ space.
+
+ I also ran a few grep -r commands to find and remove extra spaces
+ after '(' in other files, and to find and replace uses of `T*' instead
+ of `T *'. Some of the instances of `T*` where unnecessary casts that I
+ removed.
+
+ I also fixed a comment that was misaligned in CURLMOPT_SOCKETFUNCTION.3.
+
+ And I fixed some formatting inconsistencies: in curl_unescape(3), all
+ function parameter were mentioned with bold text except length, that was
+ mentioned as 'length'; and, in curl_easy_unescape(3), all parameters
+ were mentioned in bold text except url that was italicised. Now they are
+ all mentioned in bold.
+ Documentation is not very consistent in how function parameter are
+ formatted: many pages italicise them, and others display them in bold
+ text; but I think it makes sense to at least be consistent with
+ formatting within the same page.
+
+ Closes #11027
+
+Daniel Stenberg (26 Apr 2023)
+
+- man pages: simplify the .TH sections
+
+ - remove the version numbers
+ - simplify the texts
+
+ The date and version number will be put there for releases when maketgz
+ runs the updatemanpages.pl script.
+
+ Closes #11029
+
+- hostcheck: fix host name wildcard checking
+
+ The leftmost "label" of the host name can now only match against single
+ '*'. Like the browsers have worked for a long time.
+
+ - extended unit test 1397 for this
+ - move some SOURCE variables from unit/Makefile.am to unit/Makefile.inc
+
+ Reported-by: Hiroki Kurosawa
+ Closes #11018
+
+Dan Fandrich (25 Apr 2023)
+
+- smbserver: remove temporary files before exit
+
+ Each execution of test 1451 would leave a file in /tmp before. Since
+ Windows can't delete a file while it's open, all the temporary file
+ names are stored and deleted on exit.
+
+ Closes #10990
+
+Stefan Eissing (25 Apr 2023)
+
+- Websocket en-/decoding
+
+ - state is fully kept at connection, since curl_ws_send() and
+ curl_ws_rec() have lifetime beyond usual transfers
+ - no more limit on frame sizes
+
+ Reported-by: simplerobot on github
+ Fixes #10962
+ Closes #10999
+
+Patrick Monnerat (25 Apr 2023)
+
+- urldata: copy CURLOPT_AWS_SIGV4 value on handle duplication
+
+ Prior to this change STRING_AWS_SIGV4 (CURLOPT_AWS_SIGV4) was wrongly
+ marked as binary data that could not be duplicated.
+
+ Without this fix, this option's value is not copied upon calling
+ curl_easy_duphandle().
+
+ Closes https://github.com/curl/curl/pull/11021
+
+Stefan Eissing (25 Apr 2023)
+
+- http3: expire unpaused transfers in all HTTP/3 backends
+
+ Closes #11005
+
+- http2: always EXPIRE_RUN_NOW unpaused http/2 transfers
+
+ - just increasing the http/2 flow window does not necessarily
+ make a server send new data. It may already have exhausted
+ the window before
+
+ Closes #11005
+
+- http2: pass `stream` to http2_handle_stream_close to avoid NULL checks
+
+ Closes #11005
+
+- h2/h3: replace `state.drain` counter with `state.dselect_bits`
+
+ - `drain` was used by http/2 and http/3 implementations to indicate
+ that the transfer requires send/recv independant from its socket
+ poll state. Intended as a counter, it was used as bool flag only.
+ - a similar mechanism exists on `connectdata->cselect_bits` where
+ specific protocols can indicate something similar, only for the
+ whole connection.
+ - `cselect_bits` are cleard in transfer.c on use and, importantly,
+ also set when the transfer loop expended its `maxloops` tries.
+ `drain` was not cleared by transfer and the http2/3 implementations
+ had to take care of that.
+ - `dselect_bits` is cleared *and* set by the transfer loop. http2/3
+ does no longer clear it, only set when new events happen.
+
+ This change unifies the handling of socket poll overrides, extending
+ `cselect_bits` by a easy handle specific value and a common treatment in
+ transfers.
+
+ Closes #11005
+
+Daniel Stenberg (25 Apr 2023)
+
+- socketpair: verify with a random value
+
+ ... instead of using the curl time struct, since it would use a few
+ uninitialized bytes and the sanitizers would complain. This is a neater
+ approach I think.
+
+ Reported-by: Boris Kuschel
+ Fixes #10993
+ Closes #11015
+
+Stefan Eissing (25 Apr 2023)
+
+- HTTP3: document the ngtcp2/nghttp3 versions to use for building curl
+
+ - refs #11011 to clarify this for people building curl themselves
+
+ Closes #11019
+
+Daniel Stenberg (25 Apr 2023)
+
+- lib: unify the upload/method handling
+
+ By making sure we set state.upload based on the set.method value and not
+ independently as set.upload, we reduce confusion and mixup risks, both
+ internally and externally.
+
+ Closes #11017
+
+- RELEASE-NOTES: synced
+
+Dan Fandrich (24 Apr 2023)
+
+- CI: don't run CI jobs if only another CI was changed
+
+ A few paths were missed in the last commit, as well as a job added since
+ then.
+
+ Followup-to 395b9175
+
+- CI: adjust labeler match patterns
+
+- runtests: support buffering log messages in runner & servers
+
+ Log messages generated with logmsg can now be buffered and returned from
+ the runner as a return value. This will be needed with parallel testing
+ to allow all messages for one test to be displayed together instead of
+ interspersed with messages of multiple tests. Buffering can be disabled
+ by setting a logging callback function with setlogfunc, which is
+ currently being done to preserve existing logging behaviour for now.
+
+ Some additional output is generated in verbose and debugprotocol modes,
+ which don't always use logmsg. These modes also impact some servers
+ which generate extra messages. No attempt is made to buffer everything
+ if these modes are enabled.
+
+ Ref: #10818
+ Closes #11016
+
+- runtests: more consistently use logmsg in server control code
+
+ Also, display an error when sshversioninfo returns one.
+
+ Ref: #10818
+
+- runtests: create runner functions for clearlocks and stopservers
+
+ runtests.pl now uses runner for all server actions beyond the initial
+ variable configuration.
+
+ Ref: #10818
+
+- runtests: tightened servers package exports
+
+ The defaults are intended for runtests.pl, whereas runner.pm needs to
+ explicitly specify them.
+
+- runtests: display logs on server failure in singletest()
+
+ This is closer to the place where logs are displayed on test failure.
+ Also, only display these logs if -p is given, which is the same flag
+ that controls display of test failure logs. Some server log files
+ need to be deleted later so that they stay around long enough to be
+ displayed on failure.
+
+ Ref: #10818
+
+- runtests: turn a print into a logmsg
+
+ Also enable another couple of useful messages in verbose mode.
+
+ Ref: #10818
+
+Daniel Stenberg (24 Apr 2023)
+
+- http: store the password in the correct variable
+
+ Typo from fc2f1e547a4a, detected by Coverity (because there's dead code
+ due to this).
+
+ Closes #11002
+
+Stefan Eissing (24 Apr 2023)
+
+- HTTP3/quiche: terminate h1 response header when no body is sent
+
+ - fixes a failure in test2501 where a response without body was missing
+ the final empty line
+
+ Closes #11003
+
+Dan Fandrich (22 Apr 2023)
+
+- runtests: move showdiff into runtests.pl
+
+ It's not used anywhere else.
+
+- devtest: add a new script for testing the test harness
+
+ This is currently useful for starting a test server on its own without
+ an associated test, which can be used for interactive curl testing or
+ for validating parts of the test harness itself. More commands can be
+ added to perform additional functions in the future.
+
+ Ref: #10818
+ Closes #11008
+
+- runtests: refactor the main test loop into two
+
+ The test loop now has an initial loop that first runs through all
+ possible tests to build a set of those to attempt on this run based on
+ features and keywords and only then goes through that new list to run
+ them. This actually makes it three loops through all tests cases, as
+ there is an existing loop that gathers possible test numbers from the
+ test files on disk.
+
+ This has two minor effects on the output: all the tests that will be
+ skipped are displayed at the start (instead of being interspersed with
+ other tests) and the -l option no longer shows a count of tests at the
+ end or a (misleading) statement that tests have run successfully. The
+ skipped tests are also omitted from the test results sent to AppVeyor
+ and Azure in CI builds.
+
+ Another effect is a reduction in the amount of work considered part of
+ the "Test definition reading and preparation time" reported with -r
+ making those figures slightly lower than before.
+
+ Ref: #10818
+
+- runtests: track only the current test timings in runner.pm
+
+ This avoids passing these data through through global variables, which
+ soon won't be possible.
+
+ Ref: #10818
+
+- runtests: skip test preprocessing when doing -l
+
+ This speeds up the output tremendously by avoiding unnecessary work.
+
+- runtests: simplify value returned regarding use of valgrind
+
+ As a side effect this will now also show in verbose mode that valgrind
+ is being skipped on tests that explicitly disable it, such as 600.
+
+ Ref: #10818
+
+- runtests: fix quoting in Appveyor and Azure test integration
+
+ Test 1442's name was not quoted correctly so wasn't registered in
+ Appveyor and it had the wrong name in Azure. The JSON string quotes were
+ also invalid, even though both servers happened to accept it regardless.
+
+ Closes #11010
+
+Daniel Stenberg (19 Apr 2023)
+
+- RELEASE-NOTES: synced
+
+Dan Fandrich (18 Apr 2023)
+
+- runtests: spread out the port numbers used by servers
+
+ The server ports are chosen randomly for each server, but the random
+ ranges chosen were inconsistently-sized and overlapping. Now, they are
+ spread out more so at least the first random port chosen for each server
+ is guaranteed to not also be chosen by another server. The starting port
+ numbers are also raised to put them in the Ephemeral Port range—not the
+ range defined by RFC 6335 but the one used by Linux, which starts lower
+ and gives us more room to work with.
+
+ Reported-by: Daniel Stenberg
+
+- runtests: fix problems on <killserver> failure
+
+ The verify time must be set in this case, like all cases. An error
+ message needs to be displayed as well.
+
+- runtests: fix perl warning when <tool> is wrong
+
+- runtests: don't try to stop stunnel before trying again
+
+ Calling stopserver() before retrying stunnel due to an error would stop
+ the dependent server (such as HTTP) meaning stunnel would have nothing
+ to talk to when it came up. Don't try to force a stop when it didn't
+ actually start. Also, don't mark the server as bad for future use when
+ it starts up on a retry.
+
+ Reported-by: eaglegai at github
+ Tested-by: eaglegai at github
+ Fixes #10976
+
+- runtests: don't accidentally randomly choose the same port
+
+ If a server couldn't be started on a port, a new one is randomly chosen
+ and the server is tried again. Avoid accidentally using a
+ randomly-chosen 0 port offset by adding 1 to the random number.
+
+ Found-by: Daniel Stenberg
+
+- runtests: don't attempt to use a port we know is in use
+
+ This reduces the startup time when there is a known conflict on the
+ random port chosen for a server. This was already done for stunnel, but
+ now it's done for all servers.
+
+- http-server: fix server name in a log message
+
+ This changed when the file was renamed in commit cbf57176
+
+- runtests: refactor into more packages
+
+ testutil.pm now contains a few miscellaneous functions that are used in
+ several places but have no better place to live. subvariables moves to
+ servers.pm since most variables that it substitutes relate to servers,
+ so this is the most appropriate place. Rename a few functions for better
+ naming consistency.
+
+ Ref: #10818
+ Closes #10995
+
+- runtests: call timestampskippedevents() in singletest
+
+ ..rather than by the runner
+
+- runtests: assume a newer Valgrind by default
+
+ The tests for an older Valgrind version should probably just be deleted,
+ given that they're testing for an 18-year-old version.
+
+- runtests: refactor test runner code into runner.pm
+
+ This is code that is directly responsible for running a single test.
+ This will eventually run in a separate process as part of the parallel
+ testing project.
+
+ Ref: #10818
+
+- runtests: skip unneeded work if test won't be running
+
+ This speeds up tests by avoiding unnecessary processing.
+
+ Ref: #10818
+
+- runtests: factor out singletest_postcheck
+
+ This will eventually need to be part of the test runner.
+
+ Ref: #10818
+
+- test303: kill server after test
+
+ Otherwise, an HTTP test closely following this one with a tight time
+ constraint (e.g. 672) could fail because the test server stays sitting
+ with the wait command for a while.
+
+Patrick Monnerat (18 Apr 2023)
+
+- OS400: provide ILE/RPG usage examples
+
+ Closes https://github.com/curl/curl/pull/10994
+
+- OS400: improve vararg emulation
+
+ - Use V7R4 RPG procedure overloading to improve vararg emulation.
+
+ From OS400 V7R4 and above, ILE/RPG implements a limited procedure
+ overloading feature that can be used to improve curl's typed
+ implementation of varargs procedures. This commit applies it to
+ curl_easy_setopt(), curl_multi_setopt(), curl_share_setopt() and
+ curl_easy_getinfo().
+
+ Closes https://github.com/curl/curl/pull/10994
+
+- OS400: fix and complete ILE/RPG binding
+
+ - Fix wrong definitions of CURL_ZERO_TERNINATED, curl_mime_data() and
+ curl_mime_data_ccsid().
+
+ - Add recent definitions, in particular blob, header API and WebSockets
+ API.
+
+ - Support for CURLVERSION_ELEVENTH.
+
+ - New functions for EBCDIC support.
+
+ Reflect these changes in README.OS400.
+
+ Closes https://github.com/curl/curl/pull/10994
+
+- OS400: implement EBCDIC support for recent features
+
+ - Support CURLVERSION_ELEVENTH.
+
+ - New function curl_url_strerror_ccsid().
+
+ - curl_easy_setopt_ccsid() supports blobs and 3 recent string options.
+
+ - New function curl_easy_header_ccsid().
+
+ - New generic latin1<-->ccsid conversion functions curl_from_ccsid() and
+ curl_to_ccsid() for user convenience.
+
+ - README.OS400 updated accordingly.
+
+ - Removed a leftover QsoSSL support identifier.
+
+ Closes https://github.com/curl/curl/pull/10994
+
+- OS400: rework build scripts
+
+ - Rename shell function "system" to "CLcommand" to avoid confusion with
+ built-in command.
+
+ - Reformat scripts. Fix some indentations. Avoid lines > 80 characters
+ where possible.
+
+ - Support ASCII runtime development files in a user-defined directory
+ path.
+
+ - FIX SONAME detection.
+
+ - Drop form API test program compilation (does not exist anymore).
+
+ Closes https://github.com/curl/curl/pull/10994
+
+Sevan Janiyan (18 Apr 2023)
+
+- tests/sshserver.pl: Define AddressFamily earlier
+
+ As the comment states "Address family must be specified before ListenAddress"
+ , otherwise the tests fail to run
+ `"failed starting SSH server" 52 times (582, 583, 600, 601, 602, 603, 604, 60
+ 5, 606 and 43 more)`
+
+ Closes #10983
+
+Stefan Eissing (18 Apr 2023)
+
+- quiche: Enable IDLE egress handling
+
+ Follow-up to 544abeea which added the handling but wrongly left it
+ commented out.
+
+ Closes https://github.com/curl/curl/pull/11000
+
+Daniel Stenberg (18 Apr 2023)
+
+- docs/examples/protofeats.c: Outputs all protocols and features
+
+ Showing off one way to get to char pointer arrays of info returned by
+ curl_version_info()
+
+ Closes #10991
+
+- tests/keywords.pl: remove
+
+ This script does not work since the introduction of the test
+ preprocessing. If we need this functionality, it probably needs to be
+ moved into the runtests tool or similar.
+
+ Reported-by: Dan Fandrich
+ Fixes #10895
+ Closes #10987
+
+Stefan Eissing (17 Apr 2023)
+
+- http2: support HTTP/2 to forward proxies, non-tunneling
+
+ - with `--proxy-http2` allow h2 ALPN negotiation to
+ forward proxies
+ - applies to http: requests against a https: proxy only,
+ as https: requests will auto-tunnel
+ - adding a HTTP/1 request parser in http1.c
+ - removed h2h3.c
+ - using new request parser in nghttp2 and all h3 backends
+ - adding test 2603 for request parser
+ - adding h2 proxy test cases to test_10_*
+
+ scorecard.py: request scoring accidentally always run curl
+ with '-v'. Removed that, expect double numbers.
+
+ labeller: added http1.* and h2-proxy sources to detection
+
+ Closes #10967
+
+Daniel Stenberg (17 Apr 2023)
+
+- curl_easy_unescape.3: rename the argument
+
+ and highlight it appropriately in the text.
+
+ Closes #10979
+
+Viktor Szakats (17 Apr 2023)
+
+- autotools: sync up clang picky warnings with cmake
+
+ Bringing missing options over from CMake.
+
+ Move around existing `-Wno-pointer-bool-conversion` option to come
+ _after_ `-Wconversion`.
+
+ Reviewed-by: Marcel Raad
+ Closes #10974
+
+Daniel Stenberg (17 Apr 2023)
+
+- tests/libtest/lib1900.c: remove
+
+ This file was left behind when the rest of the test was previously removed.
+
+ Follow-up to e50a877df74f
+
+- src/tool_operhlp.c: fix value stored to 'uerr' is never read
+
+ Ref: https://github.com/curl/curl/pull/10974#issuecomment-1510461343
+ Reported-by: Viktor Szakats
+ Closes #10982
+
+Viktor Szakats (16 Apr 2023)
+
+- cmake: speed up and extend picky clang/gcc options
+
+ Extend existing picky compiler options with ones missing compared to
+ autotools builds. Also sync options between clang and gcc.
+
+ Redesign the way we enable these options to avoid the slow option
+ detection almost completely.
+
+ This reduces the number of detections from 35 to zero for clang and
+ 3 for gcc, even after adding a bunch of new options.
+
+ clang 3.0 (2011-11-29) and gcc 2.95 (1999-07-31) now required.
+
+ Also show enabled picky options.
+
+ Ref: https://github.com/libssh2/libssh2/pull/952
+
+ Reviewed-by: Daniel Stenberg
+ Closes #10973
+
+Andreas Falkenhahn (16 Apr 2023)
+
+- nbtlm: use semicolons instead of commas for (void) args
+
+ Closes #10978
+
+Daniel Stenberg (15 Apr 2023)
+
+- multi: free up more data earleier in DONE
+
+ Before checking for more users of the connection and possibly bailing
+ out.
+
+ Fixes #10971
+ Reported-by: Paweł Wegner
+ Closes #10972
+
+- RELEASE-NOTES: synced
+
+- curl: do NOT append file name to path for upload when there's a query
+
+ Added test 425 to verify.
+
+ Reported-by: Dirk Rosenkranz
+ Bug: https://curl.se/mail/archive-2023-04/0008.html
+ Closes #10969
+
+- libcurl-thread.3: improved name resolver wording
+
+ And make better .SH sections
+
+ Closes #10966
+
+Colman Mbuya (14 Apr 2023)
+
+- CURLOPT_PROXY_SSL_VERIFYPEER.3: fix minor grammar mistake
+
+ Closes #10968
+
+Daniel Stenberg (14 Apr 2023)
+
+- curl: add --proxy-http2
+
+ For trying HTTP/2 with an HTTPS proxy.
+
+ Closes #10926
+
+- KNOWN_BUGS: remove fixed or outdated issues, move non-bugs
+
+ - remove h3 issues believed to be fixed
+
+ - make the flaky CI issue be generic and not Windows specific
+
+ - "TLS session cache does not work with TFO" now documented
+
+ This is now a documented restriction and not a bug. TFO in general is
+ rarely used and has other problems, making it a low-priotity thing to
+ work on.
+
+ - remove "Renegotiate from server may cause hang for OpenSSL backend"
+
+ This is an OpenSSL issue, not a curl one. Even if it taints curl.
+
+ - rm "make distclean loops forever"
+
+ - rm "configure finding libs in wrong directory"
+
+ Added a section to docs/INSTALL.md about it.
+
+ - "A shared connection cache is not thread-safe"
+
+ Moved over to TODO and expanded for other sharing improvements we
+ could do
+
+ - rm "CURLOPT_OPENSOCKETPAIRFUNCTION is missing"
+
+ - rm "Blocking socket operations in non-blocking API"
+
+ Already listed as a TODO
+
+ - rm "curl compiled on OSX 10.13 failed to run on OSX 10.10"
+
+ Water under the bridge. No one cares about this anymore.
+
+ - rm "build on Linux links libcurl to libdl"
+
+ Verified to not be true (anymore).
+
+ - rm "libpsl is not supported"
+
+ The cmake build supports it since cafb356e19cda22
+
+ Closes #10963
+
+- url: fix PVS nits
+
+ - expression 'hostptr' is always true
+ - a part of conditional expression is always true: proxypasswd
+ - expression 'proxyuser' is always true
+ - avoid multiple Curl_now() calls in allocate_conn
+
+ Ref: #10929
+ Closes #10959
+
+- bufq: simplify since expression is always true
+
+ The check for 'len' is already done so it will remain true until
+ updated. Pointed out by PVS.
+
+ Ref: #10929
+ Closes #10958
+
+- hash: fix assigning same value
+
+ Pointed out by PVS
+
+ Ref: #10929
+ Closes #10956
+
+- cookie: address PVS nits
+
+ - avoid assigning the same value again
+ - remove superfluous check of co->domain
+ - reduce variable scope for namep/valuep
+
+ Ref: #10929
+ Closes #10954
+
+Stefan Eissing (14 Apr 2023)
+
+- cf-socket: Disable socket receive buffer by default
+
+ - Disable socket receive buffer unless USE_RECV_BEFORE_SEND_WORKAROUND
+ is in place.
+
+ While we would like to use the receive buffer, we have stalls in
+ parallel transfers where not all buffered data is consumed and no socket
+ events happen.
+
+ Note USE_RECV_BEFORE_SEND_WORKAROUND is a Windows sockets workaround
+ that has been disabled by default since b4b6e4f1, due to other bugs.
+
+ Closes https://github.com/curl/curl/pull/10961
+
+- cf-h2-proxy: fix processing ingress to stop too early
+
+ - progress ingress stopped too early, causing data
+ from the underlying filters to not be processed and
+ report that no tunnel data was available
+ - this lead to "hangers" where no socket activity was
+ seen but data rested in buffers
+
+ Closes #10952
+
+- http3: check stream_ctx more thoroughly in all backends
+
+ - callbacks and filter methods might be invoked at unexpected
+ times, e.g. when the transfer's stream_ctx has not been initialized
+ yet or, more likely, has already been taken down.
+ - check for existance of stream_ctx in such places and return
+ an error or silently succeed the call.
+
+ Closes #10951
+
+Daniel Stenberg (13 Apr 2023)
+
+- ftp: fix 'portsock' variable was assigned the same value
+
+ Pointed out by PVS
+
+ Ref: #10929
+ Closes #10955
+
+- ftp: remove dead code
+
+ This condition can never be true here since it is handled already 28
+ lines above.
+
+ Pointed out by PVS.
+
+ Ref: #10929
+ Closes #10957
+
+- cf-h1-proxy: skip an extra NULL assign
+
+ and use Curl_safefree() once to save another NULL assign. Found by PVS.
+
+ Ref. #10929
+ Closes #10953
+
+Philip Heiduck (13 Apr 2023)
+
+- GHA: suppress git clone output
+
+ Follow-up: https://github.com/curl/curl/commit/8203aa6ed405ec832d2c62f18dfda2
+ 93f89a23f9
+
+ Closes #10949
+
+Stefan Eissing (13 Apr 2023)
+
+- cf-socket: remove dead code discovered by PVS
+
+ Closes #10960
+
+Daniel Stenberg (13 Apr 2023)
+
+- http: skip a double NULL assign
+
+ and also use a local variable to shorten the long names and increase
+ readability in the function. Pointed out by PVS.
+
+ Ref: #10929
+ Closes #10950
+
+- mime: skip NULL assigns after Curl_safefree()
+
+ Pointed out by PVS.
+
+ Ref: #10929
+ Closes #10947
+
+- rtsp: skip NULL assigns after Curl_safefree()
+
+ ... since this is a macro that assigns NULL itself. Pointed out by PVS.
+
+ Ref: #10929
+ Closes #10946
+
+- smb: remove double assign
+
+ The same value is assigned the same value already a few lines above.
+ Pointed out by PVS.
+
+ Ref: #10929
+ Closes #10945
+
+- transfer: skip extra assign
+
+ The 'result' variable already contains CURLE_OK at this point, no use in
+ setting it again. Pointed out by PVS.
+
+ Ref: #10929
+ Closes #10944
+
+- urlapi: skip a pointless assign
+
+ It stores a null byte after already having confirmed there is a null
+ byte there. Detected by PVS.
+
+ Ref: #10929
+ Closes #10943
+
+Philip Heiduck (13 Apr 2023)
+
+- GHA: suppress git clone output
+
+ Closes #10939
+
+Stefan Eissing (13 Apr 2023)
+
+- tests: make test_12_01 a bit more forgiving on connection counts
+
+- cf-socket: add socket recv buffering for most tcp cases
+
+ - use bufq as recv buffer, also for Windows pre-receive handling
+ - catch small reads followed by larger ones in a single socket
+ call. A common pattern on TLS connections.
+
+ Closes #10787
+
+Daniel Stenberg (13 Apr 2023)
+
+- urlapi: cleanups
+
+ - move host checks together
+ - simplify the scheme parser loop and the end of host name parser
+ - avoid itermediate buffer storing in multiple places
+ - reduce scope for several variables
+ - skip the Curl_dyn_tail() call for speed
+ - detect IPv6 earlier and skip extra checks for such hosts
+ - normalize directly in dynbuf instead of itermediate buffer
+ - split out the IPv6 parser into its own funciton
+ - call the IPv6 parser directly for ipv6 addresses
+ - remove (unused) special treatment of % in host names
+ - junkscan() once in the beginning instead of scattered
+ - make junkscan return error code
+ - remove unused query management from dedotdotify()
+ - make Curl_parse_login_details use memchr
+ - more use of memchr() instead of strchr() and less strlen() calls
+ - make junkscan check and return the URL length
+
+ An optimized build runs one of my benchmark URL parsing programs ~41%
+ faster using this branch. (compared against the shipped 7.88.1 library
+ in Debian)
+
+ Closes #10935
+
+Josh McCullough (13 Apr 2023)
+
+- http2: fix typo in infof() call
+
+ Closes #10940
+
+Daniel Stenberg (12 Apr 2023)
+
+- noproxy: pointer to local array 'hostip' is stored outside scope
+
+ Ref: #10929
+ Closes #10933
+
+Stefan Eissing (12 Apr 2023)
+
+- connect: fix https connection setup to treat ssl_mode correctly
+
+ - for HTTPS protocol, a disabled ssl should never be acceptables.
+
+ Closes #10934
+
+Douglas R. Reno (12 Apr 2023)
+
+- CMakeLists.txt: fix typo for Haiku detection
+
+ Closes #10937
+
+Dan Fandrich (11 Apr 2023)
+
+- pathhelp: use the cached $use_cygpath when available
+
+- runtests: eliminate unneeded variable
+
+- runtests: make the # of server start attempts a constant
+
+- runtests: on startup failure call displaylogs only in serverfortest
+
+ This reduces the number of calls spread throughout the code.
+
+ Ref: #10818
+ Closes #10919
+
+- runtests: return an error code with startservers()
+
+ The code indicates the kind of failure encountered in starting a server,
+ which can be used by the caller to tailor the user experience.
+
+ Ref: #10818
+
+- runtests: abort early if runpingpongserver is given a bad server type
+
+- runtests: don't use the SMB server verification time as reference
+
+ %FTPTIME2 and %FTPTIME3 should be set by the FTP server only, for
+ consistency.
+
+- tests: factor out the test server management code
+
+ This now lives in servers.pm with some configuration variables moved to
+ globalconfig.pm
+
+ Ref: #10818
+
+- runtests: remove an inappropriate use of runclientoutput
+
+ This function is intended for running client code, not servers.
+
+- runtests: only add $LIBDIR to the path for checktestcmd
+
+ Since checkcmd is for finding servers, there will never be anything in
+ this directory of interest to them.
+
+ Ref: #10818
+
+- tests: log sshserver.pl messages to a file
+
+ The logmsg messages were thrown away before, so they are now available
+ for debugging.
+
+- runtests: also show DISABLED tests with -l
+
+ Other reasons for skipping tests are ignored for -l, so being explicitly
+ disabled should be too.
+
+- runtests: move the UNIX sockets into $PIDDIR
+
+ These were missed when the other server files were moved there.
+
+ Follow-up to 70d2fca2
+
+ Ref: #10818
+
+- tests: tighten up perl exports
+
+ This reduces namespace pollution a little.
+
+ Ref: #10818
+
+- tests: turn perl modules into full packages
+
+ This helps enforce more modularization and encapsulation. Enable and fix
+ warnings on a few packages. Also, rename ftp.pm to processhelp.pm since
+ there's really nothing ftp-specific in it.
+
+ Ref: #10818
+
+Daniel Stenberg (11 Apr 2023)
+
+- multi: remove a few superfluous assigns
+
+ PVS found these "The 'rc' variable was assigned the same value." cases.
+
+ Ref: #10929
+ Closes #10932
+
+- schannel: add clarifying comment
+
+ Explaining how the PVS warning in #10929 is wrong: Dereferencing of the
+ null pointer 'backend->cred' might take place.
+
+ Closes #10931
+
+- cookie: clarify that init with data set to NULL reads no file
+
+ ... and make Curl_cookie_add() require 'data' being set proper with an
+ assert.
+
+ The function has not worked with a NULL data for quite some time so this
+ just corrects the code and comment.
+
+ This is a different take than the proposed fixed in #10927
+
+ Reported-by: Kvarec Lezki
+ Ref: #10929
+ Closes #10930
+
+Kvarec Lezki (11 Apr 2023)
+
+- vtls: remove int typecast for sizeof()
+
+ V220 Suspicious sequence of types castings: memsize -> 32-bit integer ->
+ memsize. The value being cast: 'sizeof
+ (buf->data)'. curl\lib\vtls\vtls.c 2025
+
+ https://pvs-studio.com/en/docs/warnings/v220/
+
+ Closes #10928
+
+Stefan Eissing (11 Apr 2023)
+
+- http2: fix copynpaste error reported by coverity
+
+ - move all code handling HTTP/2 frames for a particular
+ stream into a separate function to keep from confusing
+ the call `data` with the stream `data`.
+
+ Closes #10924
+
+Dan Fandrich (11 Apr 2023)
+
+- tests: log a too-long Unix socket path in sws and socksd
+
+ Ref: #10919
+
+Daniel Stenberg (11 Apr 2023)
+
+- gen.pl: error on duplicated See-Also fields
+
+ Updated http2.d accordingly.
+
+ Closes #10925
+
+- http2: avoid possible null pointer dereference
+
+ Reported-by: Dan Fandrich
+ Fixes #10920
+ Closes #10923
+
+- lib1560: verify that more bad host names are rejected
+
+ when setting the hostname component of a URL
+
+ Closes #10922
+
+- curl_url_set.3: mention that users can set content rather freely
+
+ ... which then might render bad URLs if you extract a URL later.
+
+ Closes #10921
+
+Dan Fandrich (10 Apr 2023)
+
+- CI: retry failed downloads of aws-lc
+
+ Don't fail the build in case of a temporary server problem.
+
+- test1169: fix so it works properly everywhere
+
+ - Use an absolute path for the -L option since the module isn't in the
+ perl path
+ - Create the needed test file in a <file> section; <precheck> isn't
+ intended for this
+ - Fix the test number in the file name, which was wrong
+
+ Follow-up to f754990a
+
+ Ref: #10818
+ Fixes #10889
+ Closes #10917
+
+- tests: stop using strndup(), which isn't portable
+
+ It's not available on Solaris 10, for example. Since this is just test
+ code that doesn't need to use an optimized system version, replace it
+ with the implementation copied from tool_cb_hdr.c.
+
+- runtests: fix an incorrect comment about the ld_preload feature
+
+ Follow-up to 1f631864
+
+ Ref: #10818
+
+Daniel Stenberg (9 Apr 2023)
+
+- urlapi: prevent setting invalid schemes with *url_set()
+
+ A typical mistake would be to try to set "https://" - including the
+ separator - this is now rejected as that would then lead to
+ url_get(... URL...) would get an invalid URL extracted.
+
+ Extended test 1560 to verify.
+
+ Closes #10911
+
+Biswapriyo Nath (9 Apr 2023)
+
+- http2: remove unused Curl_http2_strerror function declaration
+
+ Curl_http2_strerror was renamed to http2_strerror in
+ 05b100aee247bb9bec8e9a1b0 and then http2_strerror was removed in
+ 5808a0d0f5ea0399d4a2a2
+
+ This also fixes the following compiler error
+
+ lib/http2.h:41:33: error: unknown type name 'uint32_t'
+ lib/http2.h:1:1: note: 'uint32_t' is defined in header '<stdint.h>'
+
+ Closes #10912
+
+Daniel Stenberg (8 Apr 2023)
+
+- RELEASE-NOTES: synced
+
+SuperIlu on github (8 Apr 2023)
+
+- config-dos.h: fix SIZEOF_CURL_OFF_T for MS-DOS/DJGPP
+
+ Fixes #10905
+ Closes #10910
+
+Daniel Stenberg (8 Apr 2023)
+
+- lib: remove CURLX_NO_MEMORY_CALLBACKS
+
+ The only user of this define was 'chkdecimalpoint' - a special purpose
+ test tool that was built but not used anymore (since 17c18fbc3 - Apr
+ 2020).
+
+ Closes #10908
+
+- CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2
+
+ Setting this proxy type allows curl to negotiate and use HTTP/2 with
+ HTTPS proxies.
+
+ Closes #10900
+
+Ali Khodkar (8 Apr 2023)
+
+- write-out.d: add missing periods
+
+ Closes #10897
+
+Daniel Stenberg (7 Apr 2023)
+
+- http2: remove check for !data after it was already dereferenced
+
+ Pointed out by Coverity
+
+ Closes #10906
+
+- http_proxy: provide missing arg to infof() call
+
+ Pointed out by Coverity
+
+ Closes #10904
+
+- content_encoding: only do tranfer-encoding compression if asked to
+
+ To reduce surprises. Update test 387 and 418 accordingly.
+
+ Closes #10899
+
+- sws: comparison of unsigned expression < 0 is always false
+
+ Follow-up to 356dd0b73a75ed6d5
+
+ Closes #10903
+
+- lib/cmake: add HAVE_WRITABLE_ARGV check
+
+ Assisted-by: Jakub Zakrzewski
+ Closes #10896
+
+- configure: don't set HAVE_WRITABLE_ARGV on Windows
+
+ Ref: #10888
+ Closes #10896
+
+- vtls: fix build error when proxy-disabled
+
+ Closes #10901
+
+Stefan Eissing (6 Apr 2023)
+
+- tests: increase sws timeout for more robust testing
+
+ - for https CONNECT forwarding, this was fixed at 5 seconds
+ which led to spurious CI test failures
+ - add --keepalive parameter to sws to control this
+ - let httpserver use 30 seconds
+
+ Closes #10898
+
+- http2: move HTTP/2 stream vars into local context
+
+ - remove NGHTTP2 members of `struct HTTP`
+ - add `void *h2_ctx` to `struct HTTP`
+ - add `void *h3_ctx` to `struct HTTP`
+ - separate h2/h3 pointers are needed for eyeballing
+ - manage local stream_ctx in http implementations
+
+ Closes #10877
+
+- proxy: http2 proxy tunnel implementation
+
+ - currently only on debug build and when env variable
+ CURL_PROXY_TUNNEL_H2 is present.
+ - will ALPN negotiate with the proxy server and switch
+ tunnel filter based on the protocol negotiated.
+ - http/1.1 tunnel code moved into cf-h1-proxy.[ch]
+ - http/2 tunnel code implemented in cf-h2-proxy.[ch]
+ - tunnel start and ALPN set remains in http_proxy.c
+ - moving all haproxy related code into cf-haproxy.[ch]
+
+ VTLS changes
+ - SSL filters rely solely on the "alpn" specification they
+ are created with and no longer check conn->bits.tls_enable_alpn.
+ - checks on which ALPN specification to use (or none at all) are
+ done in vtls.c when creating the filter.
+
+ Testing
+ - added a nghttpx forward proxy to the pytest setup that
+ speaks HTTP/2 and forwards all requests to the Apache httpd
+ forward proxy server.
+ - extending test coverage in test_10 cases
+ - adding proxy tests for direct/tunnel h1/h2 use of basic auth.
+ - adding test for http/1.1 and h2 proxy tunneling to pytest
+
+ Closes #10780
+
+- vtls and h2 improvements
+
+ - eliminate receive loop in vtls to fill buffer. This may
+ lead to partial reads of data which is counter productive
+ - let http2 instead loop smarter to process pending network
+ data without transfer switches
+
+ scorecard improvements
+ - do not start caddy when only httpd is requested
+ - allow curl -v to stderr file on --curl-verbose
+
+ Closes #10891
+
+Daniel Stenberg (6 Apr 2023)
+
+- tests: 1078 1288 1297 use valid IPv4 addresses
+
+ With the enhanced URL parser, these tests failed because of their bad
+ IPv4 use.
+
+- urlapi: detect and error on illegal IPv4 addresses
+
+ Using bad numbers in an IPv4 numerical address now returns
+ CURLUE_BAD_HOSTNAME.
+
+ I noticed while working on trurl and it was originally reported here:
+ https://github.com/curl/trurl/issues/78
+
+ Updated test 1560 accordingly.
+
+ Closes #10894
+
+- RELEASE-NOTES: synced
+
+- urlapi: URL encoding for the URL missed the fragment
+
+ Meaning that it would wrongly still store the fragment using spaces
+ instead of %20 if allowing space while also asking for URL encoding.
+
+ Discovered when playing with trurl.
+
+ Added test to lib1560 to verify the fix.
+
+ Closes #10887
+
+- rtsp: convert mallocs to dynbuf for RTP buffering
+
+ Closes #10786
+
+- tool_writeout: add URL component variables
+
+ Output specific components from the used URL. The following variables
+ are added for this purpose:
+
+ url.scheme, url.user, url.password, url.options, url.host, url.port,
+ url.path, url.query, url.fragment, url.zoneid
+
+ Add the following for outputting parts of the "effective URL":
+
+ urle.scheme, urle.user, urle.password, urle.options, urle.host, urle.port,
+ urle.path, urle.query, urle.fragment, urle.zoneid
+
+ Added test 423 and 424 to verify.
+
+ Closes #10853
+
+Stefan Eissing (4 Apr 2023)
+
+- tests/http: improved httpd detection
+
+ - better error messages when not found/complete
+ - handling of `--without-test-httpd`
+
+ Reported-by: kwind on github
+ Fixes #10879
+ Closes #10883
+
+Daniel Stenberg (4 Apr 2023)
+
+- configure: make quiche require quiche_conn_send_ack_eliciting
+
+ curl now requires quiche version >= 1.17.1 to be used and this function
+ was added in this version and makes a convenient check.
+
+ This requirement is because this is the lowest quiche version that
+ supports peer-initiated key updates correctly.
+
+ Closes #10886
+
+Dan Fandrich (1 Apr 2023)
+
+- unit tests: use the unit test infrastructure better
+
+ Allow UNITTEST_STOP to return the error code, use the fail & abort
+ macros to indicate test failure and return success instead of fail if
+ the unit test can't test anything because of missing features at
+ compile-time. A couple of tests could never fail because they were
+ overriding the failure return code.
+
+- runtests: strip EOL on precheck output on Windows, too
+
+ Precheck failures would show on two lines in the test summary output
+ otherwise.
+
+- tests: move server config files under the pid dir
+
+ These files are generated by the test servers and must therefore be
+ found in the log directory to make them available to only those servers
+ once multiple test runners are executing in parallel. They must also not
+ be deleted with the log files, so they are stored in the pidfile
+ directory.
+
+ Ref: #10818
+ Closes #10875
+
+- runtests: use the ssh key filenames from the sshhelp package
+
+- tests: move pidfiles and portfiles under the log directory
+
+ This is to segregate all files written by a test process into a single
+ root to allow for future parallel testing.
+
+ Ref: #10818
+ Closes #10874
+
+- runtests: minor code cleanups
+
+- runtests: call processexists() and pidfromfile()
+
+ rather than duplicating the logic in several places.
+
+Viktor Szakats (31 Mar 2023)
+
+- cmake: do not add zlib headers for openssl
+
+ Logic copied earlier from wolfSSL. wolfSSL requires zlib headers for its
+ public headers. OpenSSL does not, so stop adding zlib headers for it.
+
+ Follow-up to 1e3319a167d2f32d295603167486e9e88af9bb4e
+
+ Closes #10878
+
+Stefan Eissing (31 Mar 2023)
+
+- rustls: fix error in recv handling
+
+ - when rustls is told to recieve more TLS data and its internal
+ plaintext buffers are full, it returns an IOERROR
+ - avoid receiving TLS data while plaintext is not read empty
+
+ pytest:
+ - increase curl run timeout when invoking pytest with higher verbosity
+
+ Closes #10876
+
+- http3: improvements across backends
+
+ - ngtcp2: using bufq for recv stream data
+ - internal stream_ctx instead of `struct HTTP` members
+ for quiche, ngtcp2 and msh3
+ - no more QUIC related members in `struct HTTP`
+ - experimental use of recvmmsg(), disabled by default
+ - testing on my old debian box shows no throughput improvements.
+ - leaving it in, but disabled, for future revisit
+ - vquic: common UDP receive code for ngtcp2 and quiche
+ - vquic: common UDP send code for ngtcp2 and quiche
+ - added pytest skips for known msh3 failures
+ - fix unit2601 to survive torture testing
+ - quiche: using latest `master` from quiche and enabling large download
+ tests, now that key change is supported
+ - fixing test_07_21 where retry handling of starting a stream
+ was faulty
+ - msh3: use bufq for recv buffering headers and data
+ - msh3: replace fprintf debug logging with LOG_CF where possible
+ - msh3: force QUIC expire timers on recv/send to have more than
+ 1 request per second served
+
+ Closes #10772
+
+Dan Fandrich (30 Mar 2023)
+
+- test1471/2: add http as a required feature
+
+ curl bails out early with a different error message if http support is
+ compiled out.
+
+ Ref: #10705
+
+- tests: limit return code of unit tests and lib tests
+
+ Values greater than 125 have special meanings, so cap it there. Unit
+ tests and lib tests use the number of failures as the return code, so a
+ large number of failures (such as test 2601 as a torture test) can
+ exceed this causing the test to be erroneously reported as having
+ failed.
+
+ Ref: #10720
+
+- test1960: point to the correct path for the precheck tool
+
+ Otherwise, it might find the binary in .libs which can cause it to use
+ the system libcurl which can fail. This error is only visible by
+ noticing that the test is skipped.
+
+ Follow-up to e4dfe6fc
+
+ Ref: #10651
+
+- tests: use the proper %LOGDIR path on two tests
+
+ Follow-up to e7a021e1
+
+ Ref: #10818
+
+Daniel Stenberg (30 Mar 2023)
+
+- rtsp: fix Value stored to 'skip_size' is never read
+
+ Pointed out by scan-build
+
+ Follow-up to 6c6306f3008f2c9b20a64
+
+ Closes #10872
+
+Stefan Eissing (30 Mar 2023)
+
+- tests/http: relax connection check in test_07_02
+
+ Only 1 connection will be used when curl is slow, happens when
+ address-sanitized in CI, for example
+
+ Closes #10865
+
+- http2: flow control and buffer improvements
+
+ - use bufq for send/receive of network data
+ - usd bufq for send/receive of stream data
+ - use HTTP/2 flow control with no-auto updates to control the
+ amount of data we are buffering for a stream
+ HTTP/2 stream window set to 128K after local tests, defined
+ code constant for now
+ - elminiating PAUSEing nghttp2 processing when receiving data
+ since a stream can now take in all DATA nghttp2 forwards
+
+ Improved scorecard and adjuste http2 stream window sizes
+ - scorecard improved output formatting and options default
+ - scorecard now also benchmarks small requests / second
+
+ Closes #10771
+
+Dan Fandrich (30 Mar 2023)
+
+- runtests: show error message if file can't be written
+
+- tests: fix remaining servers to run with a dynamic log directory
+
+ This final commit in the series is sufficient to allow the tests succeed
+ if $LOGDIR is changed in runtests.pl.
+
+ Ref: #10818
+ Closes #10866
+
+- tests: fix fake_ntlm to run with a dynamic log directory
+
+ Ref: #10818
+
+- tests: fix http servers to run with a dynamic log directory
+
+ Ref: #10818
+
+- tests: fix ftpserver to run with a dynamic log directory
+
+ Ref: #10818
+
+- tests: fix C servers to run with a dynamic log directory
+
+ Ref: #10818
+
+- tests: fix lib tests to run with a dynamic log directory
+
+ Ref: #10818
+
+- tests: fix unit tests to run with a dynamic log directory
+
+ Ref: #10818
+
+- tests: use %LOGDIR to refer to the log directory
+
+ This will allow it be set dynamically.
+
+ Ref: #10818
+
+- runtests: track verification time even if no files to compare
+
+- getpart: better handle case of file not found
+
+- testcurl: bump version date
+
+ It hadn't been updated in 9 years; it's time.
+
+- tests: switch to 3-argument open in test suite
+
+ The perl 2-argument open has been considered not-quite-deprecated since
+ the 3-argument form was introduced almost a quarter century ago.
+
+- tests: silence some Perl::Critic warnings in test suite
+
+ Not all warnings are fixed; many are as much stylistic suggestions than
+ anything and IMHO don't do much to actually improve the code.
+
+ Ref: #10818
+ Closes #10861
+
+- docs: bump the minimum perl version to 5.6
+
+ It's actually been this way since at least 2012 (when a 3-argument open
+ was added to runtests.pl). Given the lack of complaints in the interim,
+ it's safe to call this 23 year old perl version the minimum.
+
+- runtests: memoize the getpart* subroutines to speed up access
+
+ The refactored code calls these functions with the same arguments more
+ often, so this prevents redundant test case file parsing.
+
+ Approved-by: Daniel Stenberg
+ Ref: #10818
+ Closes #10833
+
+- runtests: remove duplicated feature variables
+
+ Use the feature map stored in the hash table instead. Most of the
+ variables were only used only once, to set the value in the hash table.
+
+ Ref: #10818
+
+- runtests: also ignore test file problems when ignoring results
+
+ This simplifies error handling in the test verification code and makes
+ it more consistent.
+
+ Ref: #10818
+
+- runtests: more refactoring for clarity
+
+ Ref: #10818
+
+- runtests: don't start servers if -l is given
+
+- runtests: fix typos
+
+- runtests: refactor singletest() into separate functions
+
+ This takes it from a 1200 line behemoth into something more manageable.
+ The content and order of the functions is taken almost directly from
+ singletest() so the diff sans whitespace is quite short.
+
+ Ref: #10818
+
+- runtests: refactor singletest() into distinct sections
+
+ Namely:
+ - Verify that this test case should be run
+ - Start the servers needed to run this test case
+ - Check that test environment is fine to run this test case
+ - Prepare the test environment to run this test case
+ - Run the test command
+ - Clean up after test command
+ - Verify test succeeded
+
+ Ref: #10818
+
+- runtests: stop copying a few arrays where not needed
+
+ Unlike some other languages that just copy a pointer, perl copies the
+ entire array contents which takes time for a large array.
+
+ Ref: #10818
+
+- runtests: reduce redundant calls to getpart/getpartattr
+
+ These functions scan through the entire test file every time to find the
+ right section, so they can be slow for large test files.
+
+ Ref: #10818
+
+- tests: document that the unittest keyword is special
+
+ Also, add other features that were missing.
+
+Stefan Eissing (30 Mar 2023)
+
+- docs: add documentation for bufq
+
+ Closes #10869
+
+Daniel Stenberg (30 Mar 2023)
+
+- RELEASE-NOTES: synced
+
+Matt Jolly (30 Mar 2023)
+
+- hostip: refuse to resolve the .onion TLD
+
+ RFC 7686 states that:
+
+ > Applications that do not implement the Tor
+ > protocol SHOULD generate an error upon the use of .onion and
+ > SHOULD NOT perform a DNS lookup.
+
+ Let's do that.
+
+ https://www.rfc-editor.org/rfc/rfc7686#section-2
+
+ Add test 1471 and 1472 to verify
+
+ Fixes #543
+ Closes #10705
+
+Philip Heiduck (30 Mar 2023)
+
+- GHA: update ngtcp2-*.yml to v0.10.0
+
+ Closes #10612
+
+Stefan Eissing (30 Mar 2023)
+
+- tests/http: fix log formatting on wrong exit code
+
+ Closes #10868
+
+Daniel Stenberg (30 Mar 2023)
+
+- spellcheck.words: unify the AWS-LC spelling
+
+ Follow-up to 34ef4fab22d93
+
+ Closes #10867
+
+Jim King (30 Mar 2023)
+
+- openssl: interop with AWS-LC
+
+ * Configure changes to detect AWS-LC
+ * CMakeLists.txt changes to detect AWS-LC
+ * Compile-time branches needed to support AWS-LC
+ * Correctly set OSSL_VERSION and report AWS-LC release number
+ * GitHub Actions script to build with autoconf and cmake against AWS-LC
+
+ AWS-LC is a BoringSSL/OpenSSL derivative
+ For more information see https://github.com/awslabs/aws-lc/
+
+ Closes #10320
+
+Viktor Szakats (30 Mar 2023)
+
+- cmake: picky-linker fixes for openssl, ZLIB, H3 and more
+
+ - fix HTTP/3 support detection with OpenSSL/quictls built with ZLIB.
+ (Requires curl be built with ZLIB option also.)
+
+ - fix HTTP/3 support detection with OpenSSL/quictls/LibreSSL and `ld`
+ linker on Windows.
+
+ - fix HTTP/3 support detection with wolfSSL to automatically add
+ `ws2_32` to the lib list on Windows. For all linkers.
+
+ - reposition ZLIB (and other compression) detection _after_ TLS
+ detection, but before calling HTTP/3-support detection via
+ `CheckQuicSupportInOpenSSL`.
+
+ May be a regression from ebef55a61df0094b9790710a42f63c48e7de3c13
+ May fix #10832 (Reported-by: Micah Snyder)
+
+ This also seems to fix an odd case, where OpenSSL/quictls is correctly
+ detected, but its header path is not set while compiling, breaking
+ build at `src/curl_ntlm_core.c`. Reason for this remains undiscovered.
+
+ - satisfy "picky" linkers such as `ld` with MinGW, that are highly
+ sensitive to lib order, by also adding brotli to the beginning of the
+ lib list.
+
+ - satisfy "picky" linkers by adding certain Windows systems libs to
+ the lib list for OpenSSL/LibreSSL. (Might need additional ones for
+ other forks, such as `pthread` for BoringSSL.)
+
+ Note: It'd make sense to _always_ add `ws2_32`, `crypt32` (except
+ Windows App targets perhaps?), `bcrypt` (except old-mingw!) on Windows
+ at this point. They are almost always required, and if some aren't,
+ they are ignored by the linker with no effect on final binaries.
+
+ Closes #10857
+
+Stefan Eissing (30 Mar 2023)
+
+- vlts: use full buffer size when receiving data if possible
+
+ SSL backends like OpenSSL/wolfSSL and other return the content of one
+ TLS record on read, but usually there are more available.
+
+ Change the vtls cfilter recv() function to fill the given buffer until a
+ read would block.
+
+ Closes #10736
+
+dengjfzh on github (30 Mar 2023)
+
+- rtsp: skip malformed RTSP interleaved frame data
+
+ Some IP cameras send malformed RTSP interleaved frames sometimes, which
+ can cause curl_easy_perform return 1 (CURLE_UNSUPPORTED_PROTOCOL). This
+ change attempts to skip clearly incorrect RTSP interleaving frame data.
+
+ Closes #10808
+
+Stefan Eissing (30 Mar 2023)
+
+- lib: add `bufq` and `dynhds`
+
+ Adding `bufq`:
+ - at init() time configured to hold up to `n` chunks of `m` bytes each.
+ - various methods for reading from and writing to it.
+ - `peek` support to get access to buffered data without copy
+ - `pass` support to allow buffer flushing on write if it becomes full
+ - use case: IO buffers for dynamic reads and writes that do not blow up
+ - distinct from `dynbuf` in that:
+ - it maintains a read position
+ - writes on a full bufq return CURLE_AGAIN instead of nuking itself
+ - Init options:
+ - SOFT_LIMIT: allow writes into a full bufq
+ - NO_SPARES: free empty chunks right away
+ - a `bufc_pool` that can keep a number of spare chunks to
+ be shared between different `bufq` instances
+
+ Adding `dynhds`:
+ - a straightforward list of name+value pairs as used for HTTP headers
+ - headers can be appended dynamically
+ - headers can be removed again
+ - headers can be replaced
+ - headers can be looked up
+ - http/1.1 formatting into a `dynbuf`
+ - configured at init() with limits on header counts and total string
+ sizes
+ - use case: pass a HTTP request or response around without being version
+ specific
+ - express a HTTP request without a curl easy handle (used in h2 proxy
+ tunnels)
+ - future extension possibilities:
+ - conversions of `dynhds` to nghttp2/nghttp3 name+value arrays
+
+ Closes #10720
+
+- pytest: improvements for suitable curl and error output
+
+ - will check built curl for http and https support and
+ skip all tests if not there
+ - will dump stdout/stderr/trace output on errored responses
+
+ Closes #10829
+
+Daniel Stenberg (29 Mar 2023)
+
+- lib: use correct printf flags for sockets and timediffs
+
+ Introduces CURL_FORMAT_SOCKET_T for outputting socket numbers.
+
+ Fixes #10737
+ Reported-by: Gisle Vanem
+ Closes #10855
+
+- telnet: make MSVC ignore warning for assignment within conditional
+
+ Follow-up to d92a5007b60e0af7d
+
+ Closes #10859
+
+- ws: handle reads before EAGAIN better
+
+ Reported-by: simplerobot on github
+ Fixes #10831
+ Closes #10856
+
+- test1592: add flaky keyword
+
+ Closes #10860
+
+Frank Gevaerts (28 Mar 2023)
+
+- lib/sha256.c: typo fix in comment (duplicated "is available")
+
+ Closes #10851
+
+Arne Soete (28 Mar 2023)
+
+- tests: update tests/httpd references to tests/http
+
+ tests/httpd was renamed to tests/http in #10654. This patch updates some
+ references in the README
+
+ Closes #10854
+
+Kamil Dudka (28 Mar 2023)
+
+- telnet: simplify the implementation of str_is_nonascii()
+
+ There is no need to traverse the string twice.
+
+ Closes #10852
+
+Frank Gevaerts (28 Mar 2023)
+
+- curl_easy_getinfo.3: typo fix (duplicated "from the")
+
+ Closes #10850
+
+Philip Heiduck (28 Mar 2023)
+
+- wolfssl.yml: bump to version 5.6.0
+
+ Closes #10843
+
+Daniel Stenberg (28 Mar 2023)
+
+- RELEASE-NOTES: synced
+
+Ronan Pigott (28 Mar 2023)
+
+- docs/cmdline-opts: document the dotless config path
+
+ The real xdg config path is $XDG_CONFIG_HOME/curlrc, without the dot.
+ The dotless name seems preferable, so let's match the documentation to
+ the behavior.
+
+ Closes #10849
+
+Daniel Stenberg (28 Mar 2023)
+
+- HTTP-COOKIES.md: mention the #HttpOnly_ prefix
+
+ Fixes #10847
+ Reported-by: Harry Sintonen
+ Closes #10848
+
+- dynbuf: never allocate larger than "toobig"
+
+ As dynbufs always have a fixed maximum size which they are not allowed
+ to grow larger than, making sure that it never allocates a larger buffer
+ makes sure the buffer does not allocate memory that will never be used.
+
+ Closes #10845
+
+- ftplistparser: replace realloc with dynbuf
+
+ Closes #10844
+
+- ftplistparser: use ISDIGIT()
+
+ Closes #10844
+
+- ftplistparser: move out private data from public struct
+
+ The public 'curl_fileinfo' struct contained three fields that are for
+ internal purposes only. This change makes them unused in the public
+ struct.
+
+ The new private struct fields are also renamed to make this separation
+ more obvious internally.
+
+ Closes #10844
+
+- openssl: fix indents - white space edits only
+
+ Closes #10840
+
+- url: remove call to Curl_llist_destroy in Curl_close
+
+ A list that is created with a NULL "destructor" does not need to be
+ destroyed. Not calling it is faster than calling it.
+
+ Closes #10846
+
+- multi: remove PENDING + MSGSENT handles from the main linked list
+
+ As they are not driving transfers or any socket activity, the main loop
+ does not need to iterate over these handles. A performance improvement.
+
+ They are instead only held in their own separate lists.
+
+ 'data->multi' is kept a pointer to the multi handle as long as the easy
+ handle is actually part of it even when the handle is moved to the
+ pending/msgsent lists. It needs to know which multi handle it belongs
+ to, if for example curl_easy_cleanup() is called before the handle is
+ removed from the multi handle.
+
+ Alll 'data->multi' pointers of handles still part of the multi handle
+ gets cleared by curl_multi_cleanup() which "orphans" all previously
+ attached easy handles.
+
+ This is take 2. The first version was reverted for the 8.0.1 release.
+
+ Assisted-by: Stefan Eissing
+ Closes #10801
+
+Stefan Eissing (26 Mar 2023)
+
+- tests/http: add timeout to running curl in test cases
+
+ - we had a CI case once where `curl` seemingly did not
+ return and it was hard to guess what happened.
+ - make curl execution in test cases time out after 60 seconds
+
+ Closes #10783
+
+Daniel Stenberg (26 Mar 2023)
+
+- RELEASE-PROCEDURE: update to new schedule
+
+ Ref: https://curl.se/mail/lib-2023-03/0062.html
+
+ Assisted-by: Andy Alt
+ Assisted-by: Dan Frandrich
+
+ Closes #10827
+
+Patrick Monnerat (26 Mar 2023)
+
+- doc: curl_mime_init() strong easy handle binding has been relaxed in 7.87.0
+
+ Reported-by: Chloe Kudryavtsev
+ Fixes #10834
+ Closes #10835
+
+Jay Satiro (25 Mar 2023)
+
+- CURLOPT_WRITEFUNCTION.3: fix typo
+
+ Reported-by: Osaila@users.noreply.github.com
+
+ Fixes https://github.com/curl/curl/issues/10839
+
+Dan Fandrich (24 Mar 2023)
+
+- CI: skip some more builds when possible
+
+ When a commit only contains tests, documentation, or cmake files, skip
+ those builds that aren't affected by those.
+
+ The file filters available on the CI services don't seem to allow
+ skipping individual jobs, only the entire workflow, so we can't get any
+ more fine-grained than this.
+
+- CI: add and adjust labeler match patterns
+
+ Allow cmdline tool alongside other labels.
+
+Kai Pastor (25 Mar 2023)
+
+- CMake: make config version 8 compatible with 7
+
+ Reviewed-by: Jakub Zakrzewski
+ Closes #10819
+
+Daniel Stenberg (24 Mar 2023)
+
+- RELEASE-NOTES: synced
+
+ Bumped version-in-progress to 8.1.0
+
+- GHA: add a memory-sanitizer job
+
+ Closes #10815
+
+Dan Fandrich (23 Mar 2023)
+
+- CI: fix brew retries on GHA
+
+ The fix in the previous commit was complete for Cirrus but accidentally
+ left off a part for GHA.
+
+ Follow-up to c2b7249d
+
+- CI: skip Azure for more commits which change only GHA
+
+Daniel Stenberg (23 Mar 2023)
+
+- cmake: set SONAME for SunOS too
+
+ Provided-by: Brian Lund
+
+ Closes #10816
+
+Stefan Eissing (23 Mar 2023)
+
+- ngtcp2: adjust config and code checks for ngtcp2 without nghttp3
+
+ - make configure show on HTTP3 feature that both ngtcp2 and nghttp3
+ are in play
+ - define ENABLE_QUIC only when USE_NGTCP2 and USE_NGHTTP3 are defined
+ - add USE_NGHTTP3 in the ngtcp2 implementation
+
+ Fixes #10793
+ Closes #10821
+
+Daniel Stenberg (23 Mar 2023)
+
+- data.d: emphasize no conversion
+
+ When asking curl to send a POST, curl does not encode or change the data.
+
+ Ref: #10820
+ Closes #10823
+
+- server/getpart: clear the buffer before load
+
+ Fixes msan warnings:
+
+ ==54195==WARNING: MemorySanitizer: use-of-uninitialized-value
+ #0 0x55ece35e57cb in line_length /home/runner/work/curl/curl/tests/server
+ /getpart.c:111:25
+ #1 0x55ece35e3b83 in readline /home/runner/work/curl/curl/tests/server/ge
+ tpart.c:164:24
+ #2 0x55ece35e0269 in getpart /home/runner/work/curl/curl/tests/server/get
+ part.c:347:18
+ #3 0x55ece36180b6 in parse_servercmd /home/runner/work/curl/curl/tests/se
+ rver/sws.c:283:13
+
+ Closes #10822
+
+- ntlm: clear lm and nt response buffers before use
+
+ To avoid the risk of MemorySanitizer: use-of-uninitialized-value
+
+ Closes #10814
+
+- digest: clear target buffer
+
+ Closes #10814
+
+Douglas R. Reno (22 Mar 2023)
+
+- cmake: bring in the network library on Haiku.
+
+ When cross-compiling for Haiku, the networking library needs to be
+ brought in. Without this, an unknown type of "Error" is reported in
+ lib/curl_setup_once.h.
+
+ This is also needed when using CMake natively on Haiku to build libcurl.
+
+ Fixes #10296
+ Closes #10792
+
+Daniel Stenberg (22 Mar 2023)
+
+- runtests: die if curl version can be found
+
+ Closes #10813
+
+Stefan Eissing (22 Mar 2023)
+
+- multi: add handle asserts in DEBUG builds
+
+ For GOOD_EASY_HANDLE and GOOD_MULTI_HANDLE checks
+
+ - allow NULL pointers to "just" return an error as before
+ - fail hard on nun-NULL pointers that no longer show the MAGICs
+
+ Closes #10812
+
+Jon Rumsey (22 Mar 2023)
+
+- gskit: various compile errors in OS400
+
+ Various compile failures in gskit.c;
+
+ - pipe_ssloverssl() needs Curl_easy data parameter for
+ Curl_conn_cf_get_socket(cf, data)
+ - key_passwd is in ssl_config, not conn_config
+ - close_on() has 2 parameters, not 4
+ - getsockopt() needs to call Curl_conn_cf_get_socket(), not
+ cxn->sock[FIRSTSOCKET]
+
+ Fixes #10799
+ Closes #10800
+
+Daniel Stenberg (22 Mar 2023)
+
+- tool_operate: pass a long as CURLOPT_HEADEROPT argument
+
+ Closes #10798
+
+- GHA: run all linux test jobs with valgrind
+
+ Closes #10798
+
+- GHA-linux: add an address-sanitizer build
+
+ Closes #10810
+
Version 8.0.1 (20 Mar 2023)
Daniel Stenberg (20 Mar 2023)
@@ -5831,4057 +9243,3 @@ Daniel Stenberg (18 Nov 2022) Reported-by: Andy Stamp
Fixes #9937
Closes #9939
-
-Alexandre Ferrieux (18 Nov 2022)
-
-- CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit
-
- Fixes #2975
- Closes #9147
-
-Daniel Stenberg (17 Nov 2022)
-
-- HTTP-COOKIES.md: mention that http://localhost is a secure context
-
- Reported-by: Trail of Bits
-
- Closes #9938
-
-- lib: parse numbers with fixed known base 10
-
- ... instead of using 0 argument that allows decimal, hex or octal when
- the number is documented and assumed to use base 10.
-
- Closes #9933
-
-- RELEASE-NOTES: synced
-
-- scripts/delta: adapt to curl.h changes for the opt counter
-
-- cookie: expire cookies at once when max-age is negative
-
- Update test 329 to verify
-
- Reported-by: godmar on github
- Fixes #9930
- Closes #9932
-
-Stefan Eissing (17 Nov 2022)
-
-- proxy: haproxy filter is only available when PROXY and HTTP are
-
- Closes #9935
-
-Daniel Stenberg (16 Nov 2022)
-
-- OtherTests.cmake: check for cross-compile, not for toolchain
-
- Build systems like vcpkg alway sets `CMAKE_TOOLCHAIN_FILE` so it should
- not be used as a sign that this is a cross-compile.
-
- Also indented the function correctly.
-
- Reported-by: Philip Chan
- Fixes #9921
- Closes #9923
-
-- ntlm: improve comment for encrypt_des
-
- Reported-by: Andrei Rybak
- Fixes #9903
- Closes #9925
-
-- include/curl/curl.h: bump the deprecated requirements to gcc 5.3
-
- Reported-by: Stephan Guilloux
- Fixes #9917
- Closes #9918
-
-Stefan Eissing (15 Nov 2022)
-
-- proxy: refactor haproxy protocol handling as connection filter
-
- Closes #9893
-
-Patrick Monnerat (15 Nov 2022)
-
-- lib: feature deprecation warnings in gcc >= 4.3
-
- Add a deprecated attribute to functions and enum values that should not
- be used anymore.
- This uses a gcc 4.3 dialect, thus is only available for this version of
- gcc and newer. Note that the _Pragma() keyword is introduced by C99, but
- is available as part of the gcc dialect even when compiling in C89 mode.
-
- It is still possible to disable deprecation at a calling module compile
- time by defining CURL_DISABLE_DEPRECATION.
-
- Gcc type checking macros are made aware of possible deprecations.
-
- Some testing support Perl programs are adapted to the extended
- declaration syntax.
-
- Several test and unit test C programs intentionally use deprecated
- functions/options and are annotated to not generate a warning.
-
- New test 1222 checks the deprecation status in doc and header files.
-
- Closes #9667
-
-Daniel Stenberg (15 Nov 2022)
-
-- log2changes.pl: wrap long lines at 80 columns
-
- Also, only use author names in the output.
-
- Fixes #9896
- Reported-by: John Sherrill
- Closes #9897
-
-- cfilters: use %zu for outputting size_t
-
- Detected by Coverity CID 1516894
-
- Closes #9907
-
-- Curl_closesocket: avoid using 'conn' if NULL
-
- ... in debug-only code.
-
- Reported by Coverity CID 1516896
-
- Closes #9907
-
-- url: only acknowledge fresh_reuse for non-followed transfers
-
- ... to make sure NTLM auth sticks to the connection it needs, as
- verified by 2032.
-
- Follow-up to fa0b9227616e
-
- Assisted-by: Stefan Eissing
- Closes #9905
-
-- netrc.d: provide mutext info
-
- Reported-by: xianghongai on github
- Fixes #9899
- Closes #9901
-
-- cmdline-opts/page-footer: remove long option nroff formatting
-
- As gen.pl adds them
-
-- nroff-scan.pl: detect double highlights
-
-- cmdline-opts/gen.pl: fix the linkifier
-
- Improved logic for finding existing --options in text and replacing with
- the full version with nroff syntax. This also makes the web version link
- options better.
-
- Reported-by: xianghongai on github
- Fixes #9899
- Closes #9902
-
-Patrick Monnerat (14 Nov 2022)
-
-- tool: use feature names instead of bit mask, when possible
-
- If the run-time libcurl is too old to support feature names, the name
- array is created locally from the bit masks. This is the only sequence
- left that uses feature bit masks.
-
- Closes #9583
-
-- docs: curl_version_info is not thread-safe before libcurl initialization
-
- Closes #9583
-
-- version: add a feature names array to curl_version_info_data
-
- Field feature_names contains a null-terminated sorted array of feature
- names. Bitmask field features is deprecated.
-
- Documentation is updated. Test 1177 and tests/version-scan.pl updated to
- match new documentation format and extended to check feature names too.
-
- Closes #9583
-
-Stefan Eissing (14 Nov 2022)
-
-- negtelnetserver.py: have it call its close() method
-
- Closes #9894
-
-Nathan Moinvaziri (13 Nov 2022)
-
-- ntlm: silence ubsan warning about copying from null target_info pointer.
-
- runtime error: null pointer passed as argument 2, which is declared to
- never be null
-
- Closes #9898
-
-Daniel Stenberg (12 Nov 2022)
-
-- RELEASE-NOTES: synced
-
-Stefan Eissing (12 Nov 2022)
-
-- Websocket: fixes for partial frames and buffer updates.
-
- - buffers updated correctly when handling partial frames
- - callbacks no longer invoked for incomplete payload data of 0 length
- - curl_ws_recv no longer returns with 0 length partial payload
-
- Closes #9890
-
-Daniel Stenberg (12 Nov 2022)
-
-- tool_operate: provide better errmsg for -G with bad URL
-
- If the URL that -G would try to add a query to could not be parsed, it would
- display
-
- curl: (27) Out of memory
-
- It now instead shows:
-
- curl: (2) Could not parse the URL, failed to set query
-
- Reported-by: Alex Xu
- Fixes #9889
- Closes #9892
-
-- vtls: fix build without proxy support
-
- Follow-up to dafdb20a26d0c890
-
- Closes #9895
-
-- tool_getparam: make --no-get work as the opposite of --get
-
- ... as documented.
-
- Closes #9891
-
-- http: mark it 'this_is_a_follow' in the Location: logic
-
- To make regular auth "reloads" to not count as redirects.
-
- Verified by test 3101
-
- Fixes #9885
- Closes #9887
-
-Viktor Szakats (11 Nov 2022)
-
-- config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW
-
- The previously set default value of 8 (64-bit) is only correct for
- mingw-w64 and only when we set `_FILE_OFFSET_BITS` to 64 (the default
- when building curl). For MSVC, old MinGW and other Windows compilers,
- the correct value is 4 (32-bit). Adjust condition accordingly. Also
- drop the manual override option.
-
- Regression in 7.86.0 (from 68fa9bf3f5d7b4fcbb57619f70cb4aabb79a51f6)
-
- Bug: https://github.com/curl/curl/pull/9712#issuecomment-1307330551
-
- Reported-by: Peter Piekarski
- Reviewed-by: Jay Satiro
-
- Closes #9872
-
-Daniel Stenberg (11 Nov 2022)
-
-- lib: remove bad set.opt_no_body assignments
-
- This struct field MUST remain what the application set it to, so that
- handle reuse and handle duplication work.
-
- Instead, the request state bit 'no_body' is introduced for code flows
- that need to change this in run-time.
-
- Closes #9888
-
-Stefan Eissing (11 Nov 2022)
-
-- lib: connection filters (cfilter) addition to curl:
-
- - general construct/destroy in connectdata
- - default implementations of callback functions
- - connect: cfilters for connect and accept
- - socks: cfilter for socks proxying
- - http_proxy: cfilter for http proxy tunneling
- - vtls: cfilters for primary and proxy ssl
- - change in general handling of data/conn
- - Curl_cfilter_setup() sets up filter chain based on data settings,
- if none are installed by the protocol handler setup
- - Curl_cfilter_connect() boot straps filters into `connected` status,
- used by handlers and multi to reach further stages
- - Curl_cfilter_is_connected() to check if a conn is connected,
- e.g. all filters have done their work
- - Curl_cfilter_get_select_socks() gets the sockets and READ/WRITE
- indicators for multi select to work
- - Curl_cfilter_data_pending() asks filters if the have incoming
- data pending for recv
- - Curl_cfilter_recv()/Curl_cfilter_send are the general callbacks
- installed in conn->recv/conn->send for io handling
- - Curl_cfilter_attach_data()/Curl_cfilter_detach_data() inform filters
- and addition/removal of a `data` from their connection
- - adding vtl functions to prevent use of Curl_ssl globals directly
- in other parts of the code.
-
- Reviewed-by: Daniel Stenberg
- Closes #9855
-
-- curl-rustls.m4: on macOS, rustls also needs the Security framework
-
- Closes #9883
-
-Daniel Stenberg (10 Nov 2022)
-
-- rtsp: only store first_host once
-
- Suggested-by: Erik Janssen
- URL: https://github.com/curl/curl/pull/9870#issuecomment-1309499744
- Closes #9882
-
-Fata Nugraha (10 Nov 2022)
-
-- test3028: verify PROXY
-
-- http: do not send PROXY more than once
-
- Unlike `CONNECT`, currently we don't keep track whether `PROXY` is
- already sent or not. This causes `PROXY` header to be sent twice during
- `MSTATE_TUNNELING` and `MSTATE_PROTOCONNECT`.
-
- Closes #9878
- Fixes #9442
-
-Jay Satiro (10 Nov 2022)
-
-- lib: add CURL_WRITEFUNC_ERROR to signal write callback error
-
- Prior to this change if the user wanted to signal an error from their
- write callbacks they would have to use logic to return a value different
- from the number of bytes (nmemb) passed to the callback. Also, the
- inclination of some users has been to just return 0 to signal error,
- which is incorrect as that may be the number of bytes passed to the
- callback.
-
- To remedy this the user can now return CURL_WRITEFUNC_ERROR instead.
-
- Ref: https://github.com/curl/curl/issues/9873
-
- Closes https://github.com/curl/curl/pull/9874
-
-Daniel Stenberg (9 Nov 2022)
-
-- Revert "GHA: add scorecard.yml"
-
- This reverts commit ca76c79b34f9d90105674a2151bf228ff7b13bef.
-
-- GHA: add scorecard.yml
-
- add a "scorecard" scanner job
-
-Lorenzo Miniero (9 Nov 2022)
-
-- test3100: RTSP Basic authentication
-
- Closes #9449
-
-Daniel Stenberg (9 Nov 2022)
-
-- rtsp: fix RTSP auth
-
- Verified with test 3100
-
- Fixes #4750
- Closes #9870
-
-- KNOWN_BUGS: remove eight entries
-
- - 1.2 Multiple methods in a single WWW-Authenticate: header
-
- This is not considered a bug anymore but a restriction and one that we
- keep because we have NEVER gotten this reported by users in the wild and
- because of this I consider this a fringe edge case we don't need to
- support.
-
- - 1.6 Unnecessary close when 401 received waiting for 100
-
- This is not a bug, but possibly an optimization that *can* be done.
-
- - 1.7 Deflate error after all content was received
-
- This is not a curl bug. This happens due to broken servers.
-
- - 2.1 CURLINFO_SSL_VERIFYRESULT has limited support
-
- This is not a bug. This is just the nature of the implementation.
-
- - 2.2 DER in keychain
-
- This is not a bug.
-
- - 5.7 Visual Studio project gaps
-
- This is not a bug.
-
- - 15.14 cmake build is not thread-safe
-
- Fixed in 109e9730ee5e2b
-
- - 11.3 Disconnects do not do verbose
-
- This is not a bug.
-
- Closes #9871
-
-Hirotaka Tagawa (9 Nov 2022)
-
-- headers: add endif comments
-
- Closes #9853
-
-Daniel Stenberg (8 Nov 2022)
-
-- test1221: verify --url-query
-
-- curl: add --url-query
-
- This option adds a piece of data, usually a name + value pair, to the
- end of the URL query part. The syntax is identical to that used for
- --data-urlencode with one extension:
-
- If the argument starts with a '+' (plus), the rest of the string is
- provided as-is unencoded.
-
- This allows users to "build" query parts with options and URL encoding
- even when not doing GET requests, which the already provided option -G
- (--get) is limited to.
-
- This idea was born in a Twitter thread.
-
- Closes #9691
-
-- maketgz: set the right version in lib/libcurl.plist
-
- Follow-up to e498a9b1fe5964a18eb2a3a99dc52
-
- Make sure the tarball gets a version of the libcurl.plist file that is
- updated with the new version string.
-
- Reported-by: jvreelanda on github
- Fixes #9866
- Closes #9867
-
-- RELEASE-NOTES: synced
-
- Bumped version to 7.87.0
-
-Michael Drake (8 Nov 2022)
-
-- curl.h: add CURLOPT_CA_CACHE_TIMEOUT option
-
- Adds a new option to control the maximum time that a cached
- certificate store may be retained for.
-
- Currently only the OpenSSL backend implements support for
- caching certificate stores.
-
- Closes #9620
-
-- openssl: reduce CA certificate bundle reparsing by caching
-
- Closes #9620
-
-Rose (8 Nov 2022)
-
-- lib: fix some type mismatches and remove unneeded typecasts
-
- Many of these castings are unneeded if we change the variables to work
- better with each other.
-
- Ref: https://github.com/curl/curl/pull/9823
-
- Closes https://github.com/curl/curl/pull/9835
-
-Daniel Stenberg (8 Nov 2022)
-
-- cookie: compare cookie prefixes case insensitively
-
- Adapted to language in rfc6265bis draft-11.
-
- Closes #9863
-
- Reviewed-by: Daniel Gustafsson
-
-- tool_operate: when aborting, make sure there is a non-NULL error buffer
-
- To store custom errors in. Or SIGSEGVs will follow.
-
- Reported-by: Trail of Bits
- Closes #9865
-
-- WEBSOCKET.md: fix broken link
-
- Reported-by: Felipe Gasper
- Bug: https://curl.se/mail/lib-2022-10/0097.html
- Closes #9864
-
-- CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example
-
- Reported-by: Oskar Sigvardsson
-
- Bug: https://curl.se/mail/lib-2022-11/0016.html
-
- Closes #9862
-
-Stefan Eissing (7 Nov 2022)
-
-- websockets: fix handling of partial frames
-
- buffer used and send length calculations are fixed when a partial
- websocket frame has been received.
-
- Closes #9861
-
-Daniel Stenberg (7 Nov 2022)
-
-- mailmap: unify Stefan Eissing
-
-Stefan Eissing (7 Nov 2022)
-
-- hyper: fix handling of hyper_task's when reusing the same address
-
- Fixes #9840
- Closes #9860
-
-Jay Satiro (7 Nov 2022)
-
-- ws: return CURLE_NOT_BUILT_IN when websockets not built in
-
- - Change curl_ws_recv & curl_ws_send to return CURLE_NOT_BUILT_IN when
- websockets support is not built in.
-
- Prior to this change they returned CURLE_OK.
-
- Closes #9851
-
-Daniel Stenberg (7 Nov 2022)
-
-- noproxy: tailmatch like in 7.85.0 and earlier
-
- A regfression in 7.86.0 (via 1e9a538e05c010) made the tailmatch work
- differently than before. This restores the logic to how it used to work:
-
- All names listed in NO_PROXY are tailmatched against the used domain
- name, if the lengths are identical it needs a full match.
-
- Update the docs, update test 1614.
-
- Reported-by: Stuart Henderson
- Fixes #9842
- Closes #9858
-
-- configure: require fork for NTLM-WB
-
- Reported-by: ウさん
-
- Fixes #9847
- Closes #9856
-
-- docs/EARLY-RELEASE.md: how to determine an early release
-
- URL: https://curl.se/mail/lib-2022-10/0079.html
-
- Closes #9820
-
-- RELEASE-NOTES: synced
-
-Zespre Schmidt (3 Nov 2022)
-
-- docs: add missing parameters for --retry flag
-
- Closes #9848
-
-Adam Averay (3 Nov 2022)
-
-- libcurl-errors.3: remove duplicate word
-
- Closes #9846
-
-Eric Vigeant (3 Nov 2022)
-
-- cur_path: do not add '/' if homedir ends with one
-
- When using SFTP and a path relative to the user home, do not add a
- trailing '/' to the user home dir if it already ends with one.
-
- Closes #9844
-
-Viktor Szakats (1 Nov 2022)
-
-- windows: fail early with a missing windres in autotools
-
- `windres` is not always auto-detected by autotools when building for
- Windows. When this happened, the build failed with a confusing error due
- to the empty `RC` command:
-
- ```
- /bin/bash ../libtool --tag=RC --mode=compile -I../include -DCURL_EMBED_MANIF
- EST -i curl.rc -o curl.o
- [...]
- Usage: /sandbox/curl/libtool [OPTION]... [MODE-ARG]...
- Try 'libtool --help' for more information.
- libtool: error: unrecognised option: '-I../include'
- ```
-
- Improve this by verifying if `RC` is set, and fail with a clear error
- otherwise.
-
- Follow-up to 6de7322c03d5b4d91576a7d9fc893e03cc9d1057
-
- Ref: https://curl.se/mail/lib-2022-10/0049.html
- Reported-by: Thomas Glanzmann
- Closes #9781
-
-- lib: sync guard for Curl_getaddrinfo_ex() definition and use
-
- `Curl_getaddrinfo_ex()` gets _defined_ with `HAVE_GETADDRINFO` set. But,
- `hostip4.c` _used_ it with `HAVE_GETADDRINFO_THREADSAFE` set alone. It
- meant a build with the latter, but without the former flag could result
- in calling this function but not defining it, and failing to link.
-
- Patch this by adding an extra check for `HAVE_GETATTRINFO` around the
- call.
-
- Before this patch, build systems prevented this condition. Now they
- don't need to.
-
- While here, simplify the related CMake logic on Windows by setting
- `HAVE_GETADDRINFO_THREADSAFE` to the detection result of
- `HAVE_GETADDRINFO`. This expresses the following intent clearer than
- the previous patch and keeps the logic in a single block of code:
- When we have `getaddrinfo()` on Windows, it's always threadsafe.
-
- Follow-up to 67d88626d44ec04b9e11dca4cfbf62cd29fe9781
-
- Reviewed-by: Jay Satiro
- Closes #9734
-
-- tidy-up: process.h detection and use
-
- This patch aims to cleanup the use of `process.h` header and the macro
- `HAVE_PROCESS_H` associated with it.
-
- - `process.h` is always available on Windows. In curl, it is required
- only for `_beginthreadex()` in `lib/curl_threads.c`.
-
- - `process.h` is also available in MS-DOS. In curl, its only use was in
- `lib/smb.c` for `getpid()`. But `getpid()` is in fact declared by
- `unistd.h`, which is always enabled via `lib/config-dos.h`. So the
- header is not necessary.
-
- - `HAVE_PROCESS_H` was detected by CMake, forced to 1 on Windows and
- left to real detection for other platforms.
- It was also set to always-on in `lib/config-win32.h` and
- `lib/config-dos.h`.
- In autotools builds, there was no detection and the macro was never
- set.
-
- Based on these observations, in this patch we:
-
- - Rework Windows `getpid` logic in `lib/smb.c` to always use the
- equivalent direct Win32 API function `GetCurrentProcessId()`, as we
- already did for Windows UWP apps. This makes `process.h` unnecessary
- here on Windows.
-
- - Stop #including `process.h` into files where it was not necessary.
- This is everywhere, except `lib/curl_threads.c`.
-
- > Strangely enough, `lib/curl_threads.c` compiled fine with autotools
- > because `process.h` is also indirecty included via `unistd.h`. This
- > might have been broken in autotools MSVC builds, where the latter
- > header is missing.
-
- - Delete all remaining `HAVE_PROCESS_H` feature guards, for they were
- unnecessary.
-
- - Delete `HAVE_PROCESS_H` detection from CMake and predefined values
- from `lib/config-*.h` headers.
-
- Reviewed-by: Jay Satiro
- Closes #9703
-
-Daniel Stenberg (1 Nov 2022)
-
-- lib1301: unit103 turned into a libtest
-
- It is not a unit test so moved over to libtests.
-
-- strcase: use curl_str(n)equal for case insensitive matches
-
- No point in having two entry points for the same functions.
-
- Also merged the *safe* function treatment into these so that they can
- also be used when one or both pointers are NULL.
-
- Closes #9837
-
-- README.md: remove badges and xmas-tree garnish
-
- URL: https://curl.se/mail/lib-2022-10/0050.html
-
- Closes #9833
-
-Patrick Monnerat (1 Nov 2022)
-
-- gen.pl: do not generate CURLHELP bitmask lines > 79 characters
-
- If a command line option is in many help categories, there is a risk
- that CURLHELP bitmask source lines generated for listhelp are longer
- than 79 characters.
-
- This change takes care of folding such long lines.
-
- Cloes #9834
-
-Marc Hoersken (30 Oct 2022)
-
-- CI/cirrus: remove superfluous double-quotes and sudo
-
- Follow up to #9565 and #9677
- Closes #9738
-
-- tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
-
- Ref: #9738
-
-Daniel Stenberg (30 Oct 2022)
-
-- style: use space after comment start and before comment end
-
- /* like this */
-
- /*not this*/
-
- checksrc is updated accordingly
-
- Closes #9828
-
-Patrick Schlangen (30 Oct 2022)
-
-- docs: remove performance note in CURLOPT_SSL_VERIFYPEER
-
- This note became obsolete since PR #7892 (see also discussion in the PR
- comments).
-
- Closes #9832
-
-Daniel Stenberg (30 Oct 2022)
-
-- tests/server: make use of strcasecompare from lib/
-
- ... instead of having a second private implementation.
-
- Idea triggered by #9830
-
- Closes #9831
-
-- curl: timeout in the read callback
-
- The read callback can timeout if there's nothing to read within the
- given maximum period. Example use case is when doing "curl -m 3
- telnet://example.com" or anything else that expects input on stdin or
- similar that otherwise would "hang" until something happens and then not
- respect the timeout.
-
- This fixes KNOWN_BUG 8.1, first filed in July 2009.
-
- Bug: https://sourceforge.net/p/curl/bugs/846/
-
- Closes #9815
-
-- noproxy: fix tail-matching
-
- Also ignore trailing dots in both host name and comparison pattern.
-
- Regression in 7.86.0 (from 1e9a538e05c0)
-
- Extended test 1614 to verify better.
-
- Reported-by: Henning Schild
- Fixes #9821
- Closes #9822
-
-- docs: explain the noproxy CIDR notation support
-
- Follow-up to 1e9a538e05c0107c
-
- Closes #9818
-
-Jon Rumsey (27 Oct 2022)
-
-- os400: use platform socklen_t in Curl_getnameinfo_a
-
- Curl_getnameinfo_a() is prototyped before including curl.h as an
- ASCII'fied wrapper for getnameinfo(), which itself is prototyped with
- socklen_t arguments, so this should use the platform socklen_t and not
- curl_socklen_t too.
-
- Update setup-os400.h
-
- Fixes #9811
- Closes #9812
-
-Daniel Stenberg (27 Oct 2022)
-
-- noproxy: also match with adjacent comma
-
- If the host name is an IP address and the noproxy string contained that
- IP address with a following comma, it would erroneously not match.
-
- Extended test 1614 to verify this combo as well.
-
- Reported-by: Henning Schild
-
- Fixes #9813
- Closes #9814
-
-Randall S. Becker (27 Oct 2022)
-
-- build: fix for NonStop
-
- - Include arpa/inet.h in all units where htonl is called.
-
- Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
-
- Closes https://github.com/curl/curl/pull/9816
-
-- system.h: support 64-bit curl_off_t for NonStop 32-bit
-
- - Correctly define curl_off_t on NonStop (ie __TANDEM) ia64 and x86 for
- 32-bit builds.
-
- Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
-
- Closes https://github.com/curl/curl/pull/9817
-
-Daniel Stenberg (27 Oct 2022)
-
-- spellcheck.words: remove 'github' as an accepted word
-
- Prefer the properly cased version: GitHub
-
- Use markdown for links and GitHub in text.
-
- Closes #9810
-
-Ayesh Karunaratne (27 Oct 2022)
-
-- misc: typo and grammar fixes
-
- - Replace `Github` with `GitHub`.
- - Replace `windows` with `Windows`
- - Replace `advice` with `advise` where a verb is used.
- - A few fixes on removing repeated words.
- - Replace `a HTTP` with `an HTTP`
-
- Closes #9802
-
-Viktor Szakats (27 Oct 2022)
-
-- windows: fix linking .rc to shared curl with autotools
-
- `./configure --enable-shared --disable-static` fails when trying to link
- a shared `curl.exe`, due to `libtool` magically changing the output
- filename of `windres` to one that it doesn't find when linking:
-
- ```
- /bin/sh ../libtool --tag=RC --mode=compile windres -I../../curl/include -DCUR
- L_EMBED_MANIFEST -i ../../curl/src/curl.rc -o curl.o
- libtool: compile: windres -I../../curl/include -DCURL_EMBED_MANIFEST -i ../.
- ./curl/src/curl.rc -o .libs/curl.o
- [...]
- CCLD curl.exe
- clang: error: no such file or directory: 'curl.o'
- ```
-
- Let's resolve this by skipping `libtool` and calling `windres` directly
- when building `src` (aka `curl.exe`). Leave `lib` unchanged, as it does
- need the `libtool` magic. This solution is compatible with building
- a static `curl.exe`.
-
- This build scenario is not CI-tested.
-
- While here, delete an obsolete comment about a permanent `libtool`
- warning that we've resolved earlier.
-
- Regression from 6de7322c03d5b4d91576a7d9fc893e03cc9d1057
-
- Reported-by: Christoph Reiter
- Fixes #9803
- Closes #9805
-
-- cmake: really enable warnings with clang
-
- Even though `PICKY_COMPILER=ON` is the default, warnings were not
- enabled when using llvm/clang, because `CMAKE_COMPILER_IS_CLANG` was
- always false (in my tests at least).
-
- This is the single use of this variable in curl, and in a different
- place we already use `CMAKE_C_COMPILER_ID MATCHES "Clang"`, which works
- as expected, so change the condition to use that instead.
-
- Also fix the warnings uncovered by the above:
-
- - lib: add casts to silence clang warnings
-
- - schannel: add casts to silence clang warnings in ALPN code
-
- Assuming the code is correct, solve the warnings with a cast.
- This particular build case isn't CI tested.
-
- There is a chance the warning is relevant for some platforms, perhaps
- Windows 32-bit ARM7.
-
- Closes #9783
-
-Joel Depooter (26 Oct 2022)
-
-- sendf: remove unnecessary if condition
-
- At this point, the psnd->buffer will always exist. We have already
- allocated a new buffer if one did not previously exist, and returned
- from the function if the allocation failed.
-
- Closes #9801
-
-Viktor Szakats (26 Oct 2022)
-
-- winidn: drop WANT_IDN_PROTOTYPES
-
- `WANT_IDN_PROTOTYPES` was necessary to avoid using a header that came
- via an optional package. MS stopped distributing this package some
- years ago and the winidn definitions are part of standard headers (via
- `windows.h`) since Vista.
-
- Auto-detect Vista inside `lib/idn_win32.c` and enable the manual
- definitions if building for an older Windows.
-
- This allows to delete this manual knob from all build-systems.
-
- Also drop the `_SAL_VERSION` sub-case:
-
- Our manual definitions are now only enabled with old systems. We assume
- that code analysis is not run on such systems, allowing us to delete the
- SAL-friendly flavour of these.
-
- Reviewed-by: Jay Satiro
- Closes #9793
-
-Daniel Stenberg (26 Oct 2022)
-
-- misc: remove duplicated include files
-
- Closes #9796
-
-- scripts/checksrc.pl: detect duplicated include files
-
- After an idea by Dan Fandrich in #9794
-
- Closes #9796
-
-- RELEASE-NOTES: synced
-
- And bumped version to 7.86.1 for now
-
-- CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE
-
- The removal is brief or long, don't assume.
-
- Reported-by: Luca Niccoli
-
- Fixes #9799
- Closes #9800
-
-Version 7.86.0 (26 Oct 2022)
-
-Daniel Stenberg (26 Oct 2022)
-
-- RELEASE: synced
-
- The 7.86.0 release
-
-- THANKS: added from the 7.86.0 release
-
-Viktor Szakats (25 Oct 2022)
-
-- noproxy: include netinet/in.h for htonl()
-
- Solve the Amiga build warning by including `netinet/in.h`.
-
- `krb5.c` and `socketpair.c` are using `htonl()` too. This header is
- already included in those sources.
-
- Regression from 1e9a538e05c0107c54ef81d9de7cd0b27cd13309
-
- Reviewed-by: Daniel Stenberg
- Closes #9787
-
-Marc Hoersken (24 Oct 2022)
-
-- CI: fix AppVeyor status failing for starting jobs
-
-Daniel Stenberg (24 Oct 2022)
-
-- test445: verifies the protocols-over-http-proxy flaw and fix
-
-- http_proxy: restore the protocol pointer on error
-
- Reported-by: Trail of Bits
-
- Closes #9790
-
-- multi: remove duplicate include of connect.h
-
- Reported-by: Martin Strunz
- Fixes #9794
- Closes #9795
-
-Daniel Gustafsson (24 Oct 2022)
-
-- idn: fix typo in test description
-
- s/enabked/enabled/i
-
-Daniel Stenberg (24 Oct 2022)
-
-- url: use IDN decoded names for HSTS checks
-
- Reported-by: Hiroki Kurosawa
-
- Closes #9791
-
-- unit1614: fix disabled-proxy build
-
- Follow-up to 1e9a538e05c01
-
- Closes #9792
-
-Daniel Gustafsson (24 Oct 2022)
-
-- cookies: optimize control character check
-
- When checking for invalid octets the strcspn() call will return the
- position of the first found invalid char or the first NULL byte.
- This means that we can check the indicated position in the search-
- string saving a strlen() call.
-
- Closes: #9736
- Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
-
-Daniel Stenberg (24 Oct 2022)
-
-- netrc: replace fgets with Curl_get_line
-
- Make the parser only accept complete lines and avoid problems with
- overly long lines.
-
- Reported-by: Hiroki Kurosawa
-
- Closes #9789
-
-- RELEASE-NOTES: add "Planned upcoming removals include"
-
- URL: https://curl.se/mail/archive-2022-10/0001.html
-
- Suggested-by: Dan Fandrich
-
-Viktor Szakats (23 Oct 2022)
-
-- ci: bump to gcc-11 for macos
-
- Ref: https://github.blog/changelog/2022-10-03-github-actions-jobs-running-on-
- macos-latest-are-now-running-on-macos-12/
- Ref: https://github.com/actions/runner-images/blob/main/images/macos/macos-12
- -Readme.md
-
- Reviewed-by: Max Dymond
- Closes #9785
-
-- Makefile.m32: reintroduce CROSSPREFIX and -W -Wall [ci skip]
-
- - Reintroduce `CROSSPREFIX`:
-
- If set, we add it to the `CC` and `AR` values, and to the _default_
- value of `RC`, which is `windres`. This allows to control each of
- these individidually, while also allowing to simplify configuration
- via `CROSSPREFIX`.
-
- This variable worked differently earlier. Hopefully this new solution
- hits a better compromise in usefulness/complexity/flexibility.
-
- Follow-up to: aa970c4c08775afcd0c2853be89b0a6f02582d50
-
- - Enable warnings again:
-
- This time with an option to override it via `CFLAGS`. Warnings are
- also enabled by default in CMake, `makefile.dj` and `makefile.amiga`
- builds (not in autotools though).
-
- Follow-up to 10fbd8b4e3f83b967fd9ad9a41ab484c0e7e7ca3
-
- Closes #9784
-
-- noproxy: silence unused variable warnings with no ipv6
-
- Follow-up to 36474f1050c7f4117e3c8de6cc9217cfebfc717d
-
- Reviewed-by: Daniel Stenberg
- Closes #9782
-
-Daniel Stenberg (22 Oct 2022)
-
-- test644: verify --xattr (with redirect)
-
-- tool_xattr: save the original URL, not the final redirected one
-
- Adjusted test 1621 accordingly.
-
- Reported-by: Viktor Szakats
- Fixes #9766
- Closes #9768
-
-- docs: make sure libcurl opts examples pass in long arguments
-
- Reported-by: Sergey
- Fixes #9779
- Closes #9780
-
-Marc Hoersken (21 Oct 2022)
-
-- CI: fix AppVeyor job links only working for most recent build
-
- Ref: https://github.com/curl/curl/pull/9768#issuecomment-1286675916
- Reported-by: Daniel Stenberg
-
- Follow up to #9769
-
-Viktor Szakats (21 Oct 2022)
-
-- noproxy: fix builds without AF_INET6
-
- Regression from 1e9a538e05c0107c54ef81d9de7cd0b27cd13309
-
- Reviewed-by: Daniel Stenberg
-
- Closes #9778
-
-Daniel Stenberg (21 Oct 2022)
-
-- noproxy: support proxies specified using cidr notation
-
- For both IPv4 and IPv6 addresses. Now also checks IPv6 addresses "correctly"
- and not with string comparisons.
-
- Split out the noproxy checks and functionality into noproxy.c
-
- Added unit test 1614 to verify checking functions.
-
- Reported-by: Mathieu Carbonneaux
-
- Fixes #9773
- Fixes #5745
- Closes #9775
-
-- urlapi: remove two variable assigns
-
- To please scan-build:
-
- urlapi.c:1163:9: warning: Value stored to 'qlen' is never read
- qlen = Curl_dyn_len(&enc);
- ^ ~~~~~~~~~~~~~~~~~~
- urlapi.c:1164:9: warning: Value stored to 'query' is never read
- query = u->query = Curl_dyn_ptr(&enc);
- ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
- Follow-up to 7d6cf06f571d57
-
- Closes #9777
-
-Jeremy Maitin-Shepard (21 Oct 2022)
-
-- cmake: improve usability of CMake build as a sub-project
-
- - Renames `uninstall` -> `curl_uninstall`
- - Ensures all export rules are guarded by CURL_ENABLE_EXPORT_TARGET
-
- Closes #9638
-
-Don J Olmstead (21 Oct 2022)
-
-- easy_lock: check for HAVE_STDATOMIC_H as well
-
- The check for `HAVE_STDATOMIC_H` looks to see if the `stdatomic.h`
- header is present.
-
- Closes #9755
-
-Daniel Stenberg (21 Oct 2022)
-
-- RELEASE-NOTES: synced
-
-Brad Harder (20 Oct 2022)
-
-- CURLMOPT_PIPELINING.3: dedup manpage xref
-
- Closes #9776
-
-Marc Hoersken (20 Oct 2022)
-
-- CI: report AppVeyor build status for each job
-
- Also give each job on AppVeyor CI a human-readable name.
-
- This aims to make job and therefore build failures more visible.
-
- Reviewed-by: Marcel Raad
- Closes #9769
-
-Viktor Szakats (20 Oct 2022)
-
-- amiga: set SIZEOF_CURL_OFF_T=8 by default [ci skip]
-
- Reviewed-by: Daniel Stenberg
-
- Closes #9771
-
-- connect: fix builds without AF_INET6
-
- Regression from 2b309560c1e5d6ed5c0e542e6fdffa968b0521c9
-
- Reviewed-by: Daniel Stenberg
- Reviewed-by: Jay Satiro
-
- Closes #9770
-
-Daniel Stenberg (20 Oct 2022)
-
-- test1105: adjust <data> to work with a hyper build
-
- Closes #9767
-
-- urlapi: fix parsing URL without slash with CURLU_URLENCODE
-
- When CURLU_URLENCODE is set, the parser would mistreat the path
- component if the URL was specified without a slash like in
- http://local.test:80?-123
-
- Extended test 1560 to reproduce and verify the fix.
-
- Reported-by: Trail of Bits
-
- Closes #9763
-
-Marc Hoersken (19 Oct 2022)
-
-- tests: avoid CreateThread if _beginthreadex is available
-
- CreateThread is not threadsafe if mixed with CRT calls.
- _beginthreadex on the other hand can be mixed with CRT.
-
- Reviewed-by: Marcel Raad
- Closes #9705
-
-Joel Depooter (19 Oct 2022)
-
-- schannel: Don't reset recv/send function pointers on renegotiation
-
- These function pointers will have been set when the initial TLS
- handshake was completed. If they are unchanged, there is no need to set
- them again. If they have been changed, as is the case with HTTP/2, we
- don't want to override that change. That would result in the
- http22_recv/send functions being completely bypassed.
-
- Prior to this change a connection that uses Schannel with HTTP/2 would
- fail on renegotiation with error "Received HTTP/0.9 when not allowed".
-
- Fixes https://github.com/curl/curl/issues/9451
- Closes https://github.com/curl/curl/pull/9756
-
-Viktor Szakats (18 Oct 2022)
-
-- hostip: guard PF_INET6 use
-
- Some platforms (e.g. Amiga OS) do not have `PF_INET6`. Adjust the code
- for these.
-
- ```
- hostip.c: In function 'fetch_addr':
- hostip.c:308:12: error: 'PF_INET6' undeclared (first use in this function)
- pf = PF_INET6;
- ^~~~~~~~
- ```
-
- Regression from 1902e8fc511078fb5e26fc2b907b4cce77e1240d
-
- Reviewed-by: Daniel Stenberg
-
- Closes #9760
-
-- amiga: do not hardcode openssl/zlib into the os config [ci skip]
-
- Enable them in `lib/makefile.amiga` and `src/makefile.amiga` instead.
-
- This allows builds without openssl and/or zlib. E.g. with the
- <https://github.com/bebbo/amiga-gcc> cross-compiler.
-
- Reviewed-by: Daniel Stenberg
-
- Closes #9762
-
-- amigaos: add missing curl header [ci skip]
-
- Without it, `CURLcode` and `CURLE_*` are undefined. `lib/hostip.h` and
- conditional local code need them.
-
- Reviewed-by: Daniel Stenberg
-
- Closes #9761
-
-Daniel Stenberg (18 Oct 2022)
-
-- cmdline/docs: add a required 'multi' keyword for each option
-
- The keyword specifies how option works when specified multiple times:
-
- - single: the last provided value replaces the earlier ones
- - append: it supports being provided multiple times
- - boolean: on/off values
- - mutex: flag-like option that disable anoter flag
-
- The 'gen.pl' script then outputs the proper and unified language for
- each option's multi-use behavior in the generated man page.
-
- The multi: header is requires in each .d file and will cause build error
- if missing or set to an unknown value.
-
- Closes #9759
-
-- CURLOPT_AUTOREFERER.3: highlight the privacy leak risk
-
- Closes #9757
-
-- mprintf: reject two kinds of precision for the same argument
-
- An input like "%.*1$.9999d" would first use the precision taken as an
- argument *and* then the precision specified in the string, which is
- confusing and wrong. pass1 will now instead return error on this double
- use.
-
- Adjusted unit test 1398 to verify
-
- Reported-by: Peter Goodman
-
- Closes #9754
-
-- ftp: remove redundant if
-
- Reported-by: Trail of Bits
-
- Closes #9753
-
-- tool_operate: more transfer cleanup after parallel transfer fail
-
- In some circumstances when doing parallel transfers, the
- single_transfer_cleanup() would not be called and then 'inglob' could
- leak.
-
- Test 496 verifies
-
- Reported-by: Trail of Bits
- Closes #9749
-
-- mqtt: spell out CONNECT in comments
-
- Instead of calling it 'CONN' in several comments, use the full and
- correct protocol packet name.
-
- Suggested by Trail of Bits
-
- Closes #9751
-
-- CURLOPT_POSTFIELDS.3: refer to CURLOPT_MIMEPOST
-
- Not the deprecated CURLOPT_HTTPPOST option.
-
- Also added two see-alsos.
-
- Reported-by: Trail of Bits
- Closes #9752
-
-- RELEASE-NOTES: synced
-
-Jay Satiro (17 Oct 2022)
-
-- ngtcp2: Fix build errors due to changes in ngtcp2 library
-
- ngtcp2/ngtcp2@b0d86f60 changed:
-
- - ngtcp2_conn_get_max_udp_payload_size =>
- ngtcp2_conn_get_max_tx_udp_payload_size
-
- - ngtcp2_conn_get_path_max_udp_payload_size =>
- ngtcp2_conn_get_path_max_tx_udp_payload_size
-
- ngtcp2/ngtcp2@ec59b873 changed:
-
- - 'early_data_rejected' member added to ng_callbacks.
-
- Assisted-by: Daniel Stenberg
- Reported-by: jurisuk@users.noreply.github.com
-
- Fixes https://github.com/curl/curl/issues/9747
- Closes https://github.com/curl/curl/pull/9748
-
-Daniel Stenberg (16 Oct 2022)
-
-- curl_path: return error if given a NULL homedir
-
- Closes #9740
-
-- libssh: if sftp_init fails, don't get the sftp error code
-
- This flow extracted the wrong code (sftp code instead of ssh code), and
- the code is sometimes (erroneously) returned as zero anyway, so skip
- getting it and set a generic error.
-
- Reported-by: David McLaughlin
- Fixes #9737
- Closes #9740
-
-- mqtt: return error for too long topic
-
- Closes #9744
-
-Rickard Hallerbäck (16 Oct 2022)
-
-- tool_paramhlp: make the max argument a 'double'
-
- To fix compiler warnings "Implicit conversion from 'long' to 'double'
- may lose precision"
-
- Closes #9700
-
-Philip Heiduck (15 Oct 2022)
-
-- cirrus-ci: add more macOS builds with m1 based on x86_64 builds
-
- Also refactor macOS builds to use task matrix.
-
- Assisted-by: Marc Hörsken
- Closes #9565
-
-Viktor Szakats (14 Oct 2022)
-
-- cmake: set HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID on Windows
-
- `lib/config-win32.h` enables this configuration option unconditionally.
- Make it apply to CMake builds as well.
-
- While here, delete a broken check for
- `HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID` from `CMakeLists.txt`. This came with
- the initial commit [1], but did not include the actual verification code
- inside `CMake/CurlTests.c`, so it always failed. A later commit [2]
- added a second test, for non-Windows platforms.
-
- Enabling this flag causes test 1056 to fail with CMake builds, as they
- do with autotools builds. Let's apply the same solution and ignore the
- results here as well.
-
- [1] 4c5307b45655ba75ab066564afdc0c111a8b9291
- [2] aec7c5a87c8482b6ddffa352d7d220698652262e
-
- Reviewed-by: Daniel Stenberg
- Assisted-by: Marcel Raad
-
- Closes #9726
-
-- cmake: set HAVE_GETADDRINFO_THREADSAFE on Windows
-
- autotools enables this configuration option unconditionally for Windows
- [^1]. Do the same in CMake.
-
- The above will make this work for all reasonably recent environments.
- The logic present in `lib/config-win32.h` [^2] has the following
- exceptions which we did not cover in this CMake update:
-
- - Builds targeting Windows 2000 and earlier
- - MS Visual C++ 5.0 (1997) and earlier
-
- Also make sure to disable this feature when `HAVE_GETADDRINFO` isn't
- set, to avoid a broken build. We might want to handle that in the C
- sources in a future commit.
-
- [^1]: https://github.com/curl/curl/blob/68fa9bf3f5d7b4fcbb57619f70cb4aabb79a5
- 1f6/m4/curl-functions.m4#L2067-L2070
-
- [^2]: https://github.com/curl/curl/blob/68fa9bf3f5d7b4fcbb57619f70cb4aabb79a5
- 1f6/lib/config-win32.h#L511-L528
-
- Closes #9727
-
-- cmake: sync HAVE_SIGNAL detection with autotools
-
- `HAVE_SIGNAL` means the availability of the `signal()` function in
- autotools, while in CMake it meant the availability of that function
- _and_ the symbol `SIGALRM`.
-
- The latter is not available on Windows, but the function is, which means
- on Windows, autotools did define `HAVE_SIGNAL`, but CMake did not,
- introducing a slight difference into the binaries.
-
- This patch syncs CMake behaviour with autotools to look for the function
- only.
-
- The logic came with the initial commit adding CMake support to curl, so
- the commit history doesn't reveal the reason behind it. In any case,
- it's best to check the existence of `SIGALRM` directly in the source
- before use. For now, curl builds fine with `HAVE_SIGNAL` enabled and
- `SIGALRM` missing.
-
- Follow-up to 68fa9bf3f5d7b4fcbb57619f70cb4aabb79a51f6
-
- Closes #9725
-
-- cmake: delete duplicate HAVE_GETADDRINFO test
-
- A custom `HAVE_GETADDRINFO` check came with the initial CMake commit
- [1]. A later commit [2] added a standard check for it as well. The
- standard check run before the custom one, so CMake ignored the latter.
-
- The custom check was also non-portable, so this patch deletes it in
- favor of the standard check.
-
- [1] 4c5307b45655ba75ab066564afdc0c111a8b9291
- [2] aec7c5a87c8482b6ddffa352d7d220698652262e
-
- Closes #9731
-
-Daniel Stenberg (14 Oct 2022)
-
-- tool_formparse: unroll the NULL_CHECK and CONST_FREE macros
-
- To make the code read more obvious
-
- Assisted-by: Jay Satiro
-
- Closes #9710
-
-Christopher Sauer (14 Oct 2022)
-
-- docs/INSTALL: update Android Instructions for newer NDKs
-
- Closes #9732
-
-Daniel Stenberg (14 Oct 2022)
-
-- markdown-uppercase: ignore quoted sections
-
- Sections within the markdown ~~~ or ``` are now ignored.
-
- Closes #9733
-
-- RELEASE-NOTES: synced
-
-- test8: update as cookies no longer can have "embedded" TABs in content
-
-- test1105: extend to verify TAB in name/content discarding cookies
-
-- cookie: reject cookie names or content with TAB characters
-
- TABs in name and content seem allowed by RFC 6265: "the algorithm strips
- leading and trailing whitespace from the cookie name and value (but
- maintains internal whitespace)"
-
- Cookies with TABs in the names are rejected by Firefox and Chrome.
-
- TABs in content are stripped out by Firefox, while Chrome discards the
- whole cookie.
-
- TABs in cookies also cause issues in saved netscape cookie files.
-
- Reported-by: Trail of Bits
-
- URL: https://curl.se/mail/lib-2022-10/0032.html
- URL: https://github.com/httpwg/http-extensions/issues/2262
-
- Closes #9659
-
-- curl/add_parallel_transfers: better error handling
-
- 1 - consider the transfer handled at once when in the function, to avoid
- the same list entry to get added more than once in rare error
- situations
-
- 2 - set the ERRORBUFFER for the handle first after it has been added
- successfully
-
- Reported-by: Trail of Bits
-
- Closes #9729
-
-- netrc: remove the two 'changed' arguments
-
- As no user of these functions used the returned content.
-
-- test495: verify URL encoded user name + netrc-optional
-
- Reproduced issue #9709
-
-- netrc: use the URL-decoded user
-
- When the user name is provided in the URL it is URL encoded there, but
- when used for authentication the encoded version should be used.
-
- Regression introduced after 7.83.0
-
- Reported-by: Jonas Haag
- Fixes #9709
- Closes #9715
-
-Shaun Mirani (13 Oct 2022)
-
-- url: allow non-HTTPS HSTS-matching for debug builds
-
- Closes #9728
-
-Daniel Stenberg (13 Oct 2022)
-
-- test1275: remove the check of stderr
-
- To avoid the mysterious test failures on Windows, instead rely on the
- error code returned on failure.
-
- Fixes #9716
- Closes #9723
-
-Viktor Szakats (13 Oct 2022)
-
-- lib: set more flags in config-win32.h
-
- The goal is to add any flag that affect the created binary, to get in
- sync with the ones built with CMake and autotools.
-
- I took these flags from curl-for-win [0], where they've been tested with
- mingw-w64 and proven to work well.
-
- This patch brings them to curl as follows:
-
- - Enable unconditionally those force-enabled via
- `CMake/WindowsCache.cmake`:
-
- - `HAVE_SETJMP_H`
- - `HAVE_STRING_H`
- - `HAVE_SIGNAL` (CMake equivalent is `HAVE_SIGNAL_FUNC`)
-
- - Expand existing guards with mingw-w64:
-
- - `HAVE_STDBOOL_H`
- - `HAVE_BOOL_T`
-
- - Enable Win32 API functions for Windows Vista and later:
-
- - `HAVE_INET_NTOP`
- - `HAVE_INET_PTON`
-
- - Set sizes, if not already set:
-
- - `SIZEOF_OFF_T = 8`
- - `_FILE_OFFSET_BITS = 64` when `USE_WIN32_LARGE_FILES` is set,
- and using mingw-w64.
-
- - Add the remaining for mingw-w64 only. Feel free to expand as desired:
-
- - `HAVE_LIBGEN_H`
- - `HAVE_FTRUNCATE`
- - `HAVE_BASENAME`
- - `HAVE_STRTOK_R`
-
- Future TODO:
-
- - `HAVE_SIGNAL` has a different meaning in CMake. It's enabled when both
- the `signal()` function and the `SIGALRM` macro are found. In
- autotools and this header, it means the function only. For the
- function alone, CMake uses `HAVE_SIGNAL_FUNC`.
-
- [0] https://github.com/curl/curl-for-win/blob/c9b9a5f273c94c73d2b565ee892c4df
- f0ca97a8c/curl-m32.sh#L53-L58
-
- Reviewed-by: Daniel Stenberg
-
- Closes #9712
-
-Daniel Stenberg (13 Oct 2022)
-
-- tests: add tests/markdown-uppercase.pl to dist tarball
-
- Follow-up to aafb06c5928183d
-
- Closes #9722
-
-- tool_paramhelp: asserts verify maximum sizes for string loading
-
- The two defines MAX_FILE2MEMORY and MAX_FILE2STRING define the largest
- strings accepted when loading files into memory, but as the size is
- later used as input to functions that take the size as 'int' as
- argument, the sizes must not be larger than INT_MAX.
-
- These two new assert()s make the code error out if someone would bump
- the sizes without this consideration.
-
- Reported-by Trail of Bits
-
- Closes #9719
-
-- http: try parsing Retry-After: as a number first
-
- Since the date parser allows YYYYMMDD as a date format (due to it being
- a bit too generic for parsing this particular header), a large integer
- number could wrongly match that pattern and cause the parser to generate
- a wrong value.
-
- No date format accepted for this header starts with a decimal number, so
- by reversing the check and trying a number first we can deduct that if
- that works, it was not a date.
-
- Reported-by Trail of Bits
-
- Closes #9718
-
-Patrick Monnerat (13 Oct 2022)
-
-- doc: fix deprecation versions inconsistencies
-
- Ref: https://curl.se/mail/lib-2022-10/0026.html
-
- Closes #9711
-
-Daniel Stenberg (13 Oct 2022)
-
-- http_aws_sigv4: fix strlen() check
-
- The check was off-by-one leading to buffer overflow.
-
- Follow-up to 29c4aa00a16872
-
- Detected by OSS-Fuzz
-
- Closes #9714
-
-- curl/main_checkfds: check the fcntl return code better
-
- fcntl() can (in theory) return a non-zero number for success, so a
- better test for error is checking for -1 explicitly.
-
- Follow-up to 41e1b30ea1b77e9ff
-
- Mentioned-by: Dominik Klemba
-
- Closes #9708
-
-Viktor Szakats (12 Oct 2022)
-
-- tidy-up: delete unused HAVE_STRUCT_POLLFD
-
- It was only defined in `lib/config-win32.h`, when building for Vista.
-
- It was only used in `select.h`, in a condition that also included a
- check for `POLLIN` which is a superior choice for this detection and
- which was already used by cmake and autotools builds.
-
- Delete both instances of this macro.
-
- Closes #9707
-
-Daniel Stenberg (12 Oct 2022)
-
-- test1275: verify upercase after period in markdown
-
- Script based on the #9474 pull-request logic, but implemented in perl.
-
- Updated docs/URL-SYNTAX.md accordingly.
-
- Suggested-by: Dan Fandrich
-
- Closes #9697
-
-12932 (12 Oct 2022)
-
-- misc: nitpick grammar in comments/docs
-
- because the 'u' in URL is actually a consonant *sound* it is only
- correct to write "a URL"
-
- sorry this is a bit nitpicky :P
-
- https://english.stackexchange.com/questions/152/when-should-i-use-a-vs-an
- https://www.techtarget.com/whatis/feature/Which-is-correct-a-URL-or-an-URL
-
- Closes #9699
-
-Viktor Szakats (11 Oct 2022)
-
-- Makefile.m32: drop CROSSPREFIX and our CC/AR defaults [ci skip]
-
- This patch aimed to fix a regression [0], where `CC` initialization
- moved beyond its first use. But, on closer inspection it turned out that
- the `CC` initialization does not work as expected due to GNU Make
- filling it with `cc` by default. So unless implicit values were
- explicitly disabled via a GNU Make option, the default value of
- `$CROSSPREFIX` + `gcc` was never used. At the same time the implicit
- value `cc` maps to `gcc` in (most/all?) MinGW envs.
-
- `AR` has the same issue, with a default value of `ar`.
-
- We could reintroduce a separate variable to fix this without ill
- effects, but for simplicity and flexibility, it seems better to drop
- support for `CROSSPREFIX`, along with our own `CC`/`AR` init logic, and
- require the caller to initialize `CC`, `AR` and `RC` to the full
- (prefixed if necessary) names of these tools, as desired.
-
- We keep `RC ?= windres` because `RC` is empty by default.
-
- Also fix grammar in a comment.
-
- [0] 10fbd8b4e3f83b967fd9ad9a41ab484c0e7e7ca3
-
- Closes #9698
-
-- smb: replace CURL_WIN32 with WIN32
-
- PR #9255 aimed to fix a Cygwin/MSYS issue (#8220). It used the
- `CURL_WIN32` macro, but that one is not defined here, while compiling
- curl itself. This patch changes this to `WIN32`, assuming this was the
- original intent.
-
- Regression from 1c52e8a3795ccdf8ec9c308f4f8f19cf10ea1f1a
-
- Reviewed-by: Marcel Raad
-
- Closes #9701
-
-Matthias Gatto (11 Oct 2022)
-
-- aws_sigv4: fix header computation
-
- Handle canonical headers and signed headers creation as explained here:
- https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.
- html
-
- The algo tells that signed and canonical must contain at last host and
- x-amz-date.
-
- So we check whatever thoses are present in the curl http headers list.
- If they are, we use the one enter by curl user, otherwise we generate
- them. then we to lower, and remove space from each http headers plus
- host and x-amz-date, then sort them all by alphabetical order.
-
- This patch also fix a bug with host header, which was ignoring the port.
-
- Closes #7966
-
-Aftab Alam (11 Oct 2022)
-
-- README.md: link the curl logo to the website
-
- - Link the curl:// image to https://curl.se/
-
- Closes https://github.com/curl/curl/pull/9675
-
-Dustin Howett (11 Oct 2022)
-
-- schannel: when importing PFX, disable key persistence
-
- By default, the PFXImportCertStore API persists the key in the user's
- key store (as though the certificate was being imported for permanent,
- ongoing use.)
-
- The documentation specifies that keys that are not to be persisted
- should be imported with the flag PKCS12_NO_PERSIST_KEY.
- NOTE: this flag is only supported on versions of Windows newer than XP
- and Server 2003.
-
- --
-
- This is take 2 of the original fix. It extends the lifetime of the
- client certificate store to that of the credential handle. The original
- fix which landed in 70d010d and was later reverted in aec8d30 failed to
- work properly because it did not do that.
-
- Minor changes were made to the schannel credential context to support
- closing the client certificate store handle at the end of an SSL session.
-
- --
-
- Reported-by: ShadowZzj@users.noreply.github.com
-
- Fixes https://github.com/curl/curl/issues/9300
- Supersedes https://github.com/curl/curl/pull/9363
- Closes https://github.com/curl/curl/pull/9460
-
-Viktor Szakats (11 Oct 2022)
-
-- Makefile.m32: support more options [ci skip]
-
- - Add support for these options:
- `-wolfssl`, `-wolfssh`, `-mbedtls`, `-libssh`, `-psl`
-
- Caveats:
- - `-wolfssh` requires `-wolfssl`.
- - `-wolfssl` cannot be used with OpenSSL backends in parallel.
- - `-libssh` has build issues with BoringSSL and LibreSSL, and also
- what looks like a world-writable-config vulnerability on Windows.
- Consider it experimental.
- - `-psl` requires `-idn2` and extra libs passed via
- `LIBS=-liconv -lunistring`.
-
- - Detect BoringSSL/wolfSSL and set ngtcp2 crypto lib accordingly.
- - Generalize MultiSSL detection.
- - Use else-if syntax. Requires GNU Make 3.81 (2006-04-01).
- - Document more customization options.
-
- This brings over some configuration logic from `curl-for-win`.
-
- Closes #9680
-
-- cmake: enable more detection on Windows
-
- Enable `HAVE_UNISTD_H`, `HAVE_STRTOK_R` and `HAVE_STRCASECMP` detection
- on Windows, instead of having predefined values.
-
- With these features detected correctly, CMake Windows builds get closer
- to the autotools and `config-win32.h` ones.
-
- This also fixes detecting `HAVE_FTRUNCATE` correctly, which required
- `unistd.h`.
-
- Fixing `ftruncate()` in turn causes a build warning/error with legacy
- MinGW/MSYS1 due to an offset type size mismatch. This env misses to
- detect `HAVE_FILE_OFFSET_BITS`, which may be a reason. This patch
- force-disables `HAVE_FTRUNCATE` for this platform.
-
- Reviewed-by: Daniel Stenberg
-
- Closes #9687
-
-- autotools: allow unix sockets on Windows
-
- Fixes: https://github.com/curl/curl-for-win/blob/73a070d96fd906fdee929e2f1f00
- a9149fb39239/curl-autotools.sh#L44-L47
-
- On Windows this feature is present, but not the header used in the
- detection logic. It also requires an elaborate enabler logic
- (as seen in `lib/curl_setup.h`). Let's always allow it and let the
- lib code deal with the details.
-
- Closes #9688
-
-- cmake: add missing inet_ntop check
-
- This adds the missing half of the check, next to the other half
- already present in `lib/curl_config.h.cmake`.
-
- Force disable `HAVE_INET_NTOP` for old MSVC where it caused compiler
- warnings.
-
- Reviewed-by: Daniel Stenberg
-
- Closes #9689
-
-Daniel Stenberg (11 Oct 2022)
-
-- RELEASE-NOTES: synced
-
-bsergean on github (11 Oct 2022)
-
-- asyn-ares: set hint flags when calling ares_getaddrinfo
-
- The hint flag is ARES_AI_NUMERICSERV, and it will save a call to
- getservbyname or getservbyname_r to set it.
-
- Closes #9694
-
-Daniel Stenberg (11 Oct 2022)
-
-- header.d: add category smtp and imap
-
- They were previously (erroneously) added manually to tool_listhelp.c
- which would make them get removed again when the file is updated next
- time, unless added correctly here in header.d
-
- Follow-up to 2437fac01
-
- Closes #9690
-
-- curl/get_url_file_name: use libcurl URL parser
-
- To avoid URL tricks, use the URL parser for this.
-
- This update changes curl's behavior slightly in that it will ignore the
- possible query part from the URL and only use the file name from the
- actual path from the URL. I consider it a bugfix.
-
- "curl -O localhost/name?giveme-giveme" will now save the output in the
- local file named 'name'
-
- Updated test 1210 to verify
-
- Assisted-by: Jay Satiro
-
- Closes #9684
-
-Martin Ågren (11 Oct 2022)
-
-- docs: fix grammar around needing pass phrase
-
- "You never needed a pass phrase" reads like it's about to be followed by
- something like "until version so-and-so", but that is not what is
- intended. Change to "You never need a pass phrase". There are two
- instances of this text, so make sure to update both.
-
-Xiang Xiao (10 Oct 2022)
-
-- cmake: add the check of HAVE_SOCKETPAIR
-
- which is used by Curl_socketpair
-
- Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
-
- Closes #9686
-
-Daniel Stenberg (10 Oct 2022)
-
-- curl/add_file_name_to_url: use the libcurl URL parser
-
- instead of the custom error-prone parser, to extract and update the path
- of the given URL
-
- Closes #9683
-
-- single_transfer: use the libcurl URL parser when appending query parts
-
- Instead of doing "manual" error-prone parsing in another place.
-
- Used when --data contents is added to the URL query when -G is provided.
-
- Closes #9681
-
-- ws: fix buffer pointer use in the callback loop
-
- Closes #9678
-
-Petr Štetiar (10 Oct 2022)
-
-- curl-wolfssl.m4: error out if wolfSSL is not usable
-
- When I explicitly declare, that I would like to have curl built with
- wolfSSL support using `--with-wolfssl` configure option, then I would
- expect, that either I endup with curl having that support, for example
- in form of https support or it wouldn't be available at all.
-
- Downstream projects like for example OpenWrt build curl wolfSSL variant
- with `--with-wolfssl` already, but in certain corner cases it does fail:
-
- configure:25299: checking for wolfSSL_Init in -lwolfssl
- configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip]
- In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.
- h:33,
- from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_
- public.h:35,
- from target-x86_64_musl/usr/include/wolfssl/ssl.h:35,
- from conftest.c:47:
- target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal err
- or: wolfssl/wolfcrypt/sp_int.h: No such file or directory
- #include <wolfssl/wolfcrypt/sp_int.h>
- ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
- compilation terminated.
-
- and in the end thus produces curl without https support:
-
- curl: (1) Protocol "https" not supported or disabled in libcurl
-
- So fix it, by making the working wolfSSL mandatory and error out in
- configure step when that's not the case:
-
- checking for wolfSSL_Init in -lwolfssl... no
- configure: error: --with-wolfssl but wolfSSL was not found or doesn't work
-
- References: https://github.com/openwrt/packages/issues/19005
- References: https://github.com/openwrt/packages/issues/19547
- Signed-off-by: Petr Štetiar <ynezz@true.cz>
-
- Closes #9682
-
-Daniel Stenberg (10 Oct 2022)
-
-- tool_getparam: pass in the snprintf("%.*s") string length as 'int'
-
- Reported by Coverity CID 1515928
-
- Closes #9679
-
-Paul Seligman (9 Oct 2022)
-
-- ws: minor fixes for web sockets without the CONNECT_ONLY flag
-
- - Fixed an issue where is_in_callback was getting cleared when using web
- sockets with debug logging enabled
- - Ensure the handle is is_in_callback when calling out to fwrite_func
- - Change the write vs. send_data decision to whether or not the handle
- is in CONNECT_ONLY mode.
- - Account for buflen not including the header length in curl_ws_send
-
- Closes #9665
-
-Marc Hoersken (8 Oct 2022)
-
-- CI/cirrus: merge existing macOS jobs into a job matrix
-
- Ref: #9627
- Reviewed-by: Philip H.
-
- Closes #9672
-
-Daniel Stenberg (8 Oct 2022)
-
-- strcase: add and use Curl_timestrcmp
-
- This is a strcmp() alternative function for comparing "secrets",
- designed to take the same time no matter the content to not leak
- match/non-match info to observers based on how fast it is.
-
- The time this function takes is only a function of the shortest input
- string.
-
- Reported-by: Trail of Bits
-
- Closes #9658
-
-- tool_getparam: split out data_urlencode() into its own function
-
- Closes #9673
-
-- connect: fix Curl_updateconninfo for TRNSPRT_UNIX
-
- Reported-by: Vasiliy Ulyanov
- Fixes #9664
- Closes #9670
-
-- ws: fix Coverity complaints
-
- Coverity pointed out several flaws where variables remained
- uninitialized after forks.
-
- Follow-up to e3f335148adc6742728f
-
- Closes #9666
-
-Marc Hoersken (7 Oct 2022)
-
-- CI/GHA: merge msh3 and openssl3 builds into linux workflow
-
- Continue work on merging all Linux workflows into one file.
-
- Follow up to #9501
- Closes #9646
-
-Daniel Stenberg (7 Oct 2022)
-
-- curl_ws_send.3: call the argument 'fragsize'
-
- Since WebSocket works with "fragments" not "frames"
-
- Closes #9668
-
-- easy: avoid Intel error #2312: pointer cast involving 64-bit pointed-to type
-
- Follow-up to e3f335148adc6742728ff8
-
- Closes #9669
-
-- tool_main: exit at once if out of file descriptors
-
- If the main_checkfds function cannot create new file descriptors in an
- attempt to detect of stdin, stdout or stderr are closed.
-
- Also changed the check to use fcntl() to check if the descriptors are
- open, which avoids superfluously calling pipe() if they all already are.
-
- Follow-up to facfa19cdd4d0094
-
- Reported-by: Trail of Bits
-
- Closes #9663
-
-- websockets: remodeled API to support 63 bit frame sizes
-
- curl_ws_recv() now receives data to fill up the provided buffer, but can
- return a partial fragment. The function now also get a pointer to a
- curl_ws_frame struct with metadata that also mentions the offset and
- total size of the fragment (of which you might be receiving a smaller
- piece). This way, large incoming fragments will be "streamed" to the
- application. When the curl_ws_frame struct field 'bytesleft' is 0, the
- final fragment piece has been delivered.
-
- curl_ws_recv() was also adjusted to work with a buffer size smaller than
- the fragment size. (Possibly needless to say as the fragment size can
- now be 63 bit large).
-
- curl_ws_send() now supports sending a piece of a fragment, in a
- streaming manner, in addition to sending the entire fragment in a single
- call if it is small enough. To send a huge fragment, curl_ws_send() can
- be used to send it in many small calls by first telling libcurl about
- the total expected fragment size, and then send the payload in N number
- of separate invokes and libcurl will stream those over the wire.
-
- The struct curl_ws_meta() returns is now called 'curl_ws_frame' and it
- has been extended with two new fields: *offset* and *bytesleft*. To help
- describe the passed on data chunk when a fragment is delivered in many
- smaller pieces.
-
- The documentation has been updated accordingly.
-
- Closes #9636
-
-Patrick Monnerat (7 Oct 2022)
-
-- docs/examples: avoid deprecated options in examples where possible
-
- Example programs targeting a deprecated feature/option are commented with
- a warning about it.
- Other examples are adapted to not use deprecated options.
-
- Closes #9661
-
-Viktor Szakats (6 Oct 2022)
-
-- cmake: fix enabling websocket support
-
- Follow-up from 664249d095275ec532f55dd1752d80c8c1093a77
-
- Closes #9660
-
-- tidy-up: delete parallel/unused feature flags
-
- Detecting headers and lib separately makes sense when headers come in
- variations or with extra ones, but this wasn't the case here. These were
- duplicate/parallel macros that we had to keep in sync with each other
- for a working build. This patch leaves a single macro for each of these
- dependencies:
-
- - Rely on `HAVE_LIBZ`, delete parallel `HAVE_ZLIB_H`.
-
- Also delete CMake logic making sure these two were in sync, along with
- a toggle to turn off that logic, called `CURL_SPECIAL_LIBZ`.
-
- Also delete stray `HAVE_ZLIB` defines.
-
- There is also a `USE_ZLIB` variant in `lib/config-dos.h`. This patch
- retains it for compatibility and deprecates it.
-
- - Rely on `USE_LIBSSH2`, delete parallel `HAVE_LIBSSH2_H`.
-
- Also delete `LIBSSH2_WIN32`, `LIBSSH2_LIBRARY` from
- `winbuild/MakefileBuild.vc`, these have a role when building libssh2
- itself. And `CURL_USE_LIBSSH`, which had no use at all.
-
- Also delete stray `HAVE_LIBSSH2` defines.
-
- - Rely on `USE_LIBSSH`, delete parallel `HAVE_LIBSSH_LIBSSH_H`.
-
- Also delete `LIBSSH_WIN32`, `LIBSSH_LIBRARY` and `HAVE_LIBSSH` from
- `winbuild/MakefileBuild.vc`, these were the result of copy-pasting the
- libssh2 line, and were not having any use.
-
- - Delete unused `HAVE_LIBPSL_H` and `HAVE_LIBPSL`.
-
- Reviewed-by: Daniel Stenberg
-
- Closes #9652
-
-Daniel Stenberg (6 Oct 2022)
-
-- netrc: compare user name case sensitively
-
- User name comparisions in netrc need to match the case.
-
- Closes #9657
-
-- CURLOPT_COOKIEFILE: insist on "" for enable-without-file
-
- The former way that also suggested using a non-existing file to just
- enable the cookie engine could lead to developers maybe a bit carelessly
- guessing a file name that will not exist, and then in a future due to
- circumstances, such a file could be made to exist and then accidentally
- libcurl would read cookies not actually meant to.
-
- Reported-by: Trail of bits
-
- Closes #9654
-
-- tests/Makefile: remove run time stats from ci-test
-
- The ci-test is the normal makefile target invoked in CI jobs. This has
- been using the -r option to runtests.pl since a long time, but I find
- that it mostly just adds many lines to the test output report without
- anyone caring much about those stats.
-
- Remove it.
-
- Closes #9656
-
-Patrick Monnerat (6 Oct 2022)
-
-- tool: reorganize function c_escape around a dynbuf
-
- This is a bit shorter and a lot safer.
-
- Substrings of unescaped characters are added by a single call to reduce
- overhead.
-
- Extend test 1465 to handle more kind of escapes.
-
- Closes #9653
-
-Jay Satiro (5 Oct 2022)
-
-- CURLOPT_HTTPPOST.3: bolden the deprecation notice
-
- Ref: https://github.com/curl/curl/pull/9621
-
- Closes https://github.com/curl/curl/pull/9637
-
-John Bampton (5 Oct 2022)
-
-- misc: fix spelling in docs and comments
-
- also: remove outdated sentence
-
- Closes #9644
-
-Patrick Monnerat (5 Oct 2022)
-
-- tool: avoid generating ambiguous escaped characters in --libcurl
-
- C string hexadecimal-escaped characters may have more than 2 digits.
- This results in a wrong C compiler interpretation of a 2-digit escaped
- character when followed by an hex digit character.
-
- The solution retained here is to represent such characters as 3-digit
- octal escapes.
-
- Adjust and extend test 1465 for this case.
-
- Closes #9643
-
-Daniel Stenberg (5 Oct 2022)
-
-- configure: the ngtcp2 option should default to 'no'
-
- While still experimental.
-
- Bug: https://curl.se/mail/lib-2022-10/0007.html
- Reported-by: Daniel Hallberg
-
- Closes #9650
-
-- CURLOPT_MIMEPOST.3: add an (inline) example
-
- Reported-by: Jay Satiro
- Bug: https://github.com/curl/curl/pull/9637#issuecomment-1268070723
-
- Closes #9649
-
-Viktor Szakats (5 Oct 2022)
-
-- Makefile.m32: exclude libs & libpaths for shared mode exes [ci skip]
-
- Exclude linker flags specifying depedency libs and libpaths, when
- building against `libcurl.dll`. In such case these options are not
- necessary (but may cause errors if not/wrongly configured.)
-
- Also move and reword a comment on `CPPFLAGS` to not apply to
- `UNICODE` options. These are necessary for all build targets.
-
- Closes #9651
-
-Jay Satiro (5 Oct 2022)
-
-- runtests: fix uninitialized value on ignored tests
-
- - Don't show TESTFAIL message (ie tests failed which aren't ignored) if
- only ignored tests failed.
-
- Before:
- IGNORED: failed tests: 571 612 1056
- TESTDONE: 1214 tests out of 1217 reported OK: 99%
- Use of uninitialized value $failed in concatenation (.) or string at
- ./runtests.pl line 6290.
- TESTFAIL: These test cases failed:
-
- After:
- IGNORED: failed tests: 571 612 1056
- TESTDONE: 1214 tests out of 1217 reported OK: 99%
-
- Closes https://github.com/curl/curl/pull/9648
-
-- cirrus: use make LDFLAGS=-all-static instead of curl_LDFLAGS
-
- - Correct the use of -all-static for static Windows CI builds.
-
- curl_LDFLAGS was removed from the makefile when metalink support was
- removed. LDFLAGS=-all-static is passed to make only, because it is not a
- valid option for configure compilation tests.
-
- Closes https://github.com/curl/curl/pull/9633
-
-Viktor Szakats (4 Oct 2022)
-
-- Makefile.m32: fix regression with tool_hugehelp [ci skip]
-
- In a recent commit I mistakenly deleted this logic, after seeing a
- reference to a filename ending with `.cvs` and thinking it must have
- been long gone. Turns out this is an existing file. Restore the rule
- and the necessary `COPY` definitions with it.
-
- The restored logic is required for a successful build on a bare source
- tree (as opposed to a source release tarball).
-
- Also shorten an existing condition similar to the one added in this
- patch.
-
- Regression since 07a0047882dd3f1fbf73486c5dd9c15370877ad6
-
- Closes #9645
-
-- Makefile.m32: deduplicate build rules [ci skip]
-
- After this patch, we reduce the three copies of most `Makefile.m32`
- logic to one. This now resides in `lib/Makefile.m32`. It makes future
- updates easier, the code shorter, with a small amount of added
- complexity.
-
- `Makefile.m32` reduction:
-
- | | bytes | LOC total | blank | comment | code |
- |-------------------|-------:|----------:|-------:|---------:|------:|
- | 7.85.0 | 34772 | 1337 | 79 | 192 | 1066 |
- | before this patch | 17601 | 625 | 62 | 106 | 457 |
- | after this patch | 11680 | 392 | 52 | 104 | 236 |
-
- Details:
-
- - Change rules to create objects for the `v*` subdirs in the `lib` dir.
- This allows to use a shared compile rule and assumes that filenames
- are not (and will not be) colliding across these directories.
- `Makefile.m32` now also stores a list of these subdirs. They are
- changing rarely though.
-
- - Sync as much as possible between the three `Makefile.m32` scripts'
- rules and their source/target sections.
-
- - After this patch `CPPFLAGS` are all applied to the `src` sources once
- again. This matches the behaviour of cmake/autotools. Only zlib ones
- are actually required there.
-
- - Use `.rc` names from `Makefile.inc` instead of keeping a duplicate.
-
- - Change examples to link `libcurl.dll` by default. This makes building
- trivial, even as a cross-build:
- `CC=x86_64-w64-mingw32-gcc make -f Makefile.m32`
- To run them, you need to move/copy or add-to-path `libcurl.dll`.
- You can select static mode via `CFG=-static`.
-
- - List more of the `Makefile.m32` config variables.
-
- - Drop `.rc` support from examples. It made it fragile without much
- benefit.
-
- - Include a necessary system lib for the `externalsocket.c` example.
-
- - Exclude unnecessary systems libs when building in `-dyn` mode.
-
- Closes #9642
-
-Daniel Stenberg (4 Oct 2022)
-
-- RELEASE-NOTES: synced
-
-- CURLOPT_COOKIELIST.3: fix formatting mistake
-
- Also, updated manpage-syntax.pl to make it detect this error in test
- 1173.
-
- Reported-by: ProceduralMan on github
- Fixes #9639
- Closes #9640
-
-Jay Satiro (4 Oct 2022)
-
-- connect: change verbose IPv6 address:port to [address]:port
-
- - Use brackets for the IPv6 address shown in verbose message when the
- format is address:port so that it is less confusing.
-
- Before: Trying 2606:4700:4700::1111:443...
- After: Trying [2606:4700:4700::1111]:443...
-
- Bug: https://curl.se/mail/archive-2022-02/0041.html
- Reported-by: David Hu
-
- Closes #9635
-
-Viktor Szakats (3 Oct 2022)
-
-- Makefile.m32: major rework [ci skip]
-
- This patch overhauls `Makefile.m32` scripts, fixing a list of quirks,
- making its behaviour and customization envvars align better with other
- build systems, aiming for less code, that is easier to read, use and
- maintain.
-
- Details:
- - Rename customization envvars:
- `CURL_CC` -> `CC`
- `CURL_RC` -> `RC`
- `CURL_AR` -> `AR`
- `CURL_LDFLAG_EXTRAS_DLL` -> `CURL_LDFLAGS_LIB`
- `CURL_LDFLAG_EXTRAS_EXE` -> `CURL_LDFLAGS_BIN`
- - Drop `CURL_STRIP` and `CURL_RANLIB`. These tools are no longer used.
- - Accept `CFLAGS`, `CPPFLAGS`, `RCFLAGS`, `LDFLAGS` and `LIBS` envvars.
- - Drop `CURL_CFLAG_EXTRAS`, `CURL_LDFLAG_EXTRAS`, `CURL_RCFLAG_EXTRAS` in
- favor of the above.
- - Do not automatically enable `zlib` with `libssh2`. `zlib` is optional
- with `libssh2`.
- - Omit unnecessary `CPPFLAGS` options when building `curl.exe` and
- examples.
- - Drop support for deprecated `-winssl` `CFG` option. Use `-schannel`
- instead.
- - Avoid late evaluation where not necessary (`=` -> `:=`).
- - Drop support for `CURL_DLL_A_SUFFIX` to override the implib suffix.
- Instead, use the standard naming scheme by default: `libcurl.dll.a`.
- The toolchain recognizes the name, and selects it automatically when
- asking for a `-shared` vs. `-static` build.
- - Stop applying `strip` to `libcurl.a`. Follow-up from
- 16a58e9f93c7e89e1f87720199388bcfcfa148a4. There was no debug info to
- strip since then.
- - Stop setting `-O3`, `-W`, `-Wall` options. You can add these to
- `CFLAGS` as desired.
- - Always enable `-DCURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG` with OpenSSL,
- to avoid that vulnerability on Windows.
- - Add `-lbrotlicommon` to `LIBS` when using `brotli`.
- - Do not enable `-nghttp3` without `-ngtcp2`.
- - `-ssh2` and `-rtmp` options no longer try to auto-select a TLS-backend.
- You need to set the backend explicitly. This scales better and avoids
- issues with certain combinations (e.g. `libssh2` + `wolfssl` with no
- `schannel`).
- - Default to OpenSSL TLS-backend with `ngtcp2`. Possible to override via
- `NGTCP2_LIBS`.
- - Old, alternate method of enabling components (e.g. `SSH2=1`) no longer
- supported.
- - Delete `SPNEGO` references. They were no-ops.
- - Drop support for Win9x environments.
- - Allow setting `OPENSSL_LIBS` independently from `OPENSSL_LIBPATH`.
- - Support autotools/CMake `libssh2` builds by default.
- - Respect `CURL_DLL_SUFFIX` in `-dyn` mode when building `curl.exe` and
- examples.
- - Assume standard directory layout with `LIBCARES_PATH`. (Instead of the
- long gone embedded one.)
- - Stop static linking with c-ares by default. Add
- `CPPFLAGS=-DCARES_STATICLIB` to enable it.
- - Reorganize internal layout to avoid redundancy and emit clean diffs
- between src/lib and example make files.
- - Delete unused variables.
- - Code cleanups/rework.
- - Comment and indentation fixes.
-
- Closes #9632
-
-- scripts/release-notes.pl: strip ci skip tag [ci skip]
-
- Ref: https://github.com/curl/curl/commit/e604a82cae922bf86403a94f5803ac5e4303
- ae97#commitcomment-85637701
-
- Reviewed-by: Daniel Stenberg
-
- Closes #9634
-
-- Makefile.m32: delete legacy component bits [ci skip]
-
- - Drop auto-detection of OpenSSL 1.0.2 and earlier. Now always defaulting
- to OpenSSL 1.1.0 and later, LibreSSL and BoringSSL.
-
- - Drop `Invalid path to OpenSSL package` detection. OpenSSL has been
- using a standard file layout since 1.1.0, so this seems unnecessary
- now.
-
- - Drop special logic to enable Novell LDAP SDK support.
-
- - Drop special logic to enable OpenLDAP LDAP SDK support. This seems
- to be distinct from native OpenLDAP, with support implemented inside
- `lib/ldap.c` (vs. `lib/openldap.c`) back when the latter did not exist
- yet in curl.
-
- - Add `-lwldap32` only if there is no other LDAP library (either native
- OpenLDAP, or SDKs above) present.
-
- - Update `doc/INSTALL.md` accordingly.
-
- After this patch, it's necessary to make configration changes when using
- OpenSSL 1.0.2 or earlier, or the two LDAP SDKs.
-
- OpenSSL 1.0.2 and earlier:
- ```
- export OPENSSL_INCLUDE = <path-to-openssl>/outinc
- export OPENSSL_LIBPATH = <path-to-openssl>/out
- export OPENSSL_LIBS = -lssl32 -leay32 -lgdi32
- ```
-
- Novell LDAP SDK, previously enabled via `USE_LDAP_NOVELL=1`:
- ```
- export CURL_CFLAG_EXTRAS = -I<path-to-sdk>/inc -DCURL_HAS_NOVELL_LDAPSDK
- export CURL_LDFLAG_EXTRAS = -L<path-to-sdk>/lib/mscvc -lldapsdk -lldapssl -ll
- dapx
- ```
-
- OpenLDAP LDAP SDK, previously enabled via `USE_LDAP_OPENLDAP=1`:
- ```
- export CURL_CFLAG_EXTRAS = -I<path-to-sdk>/include -DCURL_HAS_OPENLDAP_LDAPSD
- K
- export CURL_LDFLAG_EXTRAS = -L<path-to-sdk>/lib -lldap -llber
- ```
-
- I haven't tested these scenarios, and in general we recommend using
- a recent OpenSSL release. Also, WinLDAP (the Windows default) and
- OpenLDAP (via `-DUSE_OPENLDAP`) are the LDAP options actively worked on
- in curl.
-
- Closes #9631
-
-Daniel Stenberg (2 Oct 2022)
-
-- vauth/ntlm.h: make line shorter than 80 columns
-
- Follow-up from 265fbd937
-
-Viktor Szakats (1 Oct 2022)
-
-- docs: update sourceforge project links [ci skip]
-
- SourceForge projects can now choose between two hostnames, with .io and
- .net ending. Both support HTTPS by default now. Opening the other variant
- will perm-redirected to the one chosen by the project.
-
- The .io -> .net redirection is done insecurely.
-
- Let's update the URLs to point to the current canonical endpoints to
- avoid any redirects.
-
- Closes #9630
-
-Daniel Stenberg (1 Oct 2022)
-
-- curl_url_set.3: document CURLU_APPENDQUERY proper
-
- Listed among the other supported flags.
-
- Reported-by: Robby Simpson
- Fixes #9628
- Closes #9629
-
-Viktor Szakats (1 Oct 2022)
-
-- Makefile.m32: cleanups and fixes [ci skip]
-
- - Add `-lcrypt32` once, and add it always for simplicity.
- - Delete broken link and reference to the pre-Vista WinIDN add-on.
- MS no longer distribute it.
- - Delete related `WINIDN_PATH` option. IDN is a system lib since Vista.
- - Sync `LIBCARES_PATH` default with the rest of dependencies.
- - Delete version numbers from dependency path defaults.
- - `libgsasl` package is now called `gsasl`.
- - Delete `libexpat` and `libxml2` references. No longer used by curl.
- - Delete `Edit the path below...` comments. We recommend to predefine
- those envvars instead.
- - `libcares.a` is not an internal dependency anymore. Stop using it as
- such.
- - `windres` `--include-dir` -> `-I`, `-F` -> `--target=` for readability.
- - Delete `STRIP`, `CURL_STRIP`, `AR` references from `src/Makefile.m32`.
- They were never used.
- - Stop to `clean` some objects twice in `src/Makefile.m32`.
- - Delete cvs-specific leftovers.
- - Finish resource support in examples make file.
- - Delete `-I<root>/lib` from examples make file.
- - Fix copyright start year in examples make file.
- - Delete duplicate `ftpuploadresume` input in examples make file.
- - Sync OpenSSL lib order, `SYNC` support, `PROOT` use, dependency path
- defaults, variables names and other internal bits between the three
- make files.
- - `lib/Makefile.m32` accepted custom options via `DLL_LIBS` envvar. This
- was lib-specific and possibly accidental. Use `CURL_LDFLAG_EXTRAS_DLL`
- envvar for the same effect.
- - Fix linking `curl.exe` and examples to wrong static libs with
- auto-detected OpenSSL 1.0.2 or earlier.
- - Add `-lgdi32` for OpenSSL 1.0.2 and earlier only.
- - Add link to Novell LDAP SDK and use a relative default path. Latest
- version is from 2016, linked to an outdated OpenSSL 1.0.1.
- - Whitespace and comment cleanups.
-
- TODO in a next commit:
-
- Delete built-in detection/logic for OpenSSL 1.0.2 and earlier, the Novell
- LDAP SDK and the other LDAP SDK (which is _not_ OpenLDAP). Write up the
- necessary custom envvars to configure them.
-
- Closes #9616
-
-Daniel Stenberg (30 Sep 2022)
-
-- RELEASE-NOTES: synced
-
-Matt Holt (30 Sep 2022)
-
-- HTTP3.md: update Caddy example
-
- Closes #9623
-
-Daniel Stenberg (30 Sep 2022)
-
-- easy: fix the altsvc init for curl_easy_duphandle
-
- It was using the old #ifdef which nothing sets anymore
-
- Closes #9624
-
-- GHA: build tests in a separate step from the running of them
-
- ... to make the output smaller for when you want to look at test
- failures.
-
- Removed the examples build from msh3
-
- Closes #9619
-
-Viktor Szakats (29 Sep 2022)
-
-- ldap: delete stray CURL_HAS_MOZILLA_LDAP reference
-
- Added in 68b215157fdf69612edebdb220b3804822277822, while adding openldap
- support. This is also the single mention of this constant in the source
- tree and also in that commit. Based on these, it seems like an accident.
-
- Delete this reference.
-
- Reviewed-by: Daniel Stenberg
-
- Closes #9625
-
-- docs: spelling nits
-
- - MingW -> MinGW (Minimalist GNU for Windows)
- - f.e. -> e.g.
- - some whitespace and punctuation.
-
- Reviewed-by: Daniel Stenberg
-
- Closes #9622
-
-Philip Heiduck (29 Sep 2022)
-
-- cirrus-ci: add macOS build with m1
-
- Signed-off-by: Philip H <47042125+pheiduck@users.noreply.github.com>
-
- Closes #9565
-
-Patrick Monnerat (29 Sep 2022)
-
-- lib: sanitize conditional exclusion around MIME
-
- The introduction of CURL_DISABLE_MIME came with some additional bugs:
- - Disabled MIME is compiled-in anyway if SMTP and/or IMAP is enabled.
- - CURLOPT_MIMEPOST, CURLOPT_MIME_OPTIONS and CURLOPT_HTTPHEADER are
- conditioned on HTTP, although also needed for SMTP and IMAP MIME mail
- uploads.
-
- In addition, the CURLOPT_HTTPHEADER and --header documentation does not
- mention their use for MIME mail.
-
- This commit fixes the problems above.
-
- Closes #9610
-
-Thiago Suchorski (29 Sep 2022)
-
-- docs: minor grammar fixes
-
- Closes #9609
-
-Daniel Stenberg (28 Sep 2022)
-
-- CURLSHOPT_UNLOCKFUNC.3: the callback as no 'access' argument
-
- Probably a copy and paste error from the lock function man page.
-
- Reported-by: Robby Simpson
- Fixes #9612
- Closes #9613
-
-- CURLOPT_ACCEPT_ENCODING.3: remove "four" as they are five
-
- ... instead just list the supported encodings.
-
- Reported-by: ProceduralMan on github
- Fixes #9614
- Closes #9615
-
-Dan Fandrich (28 Sep 2022)
-
-- tests: Remove a duplicated keyword
-
-- docs: document more server names for test files
-
-Daniel Stenberg (28 Sep 2022)
-
-- altsvc: reject bad port numbers
-
- The existing code tried but did not properly reject alternative services
- using negative or too large port numbers.
-
- With this fix, the logic now also flushes the old entries immediately
- before adding a new one, making a following header with an illegal entry
- not flush the already stored entry.
-
- Report from the ongoing source code audit by Trail of Bits.
-
- Adjusted test 356 to verify.
-
- Closes #9607
-
-- functypes: provide the recv and send arg and return types
-
- This header is for providing the argument types for recv() and send()
- when built to not use a dedicated config-[platfor].h file.
-
- Remove the slow brute-force checks from configure and cmake.
-
- This change also removes the use of the types for select, as they were
- not used in code.
-
- Closes #9592
-
-- urlapi: reject more bad characters from the host name field
-
- Extended test 1560 to verify
-
- Report from the ongoing source code audit by Trail of Bits.
-
- Closes #9608
-
-- configure: deprecate builds with small curl_off_t
-
- If curl_off_t turns out to be smaller than 8 bytes,
- --with-n64-deprecated needs to be used to allow the build to
- continue. This is to highlight the fact that support for such builds is
- going away next year.
-
- Also mentioned in DEPRECATED.md
-
- Closes #9605
-
-Patrick Monnerat (27 Sep 2022)
-
-- http, vauth: always provide Curl_allow_auth_to_host() functionality
-
- This function is currently located in the lib/http.c module and is
- therefore disabled by the CURL_DISABLE_HTTP conditional token.
-
- As it may be called by TLS backends, disabling HTTP results in an
- undefined reference error at link time.
-
- Move this function to vauth/vauth.c to always provide it and rename it
- as Curl_auth_allowed_to_host() to respect the vauth module naming
- convention.
-
- Closes #9600
-
-Daniel Stenberg (27 Sep 2022)
-
-- ngtcp2: fix C89 compliance nit
-
-- openssl: make certinfo available for QUIC
-
- Curl_ossl_certchain() is now an exported function in lib/vtls/openssl.c that
- can also be used from quiche.c and ngtcp2.c to get the cert chain for QUIC
- connections as well.
-
- The *certchain function was moved to the top of the file for this reason.
-
- Reported-by: Eloy Degen
- Fixes #9584
- Closes #9597
-
-- RELEASE-NOTES: synced
-
-- DEPRECATE.md: Support for systems without 64 bit data types
-
- Closes #9604
-
-Patrick Monnerat (27 Sep 2022)
-
-- tests: skip mime/form tests when mime is not built-in
-
- Closes #9596
-
-Daniel Stenberg (27 Sep 2022)
-
-- url: rename function due to name-clash in Watt-32
-
- Follow-up to 2481dbe5f4f58 and applies the change the way it was
- intended.
-
-Viktor Szakats (26 Sep 2022)
-
-- windows: adjust name of two internal public functions
-
- According to `docs/INTERNALS.md`, internal function names spanning source
- files start with uppercase `Curl_`. Bring these two functions in
- alignment with this.
-
- This also stops exporting them from `libcurl.dll` in autotools builds.
-
- Reviewed-by: Daniel Stenberg
-
- Closes #9598
-
-Gisle Vanem (26 Sep 2022)
-
-- url: rename function due to name-clash in Watt-32
-
- Since the commit 764c958c52edb427f39, there was a new function called
- resolve_ip(). This clashes with an internal function in Watt-32.
-
- Closes #9585
-
-Jay Satiro (26 Sep 2022)
-
-- schannel: ban server ALPN change during recv renegotiation
-
- By the time schannel_recv is renegotiating the connection, libcurl has
- already decided on a protocol and it is too late for the server to
- select a protocol via ALPN except for the originally selected protocol.
-
- Ref: https://github.com/curl/curl/issues/9451
-
- Closes https://github.com/curl/curl/pull/9463
-
-Daniel Stenberg (26 Sep 2022)
-
-- url: a zero-length userinfo part in the URL is still a (blank) user
-
- Adjusted test 1560 to verify
-
- Reported-by: Jay Satiro
-
- Fixes #9088
- Closes #9590
-
-Viktor Szakats (25 Sep 2022)
-
-- autotools: allow --enable-symbol-hiding with windows
-
- This local autotools logic was put in place in
- 9e24b9c7afbcb81120af4cf3f6cdee49a06d8224 (in 2012) which disabled it for
- Windows unconditionally. Testing reveals that it actually works with
- tested toolchains (mingw-w64 and CI ones), so let's allow this build
- feature on that platform. Bringing this in sync with CMake, which already
- supported this.
-
- Reviewed-by: Jay Satiro
-
- Closes #9586
-
-- autotools: reduce brute-force when detecting recv/send arg list
-
- autotools uses brute-force to detect `recv`/`send`/`select` argument
- lists, by interating through _all_ argument type combinations on each
- `./configure` run. This logic exists since
- 01fa02d0b545e1433dced2430561f8c0c72b74a9 (from 2006) and was a bit later
- extended with Windows support.
-
- This results in a worst-case number of compile + link cycles as below:
- - `recv`: 96
- - `send`: 192
- - `select`: 60
- Total: 348 (the number of curl C source files is 195, for comparison)
-
- Notice that e.g. curl-for-win autotools builds require two `./configure`
- invocations, doubling these numbers.
-
- `recv` on Windows was especially unlucky because `SOCKET` (the correct
- choice there) was listed _last_ in one of the outer trial loops. This
- resulted in lengthy waits while autotools was trying all invalid
- combinations first, wasting cycles, disk writes and slowing down
- iteration.
-
- This patch reduces the amount of idle work by reordering the tests in
- a way to succeed first on a well-known platform such as Windows, and
- also on non-Windows by testing for POSIX prototypes first, on the
- assumption that these are the most likely candidates these days. (We do
- not touch `select`, where the order was already optimal for these
- platforms.)
-
- For non-Windows, this means to try a return value of `ssize_t` first,
- then `int`, reordering the buffer argument type to try `void *` first,
- then `byte *`, and prefer the `const` flavor with `send`. If we are
- here, also stop testing for `SOCKET` type in non-Windows builds.
-
- After the patch, detection on Windows is instantaneous. It should also be
- faster on popular platforms such as Linux and BSD-based ones.
-
- If there are known-good variations for other platforms, they can also be
- fast-tracked like above, given a way to check for that platform inside
- the autotools logic.
-
- Reviewed-by: Daniel Stenberg
-
- Closes #9591
-
-Daniel Stenberg (23 Sep 2022)
-
-- TODO: Provide the error body from a CONNECT response
-
- Spellchecked-by: Jay Satiro
-
- Closes #9513
- Closes #9581
-
-Viktor Szakats (23 Sep 2022)
-
-- windows: autotools .rc warnings fixup
-
- Move `LT_LANG([Windows Resource])` after `XC_LIBTOOL`, fixing:
-
- - Warnings when running `autoreconf -fi`.
-
- - Warning when compiling .rc files:
- libtool: compile: unable to infer tagged configuration
- libtool: error: specify a tag with '--tag'
-
- Follow up to 6de7322c03d5b4d91576a7d9fc893e03cc9d1057
- Ref: https://github.com/curl/curl/pull/9521#issuecomment-1256291156
-
- Suggested-by: Patrick Monnerat
- Closes #9582
-
-Randall S. Becker (23 Sep 2022)
-
-- curl_setup: disable use of FLOSS for 64-bit NonStop builds
-
- Older 32-bit builds currently need FLOSS. This dependency may be removed
- in future OS releases.
-
- Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
-
- Closes #9575
-
-Patrick Monnerat (23 Sep 2022)
-
-- tool: remove dead code
-
- Add a debug assertion to verify protocols included/excluded in a set
- are always tokenized.
-
- Follow-up to commit 677266c.
-
- Closes #9576
-
-- lib: prepare the incoming of additional protocols
-
- Move the curl_prot_t to its own conditional block. Introduce symbol
- PROTO_TYPE_SMALL to control it.
-
- Fix a cast in a curl_prot_t assignment.
- Remove an outdated comment.
-
- Follow-up to cd5ca80.
-
- Closes #9534
-
-Daniel Stenberg (23 Sep 2022)
-
-- msh3: change the static_assert to make the code C89
-
-- bearssl: make it proper C89 compliant
-
-- curl-compilers.m4: for gcc + want warnings, set gnu89 standard
-
- To better verify that the code is C89
-
- Closes #9542
-
-Patrick Monnerat (22 Sep 2022)
-
-- lib517: fix C89 constant signedness
-
- In C89, positive integer literals that overflow an int but not an
- unsigned int may be understood as a negative int.
-
- lib517.c:129:3: warning: this decimal constant is unsigned only in ISO C90
- {"Sun, 06 Nov 2044 08:49:37 GMT", 2362034977 },
- ^
-
- Closes #9572
-
-Daniel Stenberg (22 Sep 2022)
-
-- mprintf: use snprintf if available
-
- This is the single place in libcurl code where it uses the "native"
- s(n)printf() function. Used for writing floats. The use has been
- reviewed and vetted and uses a HUGE target buffer, but switching to
- snprintf() still makes this safer and removes build-time warnings.
-
- Reported-by: Philip Heiduck
-
- Fixes #9569
- Closes #9570
-
-- docs: tag curl options better in man pages
-
- As it makes them links in the HTML versions.
-
- Verified by the extended test 1176
-
-- symbols-in-versions: CURLOPT_ENCODING is deprecated since 7.21.6
-
-- manpage-syntax.pl: all libcurl option symbols should be \fI-tagged
-
- ... as that makes them links to their corresponding man page.
-
- This script is used for test 1173.
-
- Closes #9574
-
-- RELEASE-NOTES: synced
-
-Patrick Monnerat (22 Sep 2022)
-
-- tool: remove protocol count limitation
-
- Replace bit mask protocol sets by null-terminated arrays of protocol
- tokens. These are the addresses of the protocol names returned by
- curl_version_info().
-
- Protocol names are sorted case-insensitively before output to satisfy CI
- tests matches consistency.
-
- The protocol list returned by curl_version_info() is augmented with all
- RTMP protocol variants.
-
- Test 1401 adjusted for new alpha ordered output.
-
- Closes #9546
-
-Daniel Stenberg (22 Sep 2022)
-
-- test972: verify the output without using external tool
-
- It seems too restrictive to assume and use an external tool to verify
- the JSON. This now verifies the outut byte per byte. We could consider
- building a local "JSON verifyer" in a future.
-
- Remove 'jsonlint' from the CI job.
-
- Reported-by: Marcel Raad
- Fixes #9563
- Closes #9564
-
-- hostip: lazily wait to figure out if IPv6 works until needed
-
- The check may take many milliseconds, so now it is performed once the
- value is first needed. Also, this change makes sure that the value is
- not used if the resolve is set to be IPv4-only.
-
- Closes #9553
-
-- curl.h: fix mention of wrong error code in comment
-
- The same error and comment were also used and is now corrected in
- CURLOPT_SSH_KEYFUNCTION.3
-
-- symbol-scan.pl: scan and verify .3 man pages
-
- This script now also finds all .3 man pages in docs/include and
- docs/include/opts, extracts all uses of CURL* symbols and verifies that all
- symbols mentioned in docs are defined in public headers.
-
- A "global symbol" is one of those matching a known prefix and the script make
- s
- an attempt to check all/most of them. Just using *all* symbols that match
- CURL* proved matching a little too many other references as well and turned
- difficult turning into something useful.
-
- Closes #9544
-
-- symbols-in-versions: add missing LIBCURL* symbols
-
-- symbol-scan.pl: also check for LIBCURL* symbols
-
- Closes #9544
-
-- docs/libcurl/symbols-in-versions: add several missing symbols
-
-- test1119: scan all public headers
-
- Previously this test only scanned a subset of the headers, which made us
- accidentally miss symbols that were provided in the others. Now, the script
- iterates over all headers present in include/curl.
-
- Closes #9544
-
-Patrick Monnerat (21 Sep 2022)
-
-- examples/chkspeed: improve portability
-
- The example program chkspeed uses strncasecmp() which is not portable
- across systems. Replace calls to this function by tests on characters.
-
- Closes #9562
-
-Daniel Stenberg (21 Sep 2022)
-
-- easy: fix the #include order
-
- The mentioned "last 3 includes" order should be respected. easy_lock.h should
- be included before those three.
-
- Reported-by: Yuriy Chernyshov
- Fixes #9560
- Closes #9561
-
-- docs: spellfixes
-
- Pointed by the new CI job
-
-- GHA: spellcheck
-
- This spellchecker checks markdown files. For this reason this job
- converts all man pages in the repository to markdown with pandoc before
- the check runs.
-
- The perl script 'cleanspell' filters out details from the man page in
- the process, to avoid the spellchecker trying to spellcheck things it
- can't. Like curl specific symbols and the SYNOPSIS and EXAMPLE sections
- of libcurl man pages.
-
- The spell checker does not check words in sections that are within pre,
- strong and em tags.
-
- 'spellcheck.words' is a custom word list with additional accepted words.
-
- Closes #9523
-
-- connect: fix the wrong error message on connect failures
-
- The "Failed to connect to" message after a connection failure would
- include the strerror message based on the presumed previous socket
- error, but in times it seems that error number is not set when reaching
- this code and therefore it would include the wrong error message.
-
- The strerror message is now removed from here and the curl_easy_strerror
- error is used instead.
-
- Reported-by: Edoardo Lolletti
- Fixes #9549
- Closes #9554
-
-- httpput-postfields.c: shorten string for C89 compliance
-
- httpput-postfields.c:41:3: error: string length ‘522’ is greater than the
- length ‘509’ ISO C90 compilers are required to support [-Woverlength-str
- ings]
- 41 | "this chapter.";
- | ^~~~~~~~~~~~~~~
-
- Closes #9555
-
-- ws: fix a C89 compliance nit
-
- Closes #9541
-
-Patrick Monnerat (21 Sep 2022)
-
-- unit test 1655: make it C89-compliant
-
- Initializations performed in unit test 1655 use automatic variables in
- aggregates and thus can only be computed at run-time. Using gcc in C89
- dialect mode produces warning messages like:
-
- unit1655.c:96:7: warning: initializer element is not computable at load time
- [-Wpedantic]
- 96 | { toolong, DOH_DNS_NAME_TOO_LONG }, /* expect early failure */
- | ^~~~~~~
-
- Fix the problem by converting these automatic pointer variables to
- static arrays.
-
- Closes #9551
-
-Tobias Schaefer (20 Sep 2022)
-
-- curl_strequal.3: fix typo
-
- Closes #9548
-
-Dmitry Karpov (20 Sep 2022)
-
-- resolve: make forced IPv4 resolve only use A queries
-
- This protects IPv4-only transfers from undesired bad IPv6-related side
- effects and make IPv4 transfers in dual-stack libcurl behave the same
- way as in IPv4 single-stack libcurl.
-
- Closes #9540
-
-Daniel Stenberg (20 Sep 2022)
-
-- RELEASE-NOTES: synced
-
-- winbuild/MakefileBuild.vc: handle spaces in libssh(2) include paths
-
- Patched-by: Mark Itzcovitz
- Bug: https://curl.se/mail/lib-2022-09/0038.html
-
- Closes #9536
-
-- TODO: Reduce CA certificate bundle reparsing
-
- By adding some sort of cache.
-
- Reported-by: Michael Drake
- Closes #9379
- Closes #9538
-
-Marc Hoersken (19 Sep 2022)
-
-- CI/GHA: cancel outdated CI runs on new PR changes
-
- Avoid letting outdated CI runs continue if a PR receives
- new changes. Outside a PR we let them continue running
- by tying the concurrency to the commit hash instead.
-
- Also only let one CodeQL or Hacktoberfest job run at a time.
-
- Other CI platforms we use have this build in, but GitHub
- unfortunately neither by default nor with a simple option.
-
- This saves CI resources and therefore a little energy.
-
- Approved-by: Daniel Stenberg
- Approved-by: Max Dymond
- Closes #9533
-
-Daniel Stenberg (19 Sep 2022)
-
-- docs: fix proselint complaints
-
-- GHA: run proselint on markdown files
-
- Co-authored-by: Marc Hörsken
-
- Closes #9520
-
-- lib: the number four in a sequence is the "fourth"
-
- Spelling is hard
-
- Closes #9535
-
-John Bampton (19 Sep 2022)
-
-- misc: fix spelling in two source files
-
- Closes #9529
-
-Viktor Szakats (18 Sep 2022)
-
-- windows: add .rc support to autotools builds
-
- After this update autotools builds will compile and link `.rc` resources
- to Windows executables. Bringing this feature on par with CMake and
- Makefile.m32 builds. And also making it unnecessary to improvise these
- steps manually, while monkey patching build files, e.g. [0].
-
- You can customize the resource compiler via the `RC` envvar, and its
- options via `RCFLAGS`.
-
- This harmless warning may appear throughout the build, even though the
- autotools manual documents [1] `RC` as a valid tag, and it fails when
- omitting one:
- `libtool: error: ignoring unknown tag RC`
-
- [0] https://github.com/curl/curl-for-win/blob/535f19060d4b708f72e75dd849409ce
- 50baa1b84/curl-autotools.sh#L376-L382
- [1] https://www.gnu.org/software/libtool/manual/html_node/Tags.html
-
- Closes #9521
-
-Marc Hoersken (18 Sep 2022)
-
-- CI/linkcheck: only run if a Markdown file is changed
-
- This saves CI resources and therefore a little energy.
-
- Reviewed-by: Max Dymond
- Closes #9531
-
-- README.md: add GHA status badges for Linux and macOS builds
-
- This makes sense now that Linux builds are being consolidated.
-
- Approved-by: Daniel Stenberg
- Closes #9530
-
- [skip ci]
-
-Daniel Stenberg (17 Sep 2022)
-
-- misc: null-terminate
-
- Make use of this term consistently.
-
- Closes #9527
-
-Marc Hoersken (17 Sep 2022)
-
-- CI/GHA: merge intel CC and more TLS libs into linux workflow
-
- Continue work on merging all Linux workflows into one file.
-
- Reviewed-by: Max Dymond
- Follow up to #9501
- Closes #9514
-
-Patrick Monnerat (17 Sep 2022)
-
-- lib1597: make it C89-compliant again
-
- Automatic variable addresses cannot be used in an initialisation
- aggregate.
-
- Follow-up to 9d51329
-
- Reported-by: Daniel Stenberg
- Fixes: #9524
- Closes #9525
-
-Daniel Stenberg (17 Sep 2022)
-
-- tool_libinfo: silence "different 'const' qualifiers" in qsort()
-
- MSVC 15.0.30729.1 warned about it
-
- Follow-up to dd2a024323dcc
-
- Closes #9522
-
-Patrick Monnerat (16 Sep 2022)
-
-- docs: tell about disabled protocols in CURLOPT_*PROTOCOLS_STR.
-
- Disabled protocols are now handled as if they were unknown.
- Also update the possible protocol list.
-
-- cli tool: do not use disabled protocols
-
- As they are now rejected by the library, take care of not passing
- disabled protocol names to CURLOPT_PROTOCOLS_STR and
- CURLOPT_REDIR_PROTOCOLS_STR.
-
- Rather than using the CURLPROTO_* constants, dynamically assign protocol
- numbers based on the order they are listed by curl_version_info().
-
- New type proto_set_t implements prototype bit masks: it should therefore
- be large enough to accomodate all library-enabled protocols. If not,
- protocol numbers beyond the bit count of proto_set_t are recognized but
- "inaccessible": when used, a warning is displayed and the value is
- ignored. Should proto_set_t overflows, enabled protocols are reordered to
- force those having a public CURLPROTO_* representation to be accessible.
-
- Code has been added to subordinate RTMP?* protocols to the presence of
- RTMP in the enabled protocol list, being returned by curl_version_info()
- or not.
-
-- setopt: use the handler table for protocol name to number conversions
-
- This also returns error CURLE_UNSUPPORTED_PROTOCOL rather than
- CURLE_BAD_FUNCTION_ARGUMENT when a listed protocol name is not found.
-
- A new schemelen parameter is added to Curl_builtin_scheme() to support
- this extended use.
-
- Note that disabled protocols are not recognized anymore.
-
- Tests adapted accordingly.
-
- Closes #9472
-
-Daniel Stenberg (16 Sep 2022)
-
-- altsvc: use 'h3' for h3
-
- Since the official and real version has been out for a while now and servers
- are deployed out there using it, there is no point in sticking to h3-29.
-
- Reported-by: ウさん
- Fixes #9515
- Closes #9516
-
-chemodax (16 Sep 2022)
-
-- winbuild: Use NMake batch-rules for compilation
-
- - Invoke cl compiler once for each group of .c files.
-
- This is significantly improves compilation time. For example in my
- environment: 40 s --> 20 s.
-
- Prior to this change cl was invoked per .c file.
-
- Closes https://github.com/curl/curl/pull/9512
-
-Daniel Stenberg (16 Sep 2022)
-
-- ws: the infof() flags should be %zu
-
- Follow-up to e5e9e0c5e49ae0
-
- Closes #9518
-
-- curl: warn for --ssl use, considered insecure
-
- Closes #9519
-
-Sergey Bronnikov (16 Sep 2022)
-
-- curl_escape.3: fix typo
-
- lengthf -> length
-
- Closes #9517
-
-Daniel Stenberg (16 Sep 2022)
-
-- mailmap: merge Philip Heiduck's two addresses into one
-
-- test1948: verify PUT + POST reusing the same handle
-
- Reproduced #9507, verifies the fix
-
-- setopt: when POST is set, reset the 'upload' field
-
- Reported-by: RobBotic1 on github
- Fixes #9507
- Closes #9511
-
-Marc Hoersken (15 Sep 2022)
-
-- github: initial CODEOWNERS setup for CI configuration
-
- Reviewed-by: Daniel Stenberg
- Reviewed-by: Marcel Raad
- Reviewed-by: Max Dymond
-
- Closes #9505
-
- [skip ci]
-
-Philip Heiduck (15 Sep 2022)
-
-- CI: optimize some more dependencies install
-
- Signed-off-by: Philip Heiduck <pheiduck@Philips-MBP.lan>
-
- Closes #9500
-
-Marc Hoersken (15 Sep 2022)
-
-- CI/GHA: merge event-based and NSS into new linux workflow
-
- Continue work on merging all Linux workflows into one file.
-
- Follow up to #9501
- Closes #9506
-
-Daniel Stenberg (15 Sep 2022)
-
-- include/curl/websockets.h: add extern "C" for C++
-
- Reported-by: n0name321 on github
- Fixes #9509
- Closes #9510
-
-- lib1560: extended to verify detect/reject of unknown schemes
-
- ... when no guessing is allowed.
-
-- urlapi: detect scheme better when not guessing
-
- When the parser is not allowed to guess scheme, it should consider the
- word ending at the first colon to be the scheme, independently of number
- of slashes.
-
- The parser now checks that the scheme is known before it counts slashes,
- to improve the error messge for URLs with unknown schemes and maybe no
- slashes.
-
- When following redirects, no scheme guessing is allowed and therefore
- this change effectively prevents redirects to unknown schemes such as
- "data".
-
- Fixes #9503
-
-- strerror: improve two URL API error messages
-
-Marc Hoersken (14 Sep 2022)
-
-- CI/GHA: merge bearssl and hyper into initial linux workflow
-
- Begin work on merging all Linux workflows into one file.
-
- Closes #9501
-
-Daniel Stenberg (14 Sep 2022)
-
-- RELEASE-NOTES: synced
-
-- cmake: define BUILDING_LIBCURL in lib/CMakeLists, not config.h
-
- Since the config file might also get included by the tool code at times.
- This syncs with how other builds do it.
-
- Closes #9498
-
-- tool_hugehelp: make hugehelp a blank macro when disabled
-
- Closes #9485
-
-- getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled
-
- ... to improve the output in this situation. Now it doesn't say "option
- unknown" anymore.
-
- Closes #9485
-
-- setopt: fix compiler warning
-
- Follow-up to cd5ca80f00d2
-
- closes #9502
-
-Philip Heiduck (13 Sep 2022)
-
-- CI: skip make, do make install at once for dependencies
-
- Signed-off-by: Philip Heiduck <pheiduck@Philips-MBP.lan>
-
- Closes #9477
-
-Daniel Stenberg (13 Sep 2022)
-
-- formdata: typecast the va_arg return value
-
- To avoid "enumerated type mixed with another type" warnings
-
- Follow-up from 0f52dd5fd5aa3592691a
-
- Closes #9499
-
-- RELEASE-PROCEDURE.md: mention patch releases
-
- - When to make them and how to argue for them
- - Refreshed the release date list
-
- Closes #9495
-
-- urldata: use a curl_prot_t type for storing protocol bits
-
- This internal-use-only storage type can be bumped to a curl_off_t once
- we need to use bit 32 as the previous 'unsigned int' can no longer hold
- them all then.
-
- The websocket protocols take bit 30 and 31 so they are the last ones
- that fit within 32 bits - but cannot properly be exported through APIs
- since those use *signed* 32 bit types (long) in places.
-
- Closes #9481
-
-zhanghu on xiaomi (13 Sep 2022)
-
-- formdata: fix warning: 'CURLformoption' is promoted to 'int'
-
- curl/lib/formdata.c: In function 'FormAdd':
- curl/lib/formdata.c:249:31: warning: 'CURLformoption' is promoted to 'int' wh
- en passed through '...'
- 249 | option = va_arg(params, CURLformoption);
- | ^
- curl/lib/formdata.c:249:31: note: (so you should pass 'int' not 'CURLformopti
- on' to 'va_arg')
- curl/lib/formdata.c:249:31: note: if this code is reached, the program will a
- bort
-
- Closes #9484
-
-Daniel Stenberg (13 Sep 2022)
-
-- CURLOPT_CONNECT_ONLY.3: for ws(s) as well
-
- and correct the version number for when that support comes. Even if it
- is still experimental for WebSocket.
-
- Closes #9487
-
-- tool_operate: avoid a few #ifdefs for disabled-libcurl builds
-
- By providing empty macros in the header file instead, the code gets
- easier to read and yet is disabled on demand.
-
- Closes #9486
-
-a1346054 on github (13 Sep 2022)
-
-- scripts: use `grep -E` instead of `egrep`
-
- egrep is deprecated
-
- Closes #9491
-
-Hayden Roche (13 Sep 2022)
-
-- wolfSSL: fix session management bug.
-
- Prior to this commit, non-persistent pointers were being used to store
- sessions. When a WOLFSSL object was then freed, that freed the session
- it owned, and thus invalidated the pointer held in curl's cache. This
- commit makes it so we get a persistent (deep copied) session pointer
- that we then add to the cache. Accordingly, wolfssl_session_free, which
- was previously a no-op, now needs to actually call SSL_SESSION_free.
-
- This bug was discovered by a wolfSSL customer.
-
- Closes #9492
-
-Daniel Stenberg (13 Sep 2022)
-
-- docs: use "WebSocket" in singular
-
- This is how the RFC calls the protocol. Also rename the file in docs/ to
- WEBSOCKET.md in uppercase to match how we have done it for many other
- protocol docs in similar fashion.
-
- Add the WebSocket docs to the tarball.
-
- Closes #9496
-
-Marcel Raad (12 Sep 2022)
-
-- ws: fix build without `USE_WEBSOCKETS`
-
- The curl.h include is required unconditionally.
-
-- ws: add missing curl.h include
-
- A conflict between commits 664249d0952 and e5839f4ee70 broke the build.
-
-Daniel Stenberg (12 Sep 2022)
-
-- ws: fix an infof() call to use %uz for size_t output
-
- Detected by Coverity, CID 1514665.
-
- Closes #9480
-
-Marcel Raad (12 Sep 2022)
-
-- curl_setup: include only system.h instead of curl.h
-
- As done before commit 9506d01ee50.
-
- Ref: https://github.com/curl/curl/pull/9375#discussion_r957010158
- Closes https://github.com/curl/curl/pull/9453
-
-- lib: add missing limits.h includes
-
- Closes https://github.com/curl/curl/pull/9453
-
-- lib and tests: add missing curl.h includes
-
- Closes https://github.com/curl/curl/pull/9453
-
-- curl_setup: include curl.h after platform setup headers
-
- The platform setup headers might set definitions required for the
- includes in curl.h.
-
- Ref: https://github.com/curl/curl/pull/9375#discussion_r956998269
- Closes https://github.com/curl/curl/pull/9453
-
-Benjamin Loison (12 Sep 2022)
-
-- docs: correct missing uppercase in Markdown files
-
- To detect these typos I used:
-
- ```
- clear && grep -rn '\. [a-z]' . | uniq | grep -v '\. lib' | grep -v '[0-9]\. [
- a-z]' | grep -v '\.\. [a-z]' | grep -v '\. curl' | grep -v 'e.g. [a-z]' | gre
- p -v 'eg. [a-z]' | grep -v '\etc. [a-z]' | grep -v 'i.e\. [a-z]' | grep --col
- or=always '\. [a-z]' | grep '\.md'
- ```
-
- Closes #9474
-
-Daniel Stenberg (12 Sep 2022)
-
-- tool_setopt: use better English in --libcurl source comments
-
- Like this:
-
- XYZ was set to an object pointer
- ABC was set to a function pointer
-
- Closes #9475
-
-- setopt: make protocol2num use a curl_off_t for the protocol bit
-
- ... since WSS does not fit within 32 bit.
-
- Bug: https://github.com/curl/curl/pull/9467#issuecomment-1243014887
- Closes #9476
-
-- RELEASE-NOTES: synced
-
-- configure: polish the grep -E message a bit further
-
- Suggested-by: Emanuele Torre
- Closes #9473
-
-- GHA: add a gcc-11 -O3 build using OpenSSL
-
- Since -O3 might trigger other warnings
-
- Closes #9454
-
-Patrick Monnerat (11 Sep 2022)
-
-- content_encoding: use writer struct subclasses for different encodings
-
- The variable-sized encoding-specific storage of a struct contenc_writer
- currently relies on void * alignment that may be insufficient with
- regards to the specific storage fields, although having not caused any
- problems yet.
-
- In addition, gcc 11.3 issues a warning on access to fields of partially
- allocated structures that can occur when the specific storage size is 0:
-
- content_encoding.c: In function ‘Curl_build_unencoding_stack’:
- content_encoding.c:980:21: warning: array subscript ‘struct contenc_write
- r[0]’ is partly outside array bounds of ‘unsigned char[16]’ [-Warray-bo
- unds]
- 980 | writer->handler = handler;
- | ~~~~~~~~~~~~~~~~^~~~~~~~~
- In file included from content_encoding.c:49:
- memdebug.h:115:29: note: referencing an object of size 16 allocated by ‘c
- url_dbg_calloc’
- 115 | #define calloc(nbelem,size) curl_dbg_calloc(nbelem, size, __LINE__,
- __FILE__)
- | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- ~~~~~~~~~~
- content_encoding.c:977:60: note: in expansion of macro ‘calloc’
- 977 | struct contenc_writer *writer = (struct contenc_writer *)calloc(1
- , sz);
-
- To solve both these problems, the current commit replaces the
- contenc_writer/params structure pairs by "subclasses" of struct
- contenc_writer. These are structures that contain a contenc_writer at
- offset 0. Proper field alignment is therefore handled by the compiler and
- full structure allocation is performed, silencing the warnings.
-
- Closes #9455
-
-Daniel Stenberg (11 Sep 2022)
-
-- configure: correct the wording when checking grep -E
-
- The check first checks that grep -E works, and only as a fallback tries
- to find and use egrep. egrep is deprecated.
-
- This change only corrects the output wording, not the checks themselves.
-
- Closes #9471
-
-Viktor Szakats (10 Sep 2022)
-
-- websockets: sync prototypes in docs with implementation [ci skip]
-
- Docs for the new send/recv functions synced with the committed versions
- of these.
-
- Closes #9470
-
-Daniel Stenberg (10 Sep 2022)
-
-- setopt: make protocols2num() work with websockets
-
- So that CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR can
- specify those as well.
-
- Reported-by: Patrick Monnerat
- Bug: https://curl.se/mail/lib-2022-09/0016.html
- Closes #9467
-
-- curl/websockets.h: remove leftover bad typedef
-
- Just a leftover trace of a development thing that did not stay like
- that.
-
- Reported-by: Marc Hörsken
- Fixes #9465
- Cloes #9466
-
-Orgad Shaneh (10 Sep 2022)
-
-- fix Cygwin/MSYS compilation
-
- _getpid is Windows API. On Cygwin variants it should remain getpid.
-
- Fixes #8220
- Closes #9255
-
-Marc Hoersken (10 Sep 2022)
-
-- GHA: prepare workflow merge by aligning structure again
-
- Closes #9413
-
-Daniel Stenberg (9 Sep 2022)
-
-- docs: the websockets symbols are added in 7.86.0
-
- Nothing else
-
- Closes #9459
-
-- tests/libtest/Makefile.inc: fixup merge conflict mistake
-
-- EXPERIMENTAL.md: add WebSockets
-
-- appveyor: enable websockets
-
-- cirrus: enable websockets in the windows builds
-
-- GHA: add websockets to macos, openssl3 and hyper builds
-
-- tests: add websockets tests
-
- - add websockets support to sws
- - 2300: first very basic websockets test
- - 2301: first libcurl test for ws (not working yet)
- - 2302: use the ws callback
- - 2303: test refused upgrade
-
-- curl_ws_meta: initial implementation
-
-- curl_ws_meta.3: added docs
-
-- ws: initial websockets support
-
- Closes #8995
-
-- version: add ws + wss
-
-- libtest/lib1560: test basic websocket URL parsing
-
-- configure: add --enable-websockets
-
-- docs/WebSockets.md: docs
-
-- test415: verify Content-Length parser with control code + negative value
-
-- strtoofft: after space, there cannot be a control code
-
- With the change from ISSPACE() to ISBLANK() this function no longer
- deals with (ignores) control codes the same way, which could lead to
- this function returning unexpected values like in the case of
- "Content-Length: \r-12354".
-
- Follow-up to 6f9fb7ec2d7cb389a0da5
-
- Detected by OSS-fuzz
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51140
- Assisted-by: Max Dymond
- Closes #9458
-
-- headers: reset the requests counter at transfer start
-
- If not, reusing an easy handle to do a subsequent transfer would
- continue the counter from the previous invoke, which then would make use
- of the header API difficult/impossible as the request counter
- mismatched.
-
- Add libtest 1947 to verify.
-
- Reported-by: Andrew Lambert
- Fixes #9424
- Closes #9447
-
-Jay Satiro (8 Sep 2022)
-
-- header: define public API functions as extern c
-
- Prior to this change linker errors would occur if curl_easy_header or
- curl_easy_nextheader was called from a C++ unit.
-
- Bug: https://github.com/curl/curl/issues/9424#issuecomment-1238818007
- Reported-by: Andrew Lambert
-
- Closes https://github.com/curl/curl/pull/9446
-
-Daniel Stenberg (8 Sep 2022)
-
-- http2: make nghttp2 less picky about field whitespace
-
- In nghttp2 1.49.0 it returns error on leading and trailing whitespace in
- header fields according to language in the recently shipped RFC 9113.
-
- nghttp2 1.50.0 introduces an option to switch off this strict check and
- this change enables this option by default which should make curl behave
- more similar to how it did with nghttp2 1.48.0 and earlier.
-
- We might want to consider making this an option in the future.
-
- Closes #9448
-
-- RELEASE-NOTES: synced
-
- And bump to 7.86.0 for the pending next release
|