diff options
Diffstat (limited to 'libs/libcurl/docs/CHANGES')
| -rw-r--r-- | libs/libcurl/docs/CHANGES | 10493 |
1 files changed, 5758 insertions, 4735 deletions
diff --git a/libs/libcurl/docs/CHANGES b/libs/libcurl/docs/CHANGES index 5553b0a845..8ea9d27b12 100644 --- a/libs/libcurl/docs/CHANGES +++ b/libs/libcurl/docs/CHANGES @@ -6,6 +6,5764 @@ Changelog
+Version 8.9.0 (24 Jul 2024)
+
+Daniel Stenberg (24 Jul 2024)
+
+- RELEASE-NOTES: synced
+
+- THANKS: updates from the 8.9.0 release
+
+- curl_easy_escape.md: move historic details to HISTORY
+
+ Closes #14261
+
+- docs/libcurl: add to cleanup docs that their inputs go invalid
+
+ Reported-by: icy17 on github
+ Fixes #14248
+ Closes #14258
+
+dependabot[bot] (23 Jul 2024)
+
+- GHA: bump github/codeql-action from 3.25.11 to 3.25.13
+
+ Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.
+ 25.11 to 3.25.13.
+ - [Release notes](https://github.com/github/codeql-action/releases)
+ - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
+ - [Commits](https://github.com/github/codeql-action/compare/b611370bb5703a7ef
+ b587f9d136a52ea24c5c38c...2d790406f505036ef40ecba973cc774a50395aac)
+
+ ---
+ updated-dependencies:
+ - dependency-name: github/codeql-action
+ dependency-type: direct:production
+ update-type: version-update:semver-patch
+ ...
+
+ Signed-off-by: dependabot[bot] <support@github.com>
+ Closes #14255
+
+Stefan Eissing (23 Jul 2024)
+
+- conncache: connection shutdown, multi_socket handling
+
+ - implement the socket hash user/reader/writer processing also
+ for connections that are being shut down by the connection cache.
+ - split out handling of current vs. last pollset socket event handling
+ into a function available in other code parts
+ - add `shutdown_poll` pollset to `connectdata` struct so that changes
+ in the pollset can be recorded during shutdown. (The internal handle
+ cannot keep it since it might be used for many connections)
+
+ Reported-by: calvin2021y on github
+ Fixes #14252
+ Closes #14257
+
+Daniel Stenberg (22 Jul 2024)
+
+- tool_cb_prg: output "flying saucers" with leading carriage return
+
+ Because that is how the progress-bar is output, so when the progress-bar
+ has been shown at least once and the information is reset, like for a
+ redirect, there might be a moment where the size goes from known to
+ unknown and then the flying saucerts are shown after a brief display of
+ the progress-bar.
+
+ It could previously cause accidental character leftovers on the right
+ side of the bar when using a narrow display.
+
+ Reported-by: Chris Webb
+ Fixes #14213
+ Closes #14246
+
+- lib: Curl_posttransfer => multi_posttransfer
+
+ Moved from transfer.c to multi.c as it was only used within multi.c
+
+ Made a void, as it returned a fixed return code nothing checked.
+
+ Closes #14240
+
+- CURLOPT_SSL_VERIFYHOST.md: refresh
+
+ Move mentions of old behavior to the HISTORY section to make it easier
+ to read about modern behavior.
+
+ Added a MATCHING section.
+
+ Closes #14241
+
+- multi: do a final progress update on connect failure
+
+ To fix timing metric etc
+
+ Co-authored-by: Justin Maggard
+ Fixes #14204
+ Closes #14239
+
+Orgad Shaneh (19 Jul 2024)
+
+- md4: fix compilation with OpenSSL 1.x with md4 disabled
+
+ If OpenSSL 1.x is used, and it is configured with md4 disabled,
+ OPENSSL_NO_MD4 is defined in opensslconf.h, but this header was not
+ included before checking for this define.
+
+ Later in md4.c, openssl/md4.h is included, and it includes that header
+ indirectly, leading to inconsistency within md4.c.
+
+ Since the md4.h branch was taken, wincrypt.h (or others) is not
+ included, and later below the USE_WIN32_CRYPTO branch is taken, but the
+ types are not defined.
+
+ Closes #14218
+
+martinevsky (19 Jul 2024)
+
+- ftp: remove redundant null pointer check in loop condition
+
+ Closes #14234
+
+Justin Maggard (19 Jul 2024)
+
+- mbedtls: check version before getting tls version
+
+ mbedtls_ssl_get_version_number() was added in mbedtls 3.2.0. Check for
+ that version before using it.
+
+ Closes #14228
+
+martinevsky (19 Jul 2024)
+
+- urlapi: remove unused definition of HOST_BAD
+
+ Closes #14235
+
+Daniel Stenberg (19 Jul 2024)
+
+- curldown: fixups
+
+ - make DEFAULT sections less repetitive
+
+ - make historic mentions use HISTORY
+
+ - generate the protocols section on `# %PROTOCOLS%` instead of guessing
+ where to put it
+
+ - generate the availability section on `# %AVAILABILITY%` instead of
+ guessing where to put it
+
+ - make the protocols section more verbose
+
+ Closes #14227
+
+Tal Regev (19 Jul 2024)
+
+- GHA/windows: enable libssh in !ssl MSVC job
+
+ Closes #14232
+
+- GHA/windows: enable libidn2 in !ssl MSVC job
+
+ Closes #14200
+
+Viktor Szakats (19 Jul 2024)
+
+- GHA/macos: improve, fix gcc/llvm, add new test matrix
+
+ This PR began as an attempt to drop GCC support, after repeated reports
+ on fallouts when trying to use it on macOS.
+
+ Then it transformed into a 3-week project turning up the issues causing
+ the fallouts, ending up including llvm and all available Xcode / macOS
+ SDK, macOS runner image, build tools and compiler vendors and versions.
+ Accumulating 400 sub-commits.
+
+ I developed and tested all fixes under this PR, then merged them as
+ separate patches.
+
+ This PR retained CI jobs updates, extensively reworking and extending
+ them: [1]
+
+ At first it seemed GCC and the Apple SDK is "naturally" growing more
+ incompatible, as Apple added further non-standard features to their
+ headers. This is partly true, but reality is more complicated.
+
+ Besides some issues local to curl, there were bugs in Apple SDK
+ headers, Homebrew GCC builds, feature missing in the old llvm version
+ pre-installed on GitHub CI runner images, and subtle incompatibilities
+ between GCC and llvm/clang when handling language extensions.
+
+ Resulting compiler errors seldom pointed to a useful direction, and
+ internet search was silent about these issues too. Thus, I had to peel
+ them off layer by layer, using trial and error, and by recognizing
+ patterns of failures accross 150-200 builds combinations. Exposing
+ configure logs, and curl_config.h in the CI logs helped too.
+
+ 1. GCC header compatibility layer ("hack" as GCC calls it)
+
+ The toughest issue is GCC's built-in compatibility layer:
+ https://github.com/gcc-mirror/gcc/tree/master/fixincludes
+
+ This patch layer is further patched by a "Darwin compatibility" project
+ applied on top by Homebrew GCC via:
+ https://github.com/iains/gcc-12-branch
+ https://github.com/iains/gcc-13-branch
+ https://github.com/iains/gcc-14-branch
+
+ The hack layer is designed in a way that breaks more builds than it
+ fixes, esp. in context of GHA runners. The idea is to build GCC
+ specifically for the SDK for the target macOS version. The problem with
+ this approach is that the Xcode + SDK installed on the local/CI machine
+ often does not match with the SDK used on while building GCC on
+ Homebrew's build machines. In these cases the GCC compatibility layer
+ turns into an "uncompatibility" layer and consistently breaks builds.
+ curl cannot offer a fix for this, because the solution (I found) is to
+ patch the toolchain on the local machine. I implemented this for our CI
+ builds and curl-for-win. In other case the user must do this patching
+ manually, or choose a compatible GCC + Xcode/SDK combination.
+
+ An upstream fix doesn't seem trivial either, because the issue is
+ ingrained in the compatibility layer's design. Offering an `-fapplesdk`
+ (or recognizing `-target`) option and/or fixing them within the compiler
+ would seem like a more robust option, and also how mainline llvm solves
+ this.
+
+ Here's a table summarizing the GCC + SDK combinations and curl build
+ failures: [2]
+
+ More info: https://github.com/curl/curl/issues/10356#issuecomment-2222734103
+
+ db135f8d7207b20d531e7e2100a49f3e16bdcfab #14119 macos: add workaround for gcc
+ , non-c-ares, IPv6, compile error
+ Ref: https://github.com/curl/curl-for-win/commit/e2db3c475f5981352e6e6a79854a
+ 255805b28deb
+ Ref: https://github.com/curl/curl-for-win/commit/f5c58d7fef78e972be33ca2355dc
+ b42ba56622a6
+
+ 2. Homebrew GCC's `availability` extension
+
+ A recent minor Homebrew GCC upgrade caused major breakage. The "Darwin
+ compatibility" patch applied to GCC implemented the `availability`
+ compiler attribute in GCC. Apple SDK detected this and enabled using
+ them, but as it turns out GCC accepts compiler attributes with slightly
+ different rules than llvm/clang, and how the Apple SDK uses them,
+ breaking builds.
+
+ Affected Homebrew GCC versions are: 12.4.0, 13.3.0 and 14.1.0.
+
+ Possibly tracked here: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796
+ More info: https://github.com/llvm/llvm-project/issues/81767
+
+ Commit implementing the `availability` macro:
+ gcc-12: https://github.com/iains/gcc-12-branch/commit/fd5530b7cb0012bf4faeddd
+ 45e13054a1dfa6783
+ gcc-13: https://github.com/iains/gcc-13-branch/commit/cb7e4eca68cfc4763474e2e
+ b0935a844458842a8
+ gcc-14: https://github.com/iains/gcc-14-branch/commit/ff62a108865a6403f501738
+ 0d7018250c1d3306f
+
+ That applied to Homebrew GCC (12.4.0):
+ https://github.com/Homebrew/homebrew-core/commit/b904223d9893f62bec2a8f7483bf
+ 5992747fc6c7#diff-89dd0b4176eca7fcc24b591943509bf8a8d6ea904d71e5dfcd6b78fed62
+ fc574R44-R48
+
+ Ref: #13700
+ More info: https://github.com/curl/curl/pull/14091#issuecomment-2222703468
+
+ e91fcbac7d86292858718a0bfebad57978761af4 #14155 macos: undo `availability` ma
+ cro enabled by Homebrew gcc
+
+ 3. Proprietary Apple SDK macros
+
+ Apple SDK expects certain macros predefined by the compiler. Missing
+ them may causes odd issues. Mainline llvm is keeping up with Apple
+ clang, but it needs a fresh version, while the one installed on GitHub
+ runners is old (v15). I patched these in `lib/curl_setup.h`.
+
+ baa3270846b2a7307cbd0dd5c02c4e5f00e388dd #14134 build: fix llvm 16 or older +
+ Xcode 15 or newer, and gcc
+
+ 4. Apple SDK header bug
+
+ Without certain predefined macros, SDK headers can take a codepath where
+ it mis-defines its own `TARGET_OS_OSX` macro, which make it break its
+ own headers later. I patched it in `lib/curl_setup.h`.
+
+ ff784af461175584c73e7e2b65af00b1a5a6f67f #14159 build: fix llvm 17 and older
+ + macOS SDK 14.4 and newer
+
+ 5. `TargetConditionals.h` requires `sys/types.h`
+
+ Fixed in curl. It caused feature-detection failurs with autotools, and
+ could break builds in certain configurations.
+
+ e1f6192939c9c5ab2310b60bedf4c07d635193f6 #14130 configure: fix `SystemConfigu
+ ration` detection
+
+ 6. Differences between autotools and CMake compiler options
+
+ Fixed it by syncing compiler warning options.
+
+ 59cadacfcc1d39472245979cdbd614c7a9af6f0d #14128 build: sync warning options b
+ etween autotools, cmake & compilers
+
+ 7. Differences between autotools and CMake dependency detection
+
+ Fixed it by improving detection of libidn2, with some more fixes
+ pending for the next feature window.
+
+ f43adc2c4978f7f82a359e89186e58a31d17b0ad #14137 cmake: detect `libidn2` also
+ via `pkg-config`
+ Ref: #14136 cmake: detect `nghttp2` via `pkg-config`, enable by default
+
+ 8. libidn2 detection bug with CMake
+
+ Fixed the root cause and also the trigger in the CI config.
+
+ 764fbabf6ed4c1d36c0ab2033ac8df52d9923cd7 #14175 cmake: fix builds with detect
+ ed libidn2 lib but undetected header
+
+ 9. Suppressed compiler warnings inside Apple-specific curl code
+
+ Fixed these warnings, which allowed to stop silencing them.
+
+ b05dc7eb3592305de9fa85640767f3dd2a8d4c93 #14122 sectransp: fix `HAVE_BUILTIN_
+ AVAILABLE` checks to not emit warnings
+ 5fa534b0dacdc120aaab0766047e0ecac37be4b3 #14162 sectransp: fix clang compiler
+ warnings, stop silencing them
+
+ 10. CMake mis-detecting a CA bundle path on macOS
+
+ d2ef6255f4a040397d2f40ab7cbf65a203201cd9 #14182 cmake: sync CA bundle/path de
+ tection with autotools
+
+ 11. Failure to build tests with LibreSSL or wolfSSL with CMake
+
+ Fixed by dropping unnecessary includes, makign test builds dependent
+ on dependency headers.
+
+ 3765d75ce47b66289f946382b649d0e99389dc77 #14172 cmake: fix building `unit1600
+ ` due to missing `ssl/openssl.h`
+
+ 12. curl tests with CMake
+
+ curl's CMake was missing bits for running the C preprocessor accurately.
+ It made tests 1119 and 1167 fail. I implemented the missing bits.
+
+ efc2c5184d008fe2e5910fd03263e1ab0331d4e6 #14124 tests: include current direct
+ ory when running test Perl commands
+ c09db8b51b88ee6ad55bd637dcb4b47678e30906 #14129 cmake: create `configurehelp.
+ pm` like autotools does
+ 67cc1e3400b77536a3ca529c986247e1ef985e6e #14125 test1119: adapt for `.md` inp
+ ut
+
+ 13. GCC missing `__builtin_available()` support
+
+ curl source code assumes this is available to enable certain codepaths.
+ It's also intermixed with monotonic timer support.
+
+ 14. Monotonic timer support with GCC
+
+ Detected by GCC, while it probably shouldn't be. llvm/clang detects it
+ depending on target OS version. I've been playing with this, but so far
+ without a conclusion or fix.
+
+ 15. Runtime/test failures with GCC
+
+ I couldn't find the reason for most of this. A bunch of RTSP tests fail
+ with GCC. SecureTransport + HTTP/2 is failing a bunch of tests. With
+ OpenSSL it fails two of those. SecureTransport builds also fail one DoH
+ test.
+
+ 16. Runtime/test failure in llvm/clang
+
+ AppleIDN support received a fix with two more remaining.
+
+ fd0250869f7837e4a48d7e6f54cc0801ad3820e8 #14179 #14176 IDN: fix ß with Apple
+ IDN
+
+ 17. Other issues found and fixed while working on this:
+
+ 2c15aa5765900d4351e733671a1c8c3785beee1a GHA/macos: delete misplaced `
+ CFLAGS`, drop redundant CMake option
+ 80fb7c0bef209735ab352bf4afa31193a7bc65f1 #14126 configure: limit `SystemConfi
+ guration` test to non-c-ares, IPv6 builds
+ cfd6f43d6ca7e57670b422bab7bbf10221a2cf3e #14127 build: tidy up `__builtin_ava
+ ilable` feature checks (Apple)
+ bae555359979016999a9425a2d489f219a78abdd #14174 runtests: show name and keywo
+ rds for failed tests in summary
+ 09cdf7e5315711dea4ce7dcf5d99a4d41e7f658b #14178 cmake: delete unused `HAVE_LI
+ BSSH2`, `HAVE_LIBSOCKET` macros
+ d3595c74fab829f07ef44da1b7fc2f5668767020 #14186 configure: CA bundle/path det
+ ection fixes
+ 58772b0e082eda333e0a5fc8fb0bc7f17a3cd99c #14187 runtests: set `SOURCE_DATE_EP
+ OCH` to fix failing around midnight
+ 18f1cd7a77c4beecfd977d43f55634eb593ac99e #14183 tests: sync feature names wit
+ h `curl -V`
+ 4c22d97be786ed801e050da6872dd3143d6d0a59 #14181 build: use `#error` instead o
+ f invalid syntax
+
+ Pending merges:
+
+ - #14185 runtests: fold test details for GitHub CI runs
+ - #14197 cmake: grab-bag of tidy-ups
+ - #14196 configure: limit `__builtin_available` test to Darwin
+
+ Summary:
+
+ In general GCC doesn't seem to be a good fit with curl and macOS for
+ now. These "lucky" combinations (GitHub Actions runner) will build out
+ of the box now: macos-14 + Xcode 15.0.1 + gcc-11, gcc-12, gcc-14. The
+ rest builds with the ugly workaround in place, but all this still leaves
+ some runtime issues.
+
+ More info and links in the commit messages and source code.
+
+ [1]: This PR:
+ - add info about target OS version requirements per feature, with OS
+ names and release years.
+ - stop using `-Wno-deprecated-declarations` to suppress warnings.
+ - use `LDFLAGS=-w` to suppress 'object file was built for newer macOS
+ version than being linked' warnings.
+ (there were tens of thousands of them in some jobs)
+ - allow overriding Xcode version in all jobs.
+ - improve job names.
+ - abbreviate CMake as CM, autotools as AM for more compact job names.
+ - shorten job names by using `!` instead of `no-` and `non-`.
+ - bump parellel tests to 10 (from 5).
+ - drop using `--enable-maintainer-mode` `./configure` option.
+ - add gcc-12 no-ssl, autotools job with tests, ignore failing test
+ results. (It's not yet clear why gcc-12 builds have different runtime
+ results than clang/llvm ones.)
+ - add comments with OS names and release years next to version numbers,
+ e.g. 10.15 # Catalina (2019)
+ - fix broken gcc-12 SecureTransport build.
+ - show compiler, Xcode, SDK, gcc hack SDK versions, Homebrew
+ preinstalled packages and C compiler predefined macros for each job.
+ Useful for debugging all the strange problems these builds might have.
+ - merge brew bundle and install steps.
+ - move step names to the top.
+ - dump configure log for both cmake and autotools also for successful
+ builds. Useful for debugging.
+ - dump curl_config.h in short (sorted #defines) and full form.
+ - add support for the mainline llvm compiler.
+ - set sysroot for gcc and llvm.
+ - add timeout for cmake jobs.
+ - add new job matrix: combinations
+ It supports building all possible compiler, runner image, Xcode/SDK
+ combinations, with cmake and autotools, target OS versions and with or
+ without SecureTransport. It's quick. GHA limits the maximum number of
+ matrix jobs at 256.
+ I used this as a test-rig to fix the macOS build fallouts with gcc and
+ llvm.
+ I settled with 16 jobs, trying to maximize fallout coverage.
+ - implement hack to make Homebrew gcc work with all available SDKs.
+ - add handy mini-table about Xcode / SDK versions, OS names, years for
+ each GHA images, with the defaults.
+ - add tests for cmake jobs.
+ - make cmake config hack to link GnuTLS less intrusive.
+ - stop ignoring test 1452, seems fine now.
+ - fix to enable libpsl in autotools builds.
+ - enable libpsl in cmake builds.
+ - add an llvm job with tests (both autotools and cmake).
+ - delete similar macOS jobs from Circle CI. GHA is now arm64 too.
+
+ [2]: Homebrew GCC vs GHA runner images vs curl builds:
+ ```
+ macOS Xcode gcc gcc SDK hacks Xcode SDK SDK major Build
+ Compile
+ (*def) (Homebrew) (CommandLineTools) versions
+ error
+ -------- -------- ---------- ------------------ ---------- --------- -----
+ ---------------------
+ macos-12 13.1 GCC 11.4.0 MacOSX12 MacOSX12.0
+ macos-12 13.2.1 GCC 11.4.0 MacOSX12 MacOSX12.1
+ macos-12 13.3.1 GCC 11.4.0 MacOSX12 MacOSX12.3
+ macos-12 13.4.1 GCC 11.4.0 MacOSX12 MacOSX12.3
+ macos-12 14.0.1 GCC 11.4.0 MacOSX12 MacOSX12.3
+ macos-12 14.1 GCC 11.4.0 MacOSX12 MacOSX13.0 MISMATCH FAIL
+ /Applications/Xcode_14.1.app/Contents/Developer/Platforms/MacOSX.platform/De
+ veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be
+ fore 'extern'
+ macos-12 *14.2 GCC 11.4.0 MacOSX12 MacOSX13.1 MISMATCH FAIL
+ /Applications/Xcode_14.2.app/Contents/Developer/Platforms/MacOSX.platform/De
+ veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be
+ fore 'extern'
+ macos-13 14.1 GCC 11.4.0 MacOSX13 MacOSX13.0
+ macos-13 14.2 GCC 11.4.0 MacOSX13 MacOSX13.1
+ macos-13 14.3.1 GCC 11.4.0 MacOSX13 MacOSX13.3
+ macos-13 *15.0.1 GCC 11.4.0 MacOSX13 MacOSX14.0 MISMATCH FAIL
+ /Applications/Xcode_15.0.1.app/Contents/Developer/Platforms/MacOSX.platform/
+ Developer/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown
+ type name 'dispatch_queue_t'
+ macos-13 15.1 GCC 11.4.0 MacOSX13 MacOSX14.2 MISMATCH FAIL
+ /Applications/Xcode_15.1.app/Contents/Developer/Platforms/MacOSX.platform/De
+ veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown ty
+ pe name 'dispatch_queue_t'
+ macos-13 15.2 GCC 11.4.0 MacOSX13 MacOSX14.2 MISMATCH FAIL
+ /Applications/Xcode_15.2.app/Contents/Developer/Platforms/MacOSX.platform/De
+ veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown ty
+ pe name 'dispatch_queue_t'
+ macos-14 14.3.1 GCC 11.4.0 MacOSX14 MacOSX13.3 MISMATCH FAIL
+ /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
+ e data types in declaration specifiers
+ macos-14 *15.0.1 GCC 11.4.0 MacOSX14 MacOSX14.0
+ macos-14 15.1 GCC 11.4.0 MacOSX14 MacOSX14.2
+ macos-14 15.2 GCC 11.4.0 MacOSX14 MacOSX14.2
+ macos-14 15.3 GCC 11.4.0 MacOSX14 MacOSX14.4
+ macos-14 15.4 GCC 11.4.0 MacOSX14 MacOSX14.5
+ macos-14 16.0 GCC 11.4.0 MacOSX14 MacOSX15.0 MISMATCH FAIL
+ /opt/homebrew/Cellar/gcc@11/11.4.0/lib/gcc/11/gcc/aarch64-apple-darwin23/11/
+ include-fixed/stdio.h:83:8: error: unknown type name 'FILE'
+ macos-12 13.1 GCC 12.4.0 MacOSX12 MacOSX12.0
+ macos-12 13.2.1 GCC 12.4.0 MacOSX12 MacOSX12.1
+ macos-12 13.3.1 GCC 12.4.0 MacOSX12 MacOSX12.3
+ macos-12 13.4.1 GCC 12.4.0 MacOSX12 MacOSX12.3
+ macos-12 14.0.1 GCC 12.4.0 MacOSX12 MacOSX12.3
+ macos-12 14.1 GCC 12.4.0 MacOSX12 MacOSX13.0 MISMATCH FAIL
+ /Applications/Xcode_14.1.app/Contents/Developer/Platforms/MacOSX.platform/De
+ veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be
+ fore 'extern'
+ macos-12 *14.2 GCC 12.4.0 MacOSX12 MacOSX13.1 MISMATCH FAIL
+ /Applications/Xcode_14.2.app/Contents/Developer/Platforms/MacOSX.platform/De
+ veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be
+ fore 'extern'
+ macos-13 14.1 GCC 12.4.0 MacOSX13 MacOSX13.0
+ macos-13 14.2 GCC 12.4.0 MacOSX13 MacOSX13.1
+ macos-13 14.3.1 GCC 12.4.0 MacOSX13 MacOSX13.3
+ macos-13 *15.0.1 GCC 12.4.0 MacOSX13 MacOSX14.0 MISMATCH FAIL
+ /Applications/Xcode_15.0.1.app/Contents/Developer/Platforms/MacOSX.platform/
+ Developer/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown
+ type name 'dispatch_queue_t'
+ macos-13 15.1 GCC 12.4.0 MacOSX13 MacOSX14.2 MISMATCH FAIL
+ /Applications/Xcode_15.1.app/Contents/Developer/Platforms/MacOSX.platform/De
+ veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown ty
+ pe name 'dispatch_queue_t'
+ macos-13 15.2 GCC 12.4.0 MacOSX13 MacOSX14.2 MISMATCH FAIL
+ /Applications/Xcode_15.2.app/Contents/Developer/Platforms/MacOSX.platform/De
+ veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown ty
+ pe name 'dispatch_queue_t'
+ macos-14 14.3.1 GCC 12.4.0 MacOSX14 MacOSX13.3 MISMATCH
+ macos-14 *15.0.1 GCC 12.4.0 MacOSX14 MacOSX14.0
+ macos-14 15.1 GCC 12.4.0 MacOSX14 MacOSX14.2
+ macos-14 15.2 GCC 12.4.0 MacOSX14 MacOSX14.2
+ macos-14 15.3 GCC 12.4.0 MacOSX14 MacOSX14.4
+ macos-14 15.4 GCC 12.4.0 MacOSX14 MacOSX14.5
+ macos-14 16.0 GCC 12.4.0 MacOSX14 MacOSX15.0 MISMATCH FAIL
+ /opt/homebrew/Cellar/gcc@12/12.4.0/lib/gcc/12/gcc/aarch64-apple-darwin23/12/
+ include-fixed/stdio.h:83:8: error: unknown type name 'FILE'
+ macos-12 13.1 GCC 13.3.0 MacOSX12 MacOSX12.0
+ macos-12 13.2.1 GCC 13.3.0 MacOSX12 MacOSX12.1
+ macos-12 13.3.1 GCC 13.3.0 MacOSX12 MacOSX12.3
+ macos-12 13.4.1 GCC 13.3.0 MacOSX12 MacOSX12.3
+ macos-12 14.0.1 GCC 13.3.0 MacOSX12 MacOSX12.3
+ macos-12 14.1 GCC 13.3.0 MacOSX12 MacOSX13.0 MISMATCH FAIL
+ /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
+ e data types in declaration specifiers
+ macos-12 *14.2 GCC 13.3.0 MacOSX12 MacOSX13.1 MISMATCH FAIL
+ /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
+ e data types in declaration specifiers
+ macos-13 14.1 GCC 13.3.0 MacOSX13 MacOSX13.0
+ macos-13 14.2 GCC 13.3.0 MacOSX13 MacOSX13.1
+ macos-13 14.3.1 GCC 13.3.0 MacOSX13 MacOSX13.3
+ macos-13 *15.0.1 GCC 13.3.0 MacOSX13 MacOSX14.0 MISMATCH FAIL
+ /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
+ e data types in declaration specifiers
+ macos-13 15.1 GCC 13.3.0 MacOSX13 MacOSX14.2 MISMATCH FAIL
+ /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
+ e data types in declaration specifiers
+ macos-13 15.2 GCC 13.3.0 MacOSX13 MacOSX14.2 MISMATCH FAIL
+ /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
+ e data types in declaration specifiers
+ macos-14 14.3.1 GCC 13.3.0 MacOSX14 MacOSX13.3 MISMATCH FAIL
+ /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
+ e data types in declaration specifiers
+ macos-14 *15.0.1 GCC 13.3.0 MacOSX14 MacOSX14.0 FAIL
+ /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
+ e data types in declaration specifiers
+ macos-14 15.1 GCC 13.3.0 MacOSX14 MacOSX14.2 FAIL
+ /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
+ e data types in declaration specifiers
+ macos-14 15.2 GCC 13.3.0 MacOSX14 MacOSX14.2 FAIL
+ /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
+ e data types in declaration specifiers
+ macos-14 15.3 GCC 13.3.0 MacOSX14 MacOSX14.4
+ macos-14 15.4 GCC 13.3.0 MacOSX14 MacOSX14.5
+ macos-14 16.0 GCC 13.3.0 MacOSX14 MacOSX15.0 MISMATCH FAIL
+ /opt/homebrew/Cellar/gcc@13/13.3.0/lib/gcc/13/gcc/aarch64-apple-darwin23/13/
+ include-fixed/stdio.h:83:8: error: unknown type name 'FILE'
+ macos-12 13.1 GCC 14.1.0 MacOSX12 MacOSX12.0
+ macos-12 13.2.1 GCC 14.1.0 MacOSX12 MacOSX12.1
+ macos-12 13.3.1 GCC 14.1.0 MacOSX12 MacOSX12.3
+ macos-12 13.4.1 GCC 14.1.0 MacOSX12 MacOSX12.3
+ macos-12 14.0.1 GCC 14.1.0 MacOSX12 MacOSX12.3
+ macos-12 14.1 GCC 14.1.0 MacOSX12 MacOSX13.0 MISMATCH FAIL
+ /Applications/Xcode_14.1.app/Contents/Developer/Platforms/MacOSX.platform/De
+ veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be
+ fore 'extern'
+ macos-12 *14.2 GCC 14.1.0 MacOSX12 MacOSX13.1 MISMATCH FAIL
+ /Applications/Xcode_14.2.app/Contents/Developer/Platforms/MacOSX.platform/De
+ veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be
+ fore 'extern'
+ macos-13 14.1 GCC 14.1.0 MacOSX13 MacOSX13.0
+ macos-13 14.2 GCC 14.1.0 MacOSX13 MacOSX13.1
+ macos-13 14.3.1 GCC 14.1.0 MacOSX13 MacOSX13.3
+ macos-13 *15.0.1 GCC 14.1.0 MacOSX13 MacOSX14.0 MISMATCH FAIL
+ /Applications/Xcode_15.0.1.app/Contents/Developer/Platforms/MacOSX.platform/
+ Developer/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:70:1: error: type defa
+ ults to 'int' in declaration of 'DISPATCH_DECL_FACTORY_CLASS_SWIFT' [-Wimplic
+ it-int]
+ macos-13 15.1 GCC 14.1.0 MacOSX13 MacOSX14.2 MISMATCH FAIL
+ /Applications/Xcode_15.1.app/Contents/Developer/Platforms/MacOSX.platform/De
+ veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:70:1: error: type defaul
+ ts to 'int' in declaration of 'DISPATCH_DECL_FACTORY_CLASS_SWIFT' [-Wimplicit
+ -int]
+ macos-13 15.2 GCC 14.1.0 MacOSX13 MacOSX14.2 MISMATCH FAIL
+ /Applications/Xcode_15.2.app/Contents/Developer/Platforms/MacOSX.platform/De
+ veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:70:1: error: type defaul
+ ts to 'int' in declaration of 'DISPATCH_DECL_FACTORY_CLASS_SWIFT' [-Wimplicit
+ -int]
+ macos-14 14.3.1 GCC 14.1.0 MacOSX14 MacOSX13.3 MISMATCH
+ macos-14 *15.0.1 GCC 14.1.0 MacOSX14 MacOSX14.0
+ macos-14 15.1 GCC 14.1.0 MacOSX14 MacOSX14.2
+ macos-14 15.2 GCC 14.1.0 MacOSX14 MacOSX14.2
+ macos-14 15.3 GCC 14.1.0 MacOSX14 MacOSX14.4
+ macos-14 15.4 GCC 14.1.0 MacOSX14 MacOSX14.5
+ macos-14 16.0 GCC 14.1.0 MacOSX14 MacOSX15.0 MISMATCH FAIL
+ /opt/homebrew/Cellar/gcc/14.1.0_1/lib/gcc/current/gcc/aarch64-apple-darwin23
+ /14/include-fixed/stdio.h:83:8: error: unknown type name 'FILE'
+ ```
+ Source: https://github.com/curl/curl/actions/runs/9883956647/job/27299564218
+
+ This commit fixes earlier commit
+ 1e75edd372868048c9f805ac4ca6d2cb5a88ff5a, reverted in
+ 41a7e0dcc9681afd91e066411bcee4f369c23366, where I cut the commit
+ message in half by accident. The patch itself is identical.
+
+ Closes #14097
+
+- Revert "GHA/macos: improve, fix gcc/llvm, add new test matrix"
+
+ This reverts commit 1e75edd372868048c9f805ac4ca6d2cb5a88ff5a.
+
+ Due to some parts of the commit message missing (my bad.)
+
+Daniel Stenberg (19 Jul 2024)
+
+- Revert "lib: send eos flag"
+
+ This reverts commit be93299f10ef0b2bf7fe5c82140120073831867a.
+
+Viktor Szakats (19 Jul 2024)
+
+- GHA/windows: use default shell CI feature
+
+ It makes repeating a line in each step unnecessary.
+
+ Closes #14206
+
+- GHA/macos: improve, fix gcc/llvm, add new test matrix
+
+ This PR began as an attempt to drop GCC support, after repeated reports
+ on fallouts when trying to use it on macOS.
+
+ Then it transformed into a 3-week project turning up the issues causing
+ the fallouts, ending up including llvm and all available Xcode / macOS
+ SDK, macOS runner image, build tools and compiler vendors and versions.
+ Accumulating 400 sub-commits.
+
+ I developed and tested all fixes under this PR, then merged them as
+ separate patches.
+
+ This PR retained CI jobs updates, extensively reworking and extending
+ them: [1]
+
+ At first it seemed GCC and the Apple SDK is "naturally" growing more
+ incompatible, as Apple added further non-standard features to their
+ headers. This is partly true, but reality is more complicated.
+
+ Besides some issues local to curl, there were bugs in Apple SDK
+ headers, Homebrew GCC builds, feature missing in the old llvm version
+ pre-installed on GitHub CI runner images, and subtle incompatibilities
+ between GCC and llvm/clang when handling language extensions.
+
+ Resulting compiler errors seldom pointed to a useful direction, and
+ internet search was silent about these issues too. Thus, I had to peel
+ them off layer by layer, using trial and error, and by recognizing
+ patterns of failures accross 150-200 builds combinations. Exposing
+ configure logs, and curl_config.h in the CI logs helped too.
+
+ 1. GCC header compatibility layer ("hack" as GCC calls it)
+
+ The toughest issue is GCC's built-in compatibility layer:
+ https://github.com/gcc-mirror/gcc/tree/master/fixincludes
+
+ This patch layer is further patched by a "Darwin compatibility" project
+ applied on top by Homebrew GCC via:
+ https://github.com/iains/gcc-12-branch
+ https://github.com/iains/gcc-13-branch
+ https://github.com/iains/gcc-14-branch
+
+ The hack layer is designed in a way that breaks more builds than it
+ fixes, esp. in context of GHA runners. The idea is to build GCC
+ specifically for the SDK for the target macOS version. The problem with
+ this approach is that the Xcode + SDK installed on the local/CI machine
+ often does not match with the SDK used on while building GCC on
+ Homebrew's build machines. In these cases the GCC compatibility layer
+ turns into an "uncompatibility" layer and consistently breaks builds.
+ curl cannot offer a fix for this, because the solution (I found) is to
+ patch the toolchain on the local machine. I implemented this for our CI
+ builds and curl-for-win. In other case the user must do this patching
+ manually, or choose a compatible GCC + Xcode/SDK combination.
+
+ An upstream fix doesn't seem trivial either, because the issue is
+ ingrained in the compatibility layer's design. Offering an `-fapplesdk`
+ (or recognizing `-target`) option and/or fixing them within the compiler
+ would seem like a more robust option, and also how mainline llvm solves
+ this.
+
+ Here's a table summarizing the GCC + SDK combinations and curl build
+ failures: [2]
+
+ More info: https://github.com/curl/curl/issues/10356#issuecomment-2222734103
+
+ db135f8d7207b20d531e7e2100a49f3e16bdcfab #14119 macos: add workaround for gcc
+ , non-c-ares, IPv6, compile error
+ Ref: https://github.com/curl/curl-for-win/commit/e2db3c475f5981352e6e6a79854a
+ 255805b28deb
+ Ref: https://github.com/curl/curl-for-win/commit/f5c58d7fef78e972be33ca2355dc
+ b42ba56622a6
+
+ 2. Homebrew GCC's `availability` extension
+
+ A recent minor Homebrew GCC upgrade caused major breakage. The "Darwin
+ compatibility" patch applied to GCC implemented the `availability`
+ compiler attribute in GCC. Apple SDK detected this and enabled using
+ them, but as it turns out GCC accepts compiler attributes with slightly
+ different rules than llvm/clang, and how the Apple SDK uses them,
+ breaking builds.
+
+ Affected Homebrew GCC versions are: 12.4.0, 13.3.0 and 14.1.0.
+
+ Possibly tracked here: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796
+ More info: https://github.com/llvm/llvm-project/issues/81767
+
+ Commit implementing the `availability` macro:
+ gcc-12: https://github.com/iains/gcc-12-branch/commit/fd5530b7cb0012bf4faeddd
+ 45e13054a1dfa6783
+ gcc-13: https://github.com/iains/gcc-13-branch/commit/cb7e4eca68cfc4763474e2e
+ b0935a844458842a8
+ gcc-14: https://github.com/iains/gcc-14-branch/commit/ff62a108865a6403f501738
+ 0d7018250c1d3306f
+
+ That applied to Homebrew GCC (12.4.0):
+ https://github.com/Homebrew/homebrew-core/commit/b904223d9893f62bec2a8f7483bf
+ 5992747fc6c7#diff-89dd0b4176eca7fcc24b591943509bf8a8d6ea904d71e5dfcd6b78fed62
+ fc574R44-R48
+
+ Ref: #13700
+ More info: https://github.com/curl/curl/pull/14091#issuecomment-2222703468
+
+ e91fcbac7d86292858718a0bfebad57978761af4 #14155 macos: undo `availability` ma
+ cro enabled by Homebrew gcc
+
+ 3. Proprietary Apple SDK macros
+
+ Apple SDK expects certain macros predefined by the compiler. Missing
+ them may causes odd issues. Mainline llvm is keeping up with Apple
+ clang, but it needs a fresh version, while the one installed on GitHub
+ runners is old (v15). I patched these in `lib/curl_setup.h`.
+
+ baa3270846b2a7307cbd0dd5c02c4e5f00e388dd #14134 build: fix llvm 16 or older +
+ Xcode 15 or newer, and gcc
+
+ 4. Apple SDK header bug
+
+ Without certain predefined macros, SDK headers can take a codepath where
+ it mis-defines its own `TARGET_OS_OSX` macro, which make it break its
+ own headers later. I patched it in `lib/curl_setup.h`.
+
+ ff784af461175584c73e7e2b65af00b1a5a6f67f #14159 build: fix llvm 17 and older
+ + macOS SDK 14.4 and newer
+
+ 5. `TargetConditionals.h` requires `sys/types.h`
+
+ Fixed in curl. It caused feature-detection failurs with autotools, and
+ could break builds in certain configurations.
+
+ e1f6192939c9c5ab2310b60bedf4c07d635193f6 #14130 configure: fix `SystemConfigu
+ ration` detection
+
+ 6. Differences between autotools and CMake compiler options
+
+ Fixed it by syncing compiler warning options.
+
+ 59cadacfcc1d39472245979cdbd614c7a9af6f0d #14128 build: sync warning options b
+ etween autotools, cmake & compilers
+
+ 7. Differences between autotools and CMake dependency detection
+
+ Fixed it by improving detection of libidn2, with some more fixes
+ pending for the next feature window.
+
+ f43adc2c4978f7f82a359e89186e58a31d17b0ad #14137 cmake: detect `libidn2` also
+ via `pkg-config`
+ Ref: #14136 cmake: detect `nghttp2` via `pkg-config`, enable by default
+
+ 8. libidn2 detection bug with CMake
+
+ Fixed the root cause and also the trigger in the CI config.
+
+ 764fbabf6ed4c1d36c0ab2033ac8df52d9923cd7 #14175 cmake: fix builds with detect
+ ed libidn2 lib but undetected header
+
+ 9. Suppressed compiler warnings inside Apple-specific curl code
+
+ Fixed these warnings, which allowed to stop silencing them.
+
+ b05dc7eb3592305de9fa85640767f3dd2a8d4c93 #14122 sectransp: fix `HAVE_BUILTIN_
+ AVAILABLE` checks to not emit warnings
+ 5fa534b0dacdc120aaab0766047e0ecac37be4b3 #14162 sectransp: fix clang compiler
+ warnings, stop silencing them
+
+ 10. CMake mis-detecting a CA bundle path on macOS
+
+ d2ef6255f4a040397d2f40ab7cbf65a203201cd9 #14182 cmake: sync CA bundle/path de
+ tection with autotools
+
+ 11. Failure to build tests with LibreSSL or wolfSSL with CMake
+
+ Fixed by dropping unnecessary includes, makign test builds dependent
+ on dependency headers.
+
+ 3765d75ce47b66289f946382b649d0e99389dc77 #14172 cmake: fix building `unit1600
+ ` due to missing `ssl/openssl.h`
+
+ 12. curl tests with CMake
+
+ curl's CMake was missing bits for running the C preprocessor accurately.
+ It made tests 1119 and 1167 fail. I implemented the missing bits.
+
+ efc2c5184d008fe2e5910fd03263e1ab0331d4e6 #14124 tests: include current direct
+ ory when running test Perl commands
+ c09db8b51b88ee6ad55bd637dcb4b47678e30906 #14129 cmake: create `configurehelp.
+ pm` like autotools does
+ 67cc1e3400b77536a3ca529c986247e1ef985e6e #14125 test1119: adapt for `.md` inp
+ ut
+
+ 13. GCC missing `__builtin_available()` support
+
+ curl source code assumes this is available to enable certain codepaths.
+ It's also intermixed with monotonic timer support.
+
+ 14. Monotonic timer support with GCC
+
+ Detected by GCC, while it probably shouldn't be. llvm/clang detects it
+ depending on target OS version. I've been playing with this, but so far
+ without a conclusion or fix.
+
+ 15. Runtime/test failures with GCC
+
+ I couldn't find the reason for most of this. A bunch of RTSP tests fail
+ with GCC. SecureTransport + HTTP/2 is failing a bunch of tests. With
+ OpenSSL it fails two of those. SecureTransport builds also fail one DoH
+ test.
+
+ 16. Runtime/test failure in llvm/clang
+
+ AppleIDN support received a fix with two more remaining.
+
+ fd0250869f7837e4a48d7e6f54cc0801ad3820e8 #14179 #14176 IDN: fix ß with Apple
+ IDN
+
+ 17. Other issues found and fixed while working on this:
+
+ 2c15aa5765900d4351e733671a1c8c3785beee1a GHA/macos: delete misplaced `
+ CFLAGS`, drop redundant CMake option
+ 80fb7c0bef209735ab352bf4afa31193a7bc65f1 #14126 configure: limit `SystemConfi
+ guration` test to non-c-ares, IPv6 builds
+ cfd6f43d6ca7e57670b422bab7bbf10221a2cf3e #14127 build: tidy up `__builtin_ava
+ ilable` feature checks (Apple)
+ bae555359979016999a9425a2d489f219a78abdd #14174 runtests: show name and keywo
+ rds for failed tests in summary
+ 09cdf7e5315711dea4ce7dcf5d99a4d41e7f658b #14178 cmake: delete unused `HAVE_LI
+ BSSH2`, `HAVE_LIBSOCKET` macros
+ d3595c74fab829f07ef44da1b7fc2f5668767020 #14186 configure: CA bundle/path det
+ ection fixes
+ 58772b0e082eda333e0a5fc8fb0bc7f17a3cd99c #14187 runtests: set `SOURCE_DATE_EP
+ OCH` to fix failing around midnight
+ 18f1cd7a77c4beecfd977d43f55634eb593ac99e #14183 tests: sync feature names wit
+ h `curl -V`
+ 4c22d97be786ed801e050da6872dd3143d6d0a59 #14181 build: use `#error` instead o
+ f invalid syntax
+
+ Pending merge:
+
+Daniel Stenberg (19 Jul 2024)
+
+- RELEASE-NOTES: synced
+
+Stefan Eissing (18 Jul 2024)
+
+- lib: send eos flag
+
+ Adds a `bool eos` flag to send methods to indicate that the data is the
+ last chunk the invovled transfer wants to send to the server.
+
+ This will help protocol filters like HTTP/2 and 3 to forward the
+ stream's EOF flag and also allow to EAGAIN such calls when buffers are
+ not yet fully flushed.
+
+ Closes #14220
+
+Bhanu Prakash (18 Jul 2024)
+
+- mbedtls: correct the error message for cert blob parsing failure
+
+ Closes #14224
+
+Daniel Stenberg (18 Jul 2024)
+
+- curldown: make 'added-in:' a mandatory header field
+
+ - generate AVAILABILITY manpage sections automatically - for consistent
+ wording
+
+ - allows us to double-check against other documumentation (symbols-in-version
+ s
+ etc)
+
+ - enables proper automation/scripting based on this data
+
+ - lots of them were wrong or missing in the manpages
+
+ - several of them repeated (sometimes mismatching) backend support info
+
+ Add test 1488 to verify "added-in" version numbers against
+ symbols-in-versions.
+
+ Closes #14217
+
+Stefan Eissing (18 Jul 2024)
+
+- doh: fix cleanup
+
+ When removing an easy handle that had DoH sub-easy handles going, those
+ were not removed from the multi handle. Their memory was reclaimed on
+ curl_easy_cleanup() of the owning handle, but multi still had them in
+ their list.
+
+ Add `Curl_doh_close()` and `Curl_doh_cleanup()` as common point for
+ handling the DoH resource management. Use the `multi` present in the doh
+ handles (if so), for removal, as the `data->multi` might already have
+ been NULLed at this time.
+
+ Reported-by: 罗朝辉
+ Fixes #14207
+ Closes #14212
+
+Daniel Stenberg (18 Jul 2024)
+
+- tests/scripts: call it 'manpage' (single word)
+
+ Mostly in comments
+
+ Closes #14216
+
+Alex Snast (18 Jul 2024)
+
+- http/3: resume upload on ack if we have more data to send
+
+ Currently we're waiting for sendbuf_len_in_flight to hit zero before
+ resuming upload which means we're blocking and waiting for _all_ acks to
+ arrive before sending more data. This causes significant delays especially
+ when ack delay is used on the server side.
+
+ The fix addresses several issues in h3 over ngtcp2:
+ - On ack we now call nghttp3_conn_resume_stream() when we have more
+ data to send.
+ - upload_left was incorrectly computed on CF_CTRL_DATA_DONE_SEND as
+ we need to subtract the ammount of data we have in flight.
+ - Remove upload_blocked_len as we Curl_bufq_write call will do the
+ right thing when called from cf_ngtcp2_send.
+
+ Fixes #14198
+ Closes #14209
+
+Daniel Stenberg (18 Jul 2024)
+
+- idn: make macidn fail before trying conversion if name too long
+
+ - double the max name length to 512 bytes
+
+ Closes #14215
+
+z2_ (18 Jul 2024)
+
+- idn: tweak buffer use when converting with macidn
+
+ Closes #14215
+
+Orgad Shaneh (18 Jul 2024)
+
+- lib: add failure reason on bind errors
+
+ Closes #14221
+
+Stefan Eissing (18 Jul 2024)
+
+- pytests: scorecard upload tests
+
+ - add upload tests to scorecard, invoke with
+ > python3 tests/http/scorecard.py -u h1|h2|h3
+ - add a reverse proxy setup from Caddy to httpd for
+ upload tests since Caddy does not have other PUT/POST handling
+ - add caddy tests in test_08 for POST/PUT
+ - increase read buffer in mod_curltest for larger reads
+
+ Closes #14208
+
+Viktor Szakats (18 Jul 2024)
+
+- runtests: fix newline glitch in FAIL details
+
+ Follow-up to bae555359979016999a9425a2d489f219a78abdd #14174
+
+- runtests: show name and keywords for failed tests in summary
+
+ Useful to see what the numbers listed in the `TESTFAIL:` and `IGNORED:`
+ lines mean. Also list test keywords to help catching failure patterns.
+
+ Example:
+ ```
+ FAIL 1034: 'HTTP over proxy with malformatted IDN host name' HTTP, HTTP GET,
+ HTTP proxy, IDN, FAILURE, config file
+ FAIL 1035: 'HTTP over proxy with too long IDN host name' HTTP, HTTP GET, HTTP
+ proxy, IDN, FAILURE
+
+ TESTFAIL: These test cases failed: 1034 1035
+ ```
+
+ Closes #14174
+
+Tal Regev (16 Jul 2024)
+
+- GHA/windows: add MSVC wolfSSL job with test
+
+ Fix the file of wolfssl.c because of this warning/error:
+ ```
+ curl\lib\vtls\wolfssl.c(1017,42): error C2220: the following warning is treat
+ ed as an error [curl\bld\lib\libcurl_object.vcxproj]
+ curl\lib\vtls\wolfssl.c(1017,42): warning C4267: 'function': conversion from
+ 'size_t' to 'unsigned long', possible loss of data [curl\bld\lib\libcurl_obje
+ ct.vcxproj]
+ ```
+
+ `size_t` in MSVC is different. Change it to `unsigned long` because
+ `wolfSSL_ERR_error_string_n` last argument is defined as
+ `unsigned long`.
+
+ Closes #14193
+
+Viktor Szakats (16 Jul 2024)
+
+- cmake: delete unused `HAVE_LIBSSH2`, `HAVE_LIBSOCKET` macros
+
+ - `HAVE_LIBSSH2`: unused in source. Not defined in CMake.
+
+ - `HAVE_LIBSOCKET`: unused in source. Used internally in CMake.
+
+ autotools sets them implicitly, so add them to the flag comparison
+ ignore-list.
+
+ Closes #14178
+
+- cmake: create `configurehelp.pm` like autotools does
+
+ Required by tests 1119 and 1167 to run a C preprocessor.
+
+ Tested OK: https://github.com/curl/curl/actions/runs/9915343826
+
+ Besides Apple, it also supports any gcc and clang builds, and MSVC.
+ For other platforms, it defaults to `cpp` (like autotools).
+
+ Follow-up to efc2c5184d008fe2e5910fd03263e1ab0331d4e6 #14124
+ Cherry-picked from #14097
+ Closes #14129
+
+- cmake: sync CA bundle/path detection with autotools
+
+ - skip the entire CA logic if no selected TLS backend support CA
+ certs/bundles.
+ Follow-up to 082bb41311a832ae1b83bb8fe1dfdefcf4e68ea5 #2545
+
+ - sync bundle path detection logic with `./configure`.
+
+ - fix to not auto-detect CA bundle/path on Windows.
+
+ - fix to reflect that BearSSL has CA bundle support.
+
+ - show the detected bundle path (as with the cert bundle).
+
+ - tidy up CMake syntax, fix typos in comments.
+
+ Closes #14182
+
+- configure: CA bundle/path detection fixes
+
+ - fix to not auto-detect CA bundle/path on Windows.
+
+ - two checks missed BearSSL, but they were only run for supported
+ TLS backends anyway. Delete these redundant checks.
+
+ - fix typos in a comment nearby.
+
+ Follow-up to 082bb41311a832ae1b83bb8fe1dfdefcf4e68ea5 #2545
+ Closes #14186
+
+- runtests: set `SOURCE_DATE_EPOCH` to fix failing around midnight
+
+ To make sure that `managen` called by test 1706 uses the same date as
+ the test expects in the `%DATE` macro.
+
+ Before this patch when tests started running before UTC midnight and
+ reached test 1706 after, these dates were different and the test failed.
+
+ Follow-up to 0e73b69b3dd6d174226c60406d3c4266754d70f8
+ Fixes #14173
+ Closes #14187
+
+- GHA/windows: verify 1448 2046 2047 in IDN Unicode jobs
+
+ These IDN tests pass with Unicode and fail without.
+
+ Follow-up to cb22cfca69bded45bf7f9c72c8e6764990490f11 #14077
+ Closes #14188
+
+- tests: sync feature names with `curl -V`
+
+ Some feature names used in tests had minor differences compared to
+ the well-known ones from `curl -V`. This patch syncs them to make test
+ results easier to grok.
+
+ Closes #14183
+
+Stefan Eissing (15 Jul 2024)
+
+- sendf: fix CRLF conversion of input
+
+ When CRLF line end conversion was enabled (--crlf), input after the last
+ newline in the upload buffer was not sent, if the buffer contained a
+ newline.
+
+ Reported-by: vuonganh1993 on github
+ Fixes #14165
+ Closes #14169
+
+- test2600: disable on win32
+
+ - disbable this test on WIN32 platforms. It uses the file describtor '1'
+ as valid socket without events. Not portable.
+ - reduce trace output somewhat on other runs
+
+ Fixes #14177
+ Reported-by: Viktor Szakats
+ Closes #14191
+
+- smtp: for starttls, do full upgrade
+
+ - make sure the TLS handshake after a successful STARTTLS command is
+ fully done before further sending/receiving on the connection.
+
+ Reported-by: tomy2105 on github
+ Fixes #14166
+ Closes #14190
+
+Daniel Stenberg (14 Jul 2024)
+
+- RELEASE-NOTES: synced
+
+Viktor Szakats (14 Jul 2024)
+
+- build: use `#error` instead of invalid syntax
+
+ It reduces configure log noise.
+
+ Follow-up to 20c1b2d75ee38189ffa75d21ed04108e1e0630ae #13287
+ Closes #14181
+
+Daniel Stenberg (14 Jul 2024)
+
+- libcurl-docs: make option lists alpha-sorted
+
+ The man pages for curl_easy_getinfo, curl_easy_setopt and
+ curl_multi_setopt now feature the lists of options alphabetically
+ sorted. Test 1139 verify that they are.
+
+ The curl_multi_setopt page also got brief explanations of the listed
+ options.
+
+ Closes #14156
+
+Christian Schmitz (14 Jul 2024)
+
+- IDN: fix ß with AppleIDN
+
+ Add flags UIDNA_NONTRANSITIONAL_TO_ASCII and
+ UIDNA_NONTRANSITIONAL_TO_UNICODE to encode ß correctly.
+
+ It fixes test 165.
+
+ Reported-by: Viktor Szakats
+ Bug: #14176
+ Closes #14179
+
+Viktor Szakats (14 Jul 2024)
+
+- cmake: fix builds with detected libidn2 lib but undetected header
+
+ It caused IDN to appear in `curl-config`, `libidn2` referenced from
+ `libcurl.pc`, fail to fallback to `pkg-config` detection. But libidn2
+ not actually used.
+
+ It came up in macOS CI builds after enabling cmake build tests. It
+ remained hidden for a while due to setting `-DUSE_APPLE_IDN=ON`.
+
+ (The half-detection of Homebrew libidn2 was the result of configuring
+ with `-DCMAKE_EXE_LINKER_FLAGS=-L$(brew --prefix)/lib`, to fix
+ linking GnuTLS that needs the `nettle` lib from the brew prefix.)
+
+ ```
+ FAIL 1014: [Compare curl --version with curl-config --features] curl-config
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9919357748/job/27405080722
+
+ Cherry-picked from #14097
+ Closes #14175
+
+- cmake: fix building `unit1600` due to missing `ssl/openssl.h`
+
+ In specific builds configs, cmake failed to build test `unit1600`,
+ due missing an OpenSSL (or wolfSSL) header.
+
+ The test code relies on `lib/curl_ntlm_core.h`, which in turn included
+ TLS library headers. But, dependency header directories are not setup
+ in cmake for tests, because they should not normally be needed.
+
+ The issue was hidden in most builds because TLS headers are usually
+ found under the system prefix. One counterexample is macOS + Homebrew
+ LibreSSL builds, where OpenSSL is purposefully unlinked from there to
+ avoid a mixup with LibreSSL that resides under its own prefix. It was
+ also hidden in autotools, possibly because it sets up header directories
+ globally, tests included.
+
+ The actual bug however is that `lib/curl_ntlm_core.h` should not include
+ TLS headers. None of its internal users need it, and `curl_ntlm_core.c`
+ included them already directly.
+
+ Fix it by deleting the TLS header includes from this internal header.
+
+ Fixes:
+ ```
+ In file included from curl/tests/unit/unit1600.c:27:
+ curl/lib/curl_ntlm_core.h:32:12: fatal error: 'openssl/ssl.h' file not found
+ # include <openssl/ssl.h>
+ ^~~~~~~~~~~~~~~
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9912684737/job/27388041520#ste
+ p:12:1694
+
+ Follow-up to 48eb71ade41d4b37f416b643063cab846ac027a2 #10322
+ Cherry-picked from #14097
+ Closes #14172
+
+- sectransp: fix clang compiler warnings, stop silencing them
+
+ Fix `-Wpointer-bool-conversion` warnings with the method suggested by
+ both Apple clang and mainline llvm. This was already tried and dropped
+ in #1705 (in year 2017), but the issue reported there no longer
+ replicates.
+
+ Verified with Apple clang 14, llvm 15, llvm 18 and gcc 11, 14 that the
+ generated objects are bit by bit identical before and after this patch.
+
+ Also:
+ - stop silencing `-Wtautological-pointer-compare`. This warning don't
+ seem to be appearing anymore (with or without this patch), at least
+ with the tested compilers and SDKs (clang 13.1.6-16.0.0beta, llvm 15,
+ 18, gcc 11, 14) and minimum macOS target of 10.8. Older targets fail
+ to build curl with SecureTransport.
+
+ - silence `-Wunreachable-code` for clang only. Previously I applied it
+ also to GCC, by mistake.
+ Ref: https://github.com/curl/curl/pull/12331/commits/8d7172d20a48ebc6c1b1d9
+ 4a76e2c5fb19dd9bfa
+
+ Apple clang `-Wpointer-bool-conversion`:
+ ```
+ curl/lib/vtls/sectransp.c:1103:6: error: address of function 'SSLCreateContex
+ t' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]
+ if(SSLCreateContext) { /* use the newer API if available */
+ ~~ ^~~~~~~~~~~~~~~~
+ curl/lib/vtls/sectransp.c:1103:6: note: prefix with the address-of operator t
+ o silence this warning
+ if(SSLCreateContext) { /* use the newer API if available */
+ ^
+ &
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9819538439/job/27113201384#ste
+ p:8:382
+
+ llvm `-Wpointer-bool-conversion`:
+ ```
+ curl/lib/vtls/sectransp.c:2663:8: error: address of function 'SSLCreateContex
+ t' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]
+ if(SSLCreateContext)
+ ~~ ^~~~~~~~~~~~~~~~
+ curl/lib/vtls/sectransp.c:2663:8: note: prefix with the address-of operator t
+ o silence this warning
+ if(SSLCreateContext)
+ ^
+ &
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9819538439/job/27113200291#ste
+ p:8:417
+
+ gcc still needs `-Waddress` suppressed to avoid these:
+ ```
+ curl/lib/vtls/n/sectransp.c: In function 'getsubject':
+ curl/lib/vtls/n/sectransp.c:379:6: warning: the address of 'SecCertificateCop
+ yLongDescription' will always evaluate as 'true' [-Waddress]
+ 379 | if(&SecCertificateCopyLongDescription)
+ | ^
+ [...]
+ ```
+
+ Follow-up to 59cadacfcc1d39472245979cdbd614c7a9af6f0d #14128
+ Follow-up to af271ce9b9717ba289417e9cbb7f278c2a12f959 #1722
+ Follow-up to 2b7ce3f56dfede107113c6de7d0ca457109d3eda #1706
+ Cherry-picked from #14097
+ Closes #14162
+
+- CI/circleci: config tidy-ups, bump up test parallelism
+
+ - bump parallel test for Linux jobs.
+ Credit-to: Dan Fandrich
+ Cherry-picked from #11510
+ - bump parallel test for macOS jobs.
+ - drop no longer necessary `-Wno-vla` option.
+ - fold long lines.
+ - drop `--enable-maintainer-mode` `./configure` option.
+ - replace a hard-coded prefix with `brew --prefix`.
+ - update documentation link.
+ - move `--enable-debug` in front.
+ - tidy up quotes.
+
+ Closes #14171
+
+- GHA/windows: re-add gsasl to MSVC jobs
+
+ Now that the package reached the CI runner image.
+
+ Follow-up to f99c08dba40307c07341013ff5f71fa8e3464ffc #14090
+ Follow-up to e26cbe20cbedbea0ca743dd33880517309315cb2 #13979
+
+ Closes #14170
+
+- tidy-up: adjust casing of project names
+
+ Mostly TLS/SSH project name.
+
+ Closes #14160
+
+Daniel Stenberg (12 Jul 2024)
+
+- ISSUE_TEMPLATE/docs: correct the field identifiers
+
+Stephen Farrell (12 Jul 2024)
+
+- doh: fix leak and zero-length HTTPS RR crash
+
+ This PR fixes a leak and a crash that can happen when curl encounters
+ bad HTTPS RR values in DNS. We're starting to do better testing of that
+ kind of thing and e.g. have published bad HTTPS RR values at
+ dodgy.test.defo.ie.
+
+ Closes #14151
+
+Daniel Stenberg (12 Jul 2024)
+
+- curl_global_init.md: polish the thread-safe wording
+
+ Since this has been thread-safe for two years now, few users actually
+ are hurt by the previous unsafe ways.
+
+ Closes #14158
+
+Viktor Szakats (12 Jul 2024)
+
+- GHA: FreeBSD 14.1, actions bump
+
+ - bump FreeBSD to 14.1
+
+ - update cross-platform-actions/action action to v0.25.0
+
+ Closes #14157
+ Closes #14164
+
+- build: fix llvm 17 and older + macOS SDK 14.4 and newer
+
+ Fixup faulty target macro initialization in macOS SDK since v14.4 (as of
+ 15.0 beta). The SDK target detection in `TargetConditionals.h` correctly
+ detects macOS, but fails to set the macro's old name `TARGET_OS_OSX`,
+ then continues to set it to a default value of 0. Other parts of the SDK
+ still rely on the old name, and with this inconsistency our builds fail
+ due to missing declarations. It happens when using mainline llvm older
+ than v18. Later versions fixed it by predefining these target macros,
+ avoiding the faulty dynamic detection. gcc is not affected (for now)
+ because it lacks the necessary dynamic detection features, so the SDK
+ falls back to a codepath that sets both the old and new macro to 1.
+
+ Also move the `TargetConditionals.h` include to the top of to make sure
+ including it also for c-ares builds, combined with SecureTransport or
+ other curl features that may call use an Apple SDK.
+
+ Before this patch, affected build combinations (e.g. in GHA runners,
+ llvm@15 + Xcode 15.3, 15.4, 16.0 with their default SDKs +
+ SecureTransport) fail with:
+ ```
+ error: use of undeclared identifier 'noErr'
+ or 'SecCertificateCopyLongDescription'
+ or 'SecItemImportExportKeyParameters'
+ or 'SecExternalFormat'
+ or 'SecExternalItemType'
+ or 'SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION'
+ ```
+
+ Example:
+ ```
+ curl/lib/vtls/sectransp.c:311:18: error: use of undeclared identifier 'noErr'
+ OSStatus rtn = noErr;
+ ^
+ curl/lib/vtls/sectransp.c:379:7: error: use of undeclared identifier 'SecCert
+ ificateCopyLongDescription'
+ if(&SecCertificateCopyLongDescription)
+ ^
+ curl/lib/vtls/sectransp.c:381:7: error: call to undeclared function 'SecCerti
+ ficateCopyLongDescription'; ISO C99 and later do not support implicit functio
+ n declarations [-Werror,-Wimplicit-function-declaration]
+ SecCertificateCopyLongDescription(NULL, cert, NULL);
+ ^
+ curl/lib/vtls/sectransp.c:380:25: error: incompatible integer to pointer conv
+ ersion assigning to 'CFStringRef' (aka 'const struct __CFString *') from 'int
+ ' [-Wint-conversion]
+ server_cert_summary =
+ ^
+ [...]
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9893867519/job/27330135969#ste
+ p:10:22
+
+ llvm v18 patches implementing the predefined macros:
+ https://github.com/llvm/llvm-project/pull/74676
+ https://github.com/llvm/llvm-project/commit/6e1f19168bca7e3bd4eefda50ba03eac8
+ 441dbbf
+ https://github.com/llvm/llvm-project/pull/82833
+ https://github.com/llvm/llvm-project/commit/e5ed7b6e2fd368b722b6359556cd01258
+ 81e7638
+
+ Cherry-picked from #14097
+ Closes #14159
+
+- macos: undo `availability` macro enabled by Homebrew gcc
+
+ Homebrew gcc builds starting with 12.4.0, 13.3.0 and 14.1.0 enabled
+ the `availability` attribute.
+
+ This broke builds because the way the Apple SDK uses attributes (when
+ available) are incompatible with how gcc accepts them. Causing these
+ errors:
+ ```
+ error: attributes should be specified before the declarator in a function d
+ efinition
+ error: expected ',' or '}' before
+ ```
+
+ Upstream commits implementing the `availability` macro:
+ gcc-12: https://github.com/iains/gcc-12-branch/commit/fd5530b7cb0012bf4faeddd
+ 45e13054a1dfa6783
+ gcc-13: https://github.com/iains/gcc-13-branch/commit/cb7e4eca68cfc4763474e2e
+ b0935a844458842a8
+ gcc-14: https://github.com/iains/gcc-14-branch/commit/ff62a108865a6403f501738
+ 0d7018250c1d3306f
+
+ The project above is a Darwin gcc compatibility pack, that is applied
+ to Homebrew gcc builds.
+
+ This patch works by redefining the `availability` macro to an invalid
+ value, making `__has_attribute(availability)` checks fail, stopping
+ Apple SDK from inserting the incompatible attributes.
+
+ It also replaces the previous, local workaround for `lib/macos.c`.
+
+ Example with gcc 12.4.0 with macOS SDK 14.0 (Xcode 15.0.1):
+ ```
+ In file included from <path-to-sdk>/MacOSX14.0.sdk/System/Library/Frameworks/
+ CoreFoundation.framework/Headers/CoreFoundation.h:54,
+ from <path-to-sdk>/MacOSX14.0.sdk/System/Library/Frameworks/
+ SystemConfiguration.framework/Headers/SCDynamicStoreCopySpecific.h:30,
+ from /Users/runner/work/curl/curl/lib/macos.c:33,
+ from /Users/runner/work/curl/curl/build/lib/CMakeFiles/libcu
+ rl_shared.dir/Unity/unity_0_c.c:244:
+ <path-to-sdk>/MacOSX14.0.sdk/System/Library/Frameworks/CoreFoundation.framewo
+ rk/Headers/CFUserNotification.h:126:1: error: attributes should be specified
+ before the declarator in a function definition
+ 126 | CF_INLINE CFOptionFlags CFUserNotificationCheckBoxChecked(CFIndex i)
+ API_AVAILABLE(macos(10.0)) API_UNAVAILABLE(ios, watchos, tvos) {return ((CFOp
+ tionFlags)(1UL << (8 + i)));}
+ | ^~~~~~~~~
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9787982387/job/27025351601?pr=
+ 14096#step:7:18
+
+ The gcc vs. llvm/clang incompatibility possibly tracked here upstream:
+ https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796
+ More info:
+ https://github.com/llvm/llvm-project/issues/81767
+ https://github.com/gcc-mirror/gcc/commit/8433baadec88e5f31fa141b6d78094e912
+ 56079d
+ https://discourse.llvm.org/t/changing-attribute-ast-printing-location-for-g
+ cc-compatibility/73215
+ https://reviews.llvm.org/D159362
+
+ Follow-up to db135f8d7207b20d531e7e2100a49f3e16bdcfab #14119
+ Ref: https://github.com/curl/curl/pull/14091#issuecomment-2222703468
+ Fixes #13700
+ Cherry-picked from #14097
+ Closes #14155
+
+Daniel Stenberg (11 Jul 2024)
+
+- ISSUE_TEMPLATE/docs: add a separate GitHub issue template for documentation
+
+ As such problems don't really fit the code related template
+
+ Closes #14161
+
+Dan Fandrich (11 Jul 2024)
+
+- DISTROS: add AlmaLinux package source link
+
+Viktor Szakats (11 Jul 2024)
+
+- GHA/windows: ignore FTP test results for old-mingw-w64 [ci skip]
+
+ Missed from previous commit. They are flaky here as well.
+
+ Follow-up to 0b81eccd22fb915aa6b679c0fd23a8a89332dc9e
+
+Daniel Stenberg (11 Jul 2024)
+
+- libcurl-easy.md: now *more* than 300 options
+
+ it previously said "almost 300".
+
+ Also cleaned up the language somewhat.
+
+ Closes #14153
+
+Martin Peck (10 Jul 2024)
+
+- MANUAL.md: wrap two example urls that overrun styling
+
+ Closes #14149
+
+renovate[bot] (10 Jul 2024)
+
+- GHA: update wolfSSL and mod_h2
+
+ - wolfSSL/wolfssl to v5.7.2
+ - icing/mod_h2 to v2.0.29
+
+ Closes #14131
+ Closes #14148
+
+Dominik Piątkowski (10 Jul 2024)
+
+- docs: start markdown headers with capital letter where applicable
+
+ Closes #14115
+
+CMD (10 Jul 2024)
+
+- hostip: skip error check for infallible function call
+
+ Closes #14147
+
+Daniel Stenberg (10 Jul 2024)
+
+- cf-socket: remove two "useless" assignments
+
+ 'nread' is already -1, no need to assign it again
+
+ Pointed out by CodeSonar
+
+ Closes #14145
+
+Viktor Szakats (10 Jul 2024)
+
+- cmake: detect `libidn2` also via `pkg-config`
+
+ Also:
+ - GHA/non-native: install `pkg-config` to detect libidn2 with cmake
+ on NetBSD and FreeBSD.
+ - GHA/non-native: tidy-up `curl --version` command if here.
+
+ Cherry-picked from #14097
+ Closes #14137
+
+- build: fix llvm 16 or older + Xcode 15 or newer, and gcc
+
+ Xcode v15 (2023) or newer requires the built-in macro
+ `__ENVIRONMENT_OS_VERSION_MIN_REQUIRED__`. This macro is missing from
+ mainline llvm versions released earlier. llvm v17 introduced it here:
+ https://github.com/llvm/llvm-project/commit/c8e2dd8c6f490b68e41fe663b44535a8a
+ 21dfeab
+
+ This patch defines the missing macro when the necessary conditions
+ align, by using the value via the macro's old name.
+
+ The issue affected SecureTransport builds: The SecureTransport code,
+ `lib/md4.c` and `lib/md5.c`.
+
+ Existing gcc versions (as of v14) also don't define this macro, so apply
+ the patch to it as well. Even though gcc is incompatible in other ways,
+ so this isn't fixing an actual curl build case that I could find yet.
+
+ GHA macOS runner images have llvm v15 pre-installed, which broke builds
+ when building with an affected Xcode:
+ ```
+ curl/lib/md4.c:80:14: error: '__ENVIRONMENT_OS_VERSION_MIN_REQUIRED__' is not
+ defined, evaluates to 0 [-Werror,-Wundef]
+ (__MAC_OS_X_VERSION_MIN_REQUIRED < 101500)) || \
+ ^
+ /Applications/Xcode_15.1.app/Contents/Developer/Platforms/MacOSX.platform/Dev
+ eloper/SDKs/MacOSX14.2.sdk/usr/include/AvailabilityInternal.h:40:53: note: ex
+ panded from macro '__MAC_OS_X_VERSION_MIN_REQUIRED'
+ #define __MAC_OS_X_VERSION_MIN_REQUIRED __ENVIRONMENT_OS_VERSION_
+ MIN_REQUIRED__
+ ^
+ In file included from curl/build/lib/CMakeFiles/libcurl_shared.dir/Unity/unit
+ y_0_c.c:250:
+ curl/lib/md5.c:75:14: error: '__ENVIRONMENT_OS_VERSION_MIN_REQUIRED__' is not
+ defined, evaluates to 0 [-Werror,-Wundef]
+ (__MAC_OS_X_VERSION_MIN_REQUIRED < 101500)) || \
+ ^
+ /Applications/Xcode_15.1.app/Contents/Developer/Platforms/MacOSX.platform/Dev
+ eloper/SDKs/MacOSX14.2.sdk/usr/include/AvailabilityInternal.h:40:53: note: ex
+ panded from macro '__MAC_OS_X_VERSION_MIN_REQUIRED'
+ #define __MAC_OS_X_VERSION_MIN_REQUIRED __ENVIRONMENT_OS_VERSION_
+ MIN_REQUIRED__
+ ^
+ 2 errors generated.
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9811974634/job/27095218578#ste
+ p:4:20
+
+ Cherry-picked from #14097
+ Closes #14134
+
+- build: tidy up `__builtin_available` feature checks (Apple)
+
+ - sync detection snippet between autotools and cmake
+ It wasn't causing issues, but it's useful to avoid unnecessary
+ differences while debugging.
+
+ - cmake: limit check to `APPLE`.
+
+ Ref: b05dc7eb3592305de9fa85640767f3dd2a8d4c93 #14122
+ Cherry-picked from #14097
+ Closes #14127
+
+- configure: limit `SystemConfiguration` test to non-c-ares, IPv6 builds
+
+ The framework this check detects is necessary for the function
+ `SCDynamicStoreCopyProxies()` used in `lib/macos.c`. Non-c-ares,
+ IPv6-enabled builds touch this codepath.
+
+ Limit the feature check for builds that actually need it.
+
+ It brings this in sync with CMake which already worked this way.
+
+ Cherry-picked from #14097
+ Closes #14126
+
+- configure: fix `SystemConfiguration` detection
+
+ Before this patch, `SystemConfiguration` detection failed due to this
+ error when compiling the detection snippet:
+ ```
+ /Applications/Xcode_15.3.app/Contents/Developer/Platforms/MacOSX.platform/Dev
+ eloper/SDKs/MacOSX.sdk/usr/include/TargetConditionals.h:140:50: error: missin
+ g binary operator before token "("
+ 140 | #if !defined(__has_extension) || !__has_extension(define_target_os_ma
+ cros)
+ | ^
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9821817534/job/27117929218#ste
+ p:6:1079
+
+ It occured with gcc-11 when combined with macOS SDK 14.4 and 14.5
+ (default SDKs in Xcode 15.3 and 15.4 respectively). It did not happen
+ with earlier releases.
+
+ Despite the failure in `./configure`, `lib/macos.c` compiled with
+ Apple's `TargetConditionals.h` just fine.
+
+ Turns out that including the `sys/types.h` header before the SDK
+ header fixes the error and makes the detection snippet compile.
+
+ Cherry-picked from #14097
+ Closes #14130
+
+- build: sync warning options between autotools, cmake & compilers
+
+ - cmake: enable Apple-specific `-Werror=partial-availability` to match
+ autotools.
+
+ - autotools: enable `-pedantic-errors` with llvm/clang to match gcc and
+ CMake.
+
+ - autotools: enable `-Werror-implicit-function-declaration` for
+ llvm/clang to match gcc.
+
+ - cmake: enable `-Werror-implicit-function-declaration` to match
+ autotools.
+
+ - move `-Wpointer-bool-conversion` from autotools to the local file
+ (`sectransp.c`) it was meant to apply. This way it applies to all
+ build methods.
+
+ - autotoos: show `CURL_CFLAG_EXTRAS` in the `./configure` summary.
+ (it may contain `-Werror` and/or `-pedentic-errors`.)
+
+ Cherry-picked from #14097
+ Closes #14128
+
+- CI: simplify running curl with DLLs
+
+ - update `PATH` instead of copying DLLs around.
+ - drop redundant `export` from `export PATH`.
+ - delete ending pathseps.
+
+ Closes #14143
+
+Alex Snast (9 Jul 2024)
+
+- wolfssl: use larger error buffer when formatting errors
+
+ Currently we're using WOLFSSL_MAX_ERROR_SZ to define the error buffer
+ size, this value is user defined which means it can be overwritten with
+ -DWOLFSSL_MAX_ERROR_SZ=512 when building wolfssl and this overwrite is
+ not exported to the users of wolfssl.
+
+ Instead of relying on WOLFSSL_MAX_ERROR_SZ we'll just use a 256 bytes
+ error buffer and use wolfSSL_ERR_error_string_n to fill it thus dropping
+ the dependency on WOLFSSL_MAX_ERROR_SZ altogether.
+
+ Closes #14114
+
+Viktor Szakats (9 Jul 2024)
+
+- CI: bump FreeBSD Python packages
+
+ Closes #14141
+
+- GHA/curl-for-win: don't run if only another CI was changed
+
+ Closes #14142
+
+Daniel Stenberg (9 Jul 2024)
+
+- RELEASE-NOTES: synced
+
+Stefan Eissing (9 Jul 2024)
+
+- vtls: replace addsessionid with set_sessionid
+
+ - deduplicate the code in many tls backends that check
+ for an existing id and delete it before adding the new one
+ - rename ssl_primary_config's `sessionid` bool to `cache_session`
+
+ Closes #14121
+
+Daniel Stenberg (9 Jul 2024)
+
+- test1175: scan libcurl-errors.md, not the generated .3 version
+
+ Closes #14133
+
+- test1139: scan .md files instead of .3 ones
+
+ As they are the canonical sources.
+
+ It still uses the curl.1 for command line option info.
+
+ Closes #14132
+
+Stefan Eissing (9 Jul 2024)
+
+- cf-socket: remove obsolete recvbuf
+
+ - recvbuf was never enabled, remove all its code
+ - remove `fdsave`ing the socket as that is not longer needed
+
+ Closes #14138
+
+Viktor Szakats (9 Jul 2024)
+
+- test1119: adapt for `.md` input
+
+ Replace logic dealing with `.3` files to handle the Markdown syntax.
+
+ Follow-up to eefcc1bda4bccd800f5a56a0fe17a2f44a96e88b #12730
+ Cherry-picked from #14097
+ Closes #14125
+
+- tests: include current directory when running test Perl commands
+
+ Necessary to find generated files in the out-of-tree build directory.
+ E.g. `tests/configurehelp.pm`, for tests 1119 and 1167.
+
+ Before this patch macOS autotools builds were failing these two tests
+ due to falling back to the default preprocessor (`cpp`) instead of
+ the actual one configured. Then `cpp` failing to compile Apple SDK
+ headers referenced by curl headers.
+
+ Cherry-picked from #14097
+ Closes #14124
+
+- configure: sort feature list, lowercase protocols, use backticks
+
+ - sort features case-insensitively to match `curl -V` and cmake.
+ `sort -f` is POSIX, but check if it's available anyway.
+
+ - make protocols lowercase to match `curl -V` and cmake.
+
+ - replace two outlier `$()` with backticks.
+
+ Closes #14117
+
+Yedaya Katsman (8 Jul 2024)
+
+- variable.md: make example use expand
+
+ I used double quotes since it seemed required for powershell, so this
+ example works in both (ba)sh and powershell as well as cmd.exe.
+
+ Closes #14118
+
+Andy Reitz (8 Jul 2024)
+
+- GIT-INFO.md: remove version requirements
+
+ Keep them in docs/INTERNALS.md
+
+ Bump lowest perl to 5.8
+
+ Closes #14112
+
+Viktor Szakats (8 Jul 2024)
+
+- sectransp: fix `HAVE_BUILTIN_AVAILABLE` checks to not emit warnings
+
+ `HAVE_BUILTIN_AVAILABLE` is a curl macro set via autotools and cmake.
+ Like other `HAVE_`s it signals availability if defined.
+
+ SecureTransport code was specifically looking for the value 1, which
+ triggered compiler warnings when the feature was not present.
+
+ Replace the existing workaround of locally suppressing the compiler
+ warning with using `defined()`.
+
+ autotools:
+ ```
+ 767 | #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILAB
+ LE == 1
+ | ^~~~~~~~~~~~~~~~~~
+ ~~~~
+ ../../lib/vtls/sectransp.c: In function 'sectransp_connect_step1':
+ ../../lib/vtls/sectransp.c:1140:52: error: "HAVE_BUILTIN_AVAILABLE" is not de
+ fined, evaluates to 0 [-Werror=undef]
+ 1140 | #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAIL
+ ABLE == 1
+ | ^~~~~~~~~~~~~~~~~~
+ ~~~~
+ ../../lib/vtls/sectransp.c:1240:52: error: "HAVE_BUILTIN_AVAILABLE" is not de
+ fined, evaluates to 0 [-Werror=undef]
+ 1240 | #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAIL
+ ABLE == 1
+ | ^~~~~~~~~~~~~~~~~~
+ ~~~~
+ ../../lib/vtls/sectransp.c: In function 'sectransp_connect_step2':
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9815428701/job/27104448045#ste
+ p:6:499
+
+ cmake gcc:
+ ```
+ 1140 | #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAIL
+ ABLE == 1
+ | ^~~~~~~~~~~~~~~~~~
+ ~~~~
+ /Users/runner/work/curl/curl/lib/vtls/sectransp.c:1240:52: error: "HAVE_BUILT
+ IN_AVAILABLE" is not defined, evaluates to 0 [-Werror=undef]
+ 1240 | #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAIL
+ ABLE == 1
+ | ^~~~~~~~~~~~~~~~~~
+ ~~~~
+ /Users/runner/work/curl/curl/lib/vtls/sectransp.c: In function 'sectransp_con
+ nect_step2':
+ /Users/runner/work/curl/curl/lib/vtls/sectransp.c:2231:51: error: "HAVE_BUILT
+ IN_AVAILABLE" is not defined, evaluates to 0 [-Werror=undef]
+ 2231 | #if(CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILA
+ BLE == 1
+ | ^~~~~~~~~~~~~~~~~~~
+ ~~~
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9815428701/job/27104445425#ste
+ p:8:355
+
+ Cherry-picked from #14097
+ Closes #14122
+
+- examples: suppress deprecation warnings locally
+
+ Simplify making clean builds by silencing deprecation warnings inside
+ the example code where these may occur.
+
+ Drop related build tweaks/comments from GHA jobs.
+
+ Example warning:
+ ```
+ curl/docs/examples/postit2-formadd.c:65:16: error: 'CURLFORM_COPYNAME' is dep
+ recated: since 7.56.0. Use curl_mime_name() [-Werror=deprecated-declarations]
+ 65 | CURLFORM_COPYNAME, "sendfile",
+ | ^~~~~~~~~~~~~~~~~
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9841099503/job/27166970904#ste
+ p:10:829
+
+ Closes #14123
+
+- GHA/macos: bump parallel tests to -j5
+
+ Credit-to: Dan Fandrich
+ Cherry-picked from #11510 #14097
+
+- GHA/windows: usability improvements
+
+ - move `curl --version` into separate step.
+
+ - move configure log to separate step. Run on success, too.
+
+ - add step with `curl_config.h` dump (full and brief/sorted).
+
+ - make `autoreconf` a separate step.
+
+ - add each job configuration a short name.
+
+ - shorten job names.
+ Dedupe/drop redundant info, introduce abbreviations:
+ AM = autotools, CM = CMake, U = Unicode, R = Release, not -> `!`, etc.
+ Instead of mentioning `debug`, mentioned when it's not.
+
+ - simplify `PATH` forming for MSVC jobs.
+ It's sufficient to add the release binary directory of vcpkg, the debug one
+ is redundant.
+ Follow-up to e26cbe20cbedbea0ca743dd33880517309315cb2 #13979
+
+ - other minor tidy-ups.
+
+ Closes #14116
+
+- GHA/macos: delete misplaced `CFLAGS`, drop redundant CMake option
+
+ With macOS there is a long-term struggle with deprecation warnings.
+ In curl they occur with LDAP, SecureTransport and in docs/examples.
+
+ There are three ways to fix them:
+ - by CFLAGS `-Wno-deprecated-declarations` as a workaround.
+ - by CFLAGS `-mmacosx-version-min` set to a version where the the
+ feature was not deprecated.
+ - by CMake option `-DCMAKE_OSX_DEPLOYMENT_TARGET=`.
+
+ In GHA CMake jobs, all three were used, and `-mmacosx-version-min` was
+ set in a bogus way. Delete that bogus option, and delete the lone,
+ redundant CMake option too.
+
+ In a future commit I might replace the suppression option to properly
+ setting the target OS.
+
+ Follow-up to dfdd978f7c60224dffe2aac25b436dc0a5cd0186 #13491
+ Cherry-picked from #14097
+
+- macos: add workaround for gcc, non-c-ares, IPv6, compile error
+
+ Apple macOS SDK 13.0 and later are increasingly incompatible with gcc,
+ which started causing CI errors with the 20240701.9 revision of the
+ `macos-latest` (= `macos-14-arm64`) runner image.
+
+ This error is happening inside an Apple SDK header. We use the header
+ for calling a function in a resolver-related hack, in non-c-ares, IPv6
+ builds. You can avoid the problem by using c-ares or disabling IPv6
+ (or using clang, llvm, or a compatible gcc + SDK combination).
+
+ This patch fixes affected builds by declaring the ncessary framework
+ function manually, and not including the problematic header.
+
+ This workaround is ugly, doesn't cover all combinations, and fragile.
+
+ Other options are to disable this resolver-related hack for GCC, or to
+ replace it with a solution that doesn't rely on Apple SDK.
+
+ If you are aware of a stable fix or workaround, let us know.
+
+ gcc 12.4.0 + macOS SDK 14.0 (Xcode 15.0.1) error example:
+ ```
+ In file included from /Applications/Xcode.app/Contents/Developer/Platforms/Ma
+ cOSX.platform/Developer/SDKs/MacOSX14.0.sdk/System/Library/Frameworks/CoreFou
+ ndation.framework/Headers/CoreFoundation.h:54,
+ from /Applications/Xcode.app/Contents/Developer/Platforms/Ma
+ cOSX.platform/Developer/SDKs/MacOSX14.0.sdk/System/Library/Frameworks/SystemC
+ onfiguration.framework/Headers/SCDynamicStoreCopySpecific.h:30,
+ from /Users/runner/work/curl/curl/lib/macos.c:33,
+ from /Users/runner/work/curl/curl/build/lib/CMakeFiles/libcu
+ rl_shared.dir/Unity/unity_0_c.c:244:
+ /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Develope
+ r/SDKs/MacOSX14.0.sdk/System/Library/Frameworks/CoreFoundation.framework/Head
+ ers/CFUserNotification.h:126:1: error: attributes should be specified before
+ the declarator in a function definition
+ 126 | CF_INLINE CFOptionFlags CFUserNotificationCheckBoxChecked(CFIndex i)
+ API_AVAILABLE(macos(10.0)) API_UNAVAILABLE(ios, watchos, tvos) {return ((CFOp
+ tionFlags)(1UL << (8 + i)));}
+ | ^~~~~~~~~
+ /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Develope
+ r/SDKs/MacOSX14.0.sdk/System/Library/Frameworks/CoreFoundation.framework/Head
+ ers/CFUserNotification.h:127:1: error: attributes should be specified before
+ the declarator in a function definition
+ 127 | CF_INLINE CFOptionFlags CFUserNotificationSecureTextField(CFIndex i)
+ API_AVAILABLE(macos(10.0)) API_UNAVAILABLE(ios, watchos, tvos) {return ((CFOp
+ tionFlags)(1UL << (16 + i)));}
+ | ^~~~~~~~~
+ /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Develope
+ r/SDKs/MacOSX14.0.sdk/System/Library/Frameworks/CoreFoundation.framework/Head
+ ers/CFUserNotification.h:128:1: error: attributes should be specified before
+ the declarator in a function definition
+ 128 | CF_INLINE CFOptionFlags CFUserNotificationPopUpSelection(CFIndex n) A
+ PI_AVAILABLE(macos(10.0)) API_UNAVAILABLE(ios, watchos, tvos) {return ((CFOpt
+ ionFlags)(n << 24));}
+ | ^~~~~~~~~
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9787982387/job/27025351601?pr=
+ 14096#step:7:18
+
+ The exact conditions are fuzzy. Oddly enough gcc 12.3.0 and the SDK
+ same as above are _compatible_:
+ https://github.com/curl/curl/actions/runs/9791701214/job/27036037162
+
+ Also notice that similar errors can also happen in SecureTransport
+ builds, due to the SDK headers required.
+
+ Ref: https://github.com/curl/curl/pull/14097#issuecomment-2208639046
+ Ref: https://github.com/curl/curl/pull/14091#issuecomment-2205870854
+ Cherry-picked from #14097
+ Closes #14119
+
+- cmake: feature casing fix and tidy-ups
+
+ - fix casing of a feature (`Unicode`) in the feature list.
+ - sort TLS backends case-insensitively.
+ - sync feature/protocol list heading with `curl -V` and autotools.
+
+ Closes #14120
+
+- GHA: ignore FTP test result in Windows jobs
+
+ They are flaky.
+
+ E.g.:
+ - old-mingw-w64 7.3.0: 2001, 2039, 2083
+ - msvc: 1501, 593 (multiple)
+
+ Ref: https://github.com/curl/curl/pull/13599#issuecomment-2119372376
+ Cherry-picked from #14116
+
+- GHA: improve vcpkg cache, add BoringSSL ECH and LibreSSL MSVC jobs
+
+ - cache on a per-package basis.
+ Replace manual caching with a built-in solution. It shares cached
+ package builds between jobs, e.g. libssh2 only builds once
+ per platform (instead of once per job). Individual packages are built
+ as needed (not the whole per-job tree). It also fixes the duplicate
+ cache entry issues.
+ Ref: https://learn.microsoft.com/en-us/vcpkg/consume/binary-caching-github-
+ actions-cache
+ Follow-up to e26cbe20cbedbea0ca743dd33880517309315cb2 #13979
+ Follow-up to cb22cfca69bded45bf7f9c72c8e6764990490f11 #14077
+
+ - add BoringSSL job with ECH enabled. The first such job in the curl CI.
+
+ - add LibreSSL job.
+
+ - use vcpkg pre-installed on the runner image, instead of rolling our
+ own. This is quicker, simpler and more robust.
+ Follow-up to e26cbe20cbedbea0ca743dd33880517309315cb2 #13979
+
+ - show pre-installed vcpkg and ports version.
+
+ - drop `gsasl` dependency till it reaches the pre-installed vcpkg ports.
+
+ - re-add `find .` to see the binaries generated.
+
+ - simplify setting up `PATH`.
+
+ - exclude failing tests for any job enabling WinIDN.
+
+ - drop collecting and uploading log archives. We already dump CMake
+ logs, and our build doesn't use Ninja. Rest of files weren't generated
+ by the curl build. We don't aim to debug vcpkg package builds.
+
+ Closes #14090
+
+Tal Regev (7 Jul 2024)
+
+- GHA: add MSVC UWP job, expand jobs with more options
+
+ - add new dependencies: brotli, libpsl (requires libicu2) and gsasl.
+
+ - enable WinIDN in a job. Exclude failing tests.
+
+ - add UWP job and fix the build logic to support it.
+
+ - increase timeouts to build the new dependencies.
+
+ Assisted-by: Viktor Szakats
+ Closes #14077
+
+Dan Fandrich (6 Jul 2024)
+
+- tests: fix sshd UserKnownHostsFile path for MinGW/Cygwin
+
+ This is the same thing as the previous commit fd194f46 but on the next
+ line.
+
+ Follow-up to 70d2fca2
+
+ Ref: #10818
+
+- tests: fix sshd IdentityFile path for MinGW/Cygwin
+
+ This was missed during some refactoring more than a year ago and is
+ causing a warning "Use of uninitialized value $path in pattern match".
+
+ Follow-up to 70d2fca2
+
+ Ref: #10818
+ Closes #14113
+
+Viktor Szakats (7 Jul 2024)
+
+- build: add Debug, TrackMemory, ECH to feature list
+
+ Also:
+
+ - remove stray `ECH` and `HTTPSRR` from cmake protocol list.
+
+ - stop excluding `Debug` and `TrackMemory` in `test1013.pl`.
+
+ - configure: delete `CURL_CHECK_CURLDEBUG` check.
+ Ref: 065047dc62cba3efde597fa5420d112fc2f4c500
+ This check was effectively doing nothing, except disabling
+ `--enable-curldebug` in `curl-config` for
+ Cygwin/MSYS/cegcc/OS2/AIX targets with c-ares enabled.
+
+ Closes #14096
+
+Dan Fandrich (5 Jul 2024)
+
+- CI: bump the libc6 on the linux-old build
+
+ This contains some security fixes for nscd.
+
+Viktor Szakats (6 Jul 2024)
+
+- reuse: fix typo in comment
+
+ Follow-up to 9104bad82004d908e1fe66a425f8ca78f975045d #14107
+
+Dan Fandrich (5 Jul 2024)
+
+- CI: Fix typo in comment
+
+- curl: follow-up to fix categories in --help
+
+ The commit 6483813b was missing changes necessitated by 2abfc75 that
+ causes a crash. Also, use ARRAYSIZE() for cleaner code.
+
+ Follow-up to 6483813b
+
+ Ref #14055
+
+- curl: list categories in --help
+
+ This eliminates the need to run an extra help subcommand to get the
+ possible categories, reducing the friction in getting relevant help. The
+ help wording was also slightly tweaked for grammatical accuracy.
+
+ Closes #14055
+
+Daniel Stenberg (5 Jul 2024)
+
+- RELEASE-NOTES: synced
+
+renovate[bot] (5 Jul 2024)
+
+- GHA: update actions/upload-artifact and actions/download-artifact
+
+ update actions/upload-artifact digest to 0b2256b
+ update actions/download-artifact digest to fa0a91b
+
+ Closes #14111
+ Closes #14110
+
+Max Mehl (5 Jul 2024)
+
+- reuse: switch to REUSE 3.2 and REUSE.toml
+
+ - remove scripts/copyright.pl
+
+ Closes #14107
+
+Yedaya Katsman (5 Jul 2024)
+
+- curl: move more options to deprecated category
+
+ --no-npn, --sslv2, --sslv3
+
+ Closes #14109
+
+Stefan Eissing (5 Jul 2024)
+
+- multi: pollset assertion only when IP connected
+
+ Give warning for an empty pollset only when the connection has at least
+ IP connectivity. There are cases where the connect in QUIC makes another
+ attempt on a timeout and no socket will be available during that.
+
+ Closes #14108
+
+Daniel Stenberg (5 Jul 2024)
+
+- cmdline-opts: category cleanup
+
+ Option cleanups:
+
+ --get is not upload
+ --form* are post
+ - added several options into ldap, smtp, imap and pop3
+ - shortened the category descriptions in the list
+
+ category curl fixes:
+
+ --create-dirs removed from 'curl'
+ --ftp-create-dirs removed from 'curl'
+ --netrc moved to 'auth' from 'curl'
+ --netrc-file moved to 'auth' from 'curl'
+ --netrc-optional moved to 'auth' from 'curl'
+ --no-buffer moved to 'output' from 'curl'
+ --no-clobber removed from 'curl'
+ --output removed from 'curl'
+ --output-dir removed from 'curl'
+ --remove-on-error removed from 'curl'
+
+ Add a "global" category:
+
+ - Made all "global" options set this category
+
+ Add a "deprecated" category:
+
+ - Moved the deprecated options to it (maybe they should not be in any
+ category long term)
+
+ Add a 'timeout' category
+
+ - Put a number of appropriate options in it
+
+ Add an 'ldap' category
+
+ - Put the LDAP related option in there
+
+ Remove categories "ECH" and "ipfs"
+
+ - They should not be categories. Had only one single option each.
+
+ Remove category "misc"
+
+ - It should not be a category as it is impossible to know when to browse
+ it.
+
+ --use-ascii moved to ftp and output
+ --xattr moved to output
+ --service-name moved to auth
+
+ Managen fixes:
+
+ - errors if an option is given a category name that is not already setup
+ for in code
+
+ - verifies that options set `scope: global` also is put in category
+ `global´
+
+ Closes #14101
+
+Stefan Eissing (5 Jul 2024)
+
+- GHA: configure OpenSSL's libdir as 'lib' only
+
+ Also mention in HTTP3.md
+
+ OpenSSL has a bug that messes the config `--libdir=path` to become the
+ wrong path in its pkgconfig files. If we just pass `--libdir=lib` it
+ should avoid this.
+
+ Ref: #14099
+ See also: https://github.com/openssl/openssl/issues/23569
+
+ Closes #14102
+
+Daniel Stenberg (5 Jul 2024)
+
+- tool_operate: simplify return code handling from url_proto()
+
+ The additional checks were superfluous as it would only ever return
+ error if one of those protocols were set. Also: a returned error
+ *should* mean get out of there, without having to check more conditions.
+
+ Closes #14104
+
+- tool_operate: check for --disable case *sensitively*
+
+ curl command line options are specified with the correct casing or they
+ don't match
+
+ Closes #14103
+
+Stefan Eissing (4 Jul 2024)
+
+- transfer: avoid polling socket every transfer loop
+
+ Improve download performance, minimal effort.
+
+ Do not poll the socket for pending data every transfer loop iteration.
+ This gives 10-20% performance gains on large HTTP/1.1 downloads (on my
+ machine).
+
+ Closes #14098
+
+Viktor Szakats (4 Jul 2024)
+
+- tests: delete `CharConv` remains
+
+ Closes #14100
+
+- GHA: bump macOS CMake job parallelism to 4 (nproc+1) [ci skip]
+
+ To match autotools ones and the rest of workflows.
+
+ Follow-up to 464282ddfb214917be3d143c035f178f3b77f209 #13807
+
+Yedaya Katsman (4 Jul 2024)
+
+- help: add flags to output and ssh categories
+
+ - Add --output, --remove-on-error, --output-dir and --created-dirs to
+ the output help category
+
+ - Add --hostpubmd5, --hostpubsha256, --insecure (-k), and --pubkey to
+ the ssh help category
+
+ Closes #14076
+
+Stefan Eissing (4 Jul 2024)
+
+- TODO: remove item about 'SSL_peak'
+
+ GnuTLS todo item about using an equivalent of `SSL_peak()`, which
+ nicely escaped the word checks, is no longer relevant.
+
+ We do not use `SSL_peek()` anymore since connection filters were
+ introduced.
+
+ Closes #14091
+
+renovate[bot] (4 Jul 2024)
+
+- GHA: update dependency gnutls/gnutls to v3.8.6
+
+ Closes #14094
+
+- GHA: update fsfe/reuse-action action to v4
+
+ Closes #14095
+
+Viktor Szakats (3 Jul 2024)
+
+- GHA: Windows job exclusions tweaks
+
+ - disable SMTP tests in MSYS2/mingw-w64 and MSVC jobs.
+ On the suspicion of sometimes hanging:
+ https://github.com/curl/curl/actions/runs/9346162475/job/25720437944?pr=138
+ 55#step:14:2838
+ https://github.com/curl/curl/actions/runs/9758011305/job/26931678639?pr=140
+ 84#step:14:2834
+ https://github.com/curl/curl/actions/runs/9774468536/job/26982805294#step:1
+ 1:4731
+
+ - run TFTP, MQTT, WebSockets tests in MSYS2/msys jobs again.
+
+ - switch hanging old-mingw-w64 7.3.0 job to Release (from Debug).
+ Guessing here, 9.5.0 is more solid, and one difference is
+ Debug/Release mode. Let's match 7.3.0 with that and see how it changes
+ hangs and flakiness.
+ The other difference is Unicode ON in 7.3.0. Flaky 6.3.0 was also
+ Debug, with Unicode OFF:
+ 217878bade884202ee5fb2e80186c5fd130392e8 #13566.
+ (Unicode unlikely to play a role here IMO.)
+ If 7.3.0 keeps hanging / remains flaky I'll consider disabling its
+ test runs.
+
+ - opt-out from vcpkg telemetry.
+
+ Ref: https://github.com/curl/curl/pull/13599#issuecomment-2119372376
+ Closes #14085
+
+renovate[bot] (3 Jul 2024)
+
+- Dockerfile: update debian:bookworm-slim to 39868a6
+
+ Closes #14083
+
+Daniel Stenberg (3 Jul 2024)
+
+- FEATURES.md: refresh
+
+ - added lots of missing stuff
+ - rearranged a little
+ - remove all footnotes
+
+ Closes #14086
+
+- RELEASE-NOTES: synced
+
+- curl_easy_perform.md: call it network transfer, not file transfer
+
+Viktor Szakats (2 Jul 2024)
+
+- winbuild: MS-DOS batch tidy-ups
+
+ - prefer `.bat` extension over `.cmd` for MS-DOS batch, which also
+ avoids confusion with OS/400 `.cmd` files.
+ - cleanup `echo` quotes, drop them consistently.
+ - delete empty output line from one of the error branches.
+ - prefer lowercase commands like the rest of MS-DOS batches.
+ - delete a contraction.
+ - drop backticks from error message.
+ - use `nmake.exe` consistently.
+ - use equal/not-equal operator style consistently.
+ - inline a single-line `if` branch.
+ - delete exceptions and rules dealing with Windows `.cmd` extension.
+
+ Closes #14084
+
+Stefan Eissing (2 Jul 2024)
+
+- multi: fix pollset during RESOLVING phase
+
+ - add a DEBUGASSERT for when a transfer's pollset should not be empty.
+ - move write unpausing from transfer loop into curl_easy_pause. This
+ make sure that the url_updatesocket() finds the correct state when
+ updating socket events.
+ - fix HTTP/2 proxy during connect phase to set sockets correctly
+ - fix test2600 to simulate a socket set
+ - move write unpausing from transfer loop into curl_easy_pause. This
+ make sure that the url_updatesocket() finds the correct state when
+ updating socket events.
+ - waiting for the resolver to deliver might not involve any sockets to
+ wait for. Do not generate a warning.
+
+ Fixes #14047
+ Closes #14074
+
+Daniel Stenberg (2 Jul 2024)
+
+- cmdline-opts: shorten six help texts
+
+ o --location-trusted
+ o --next
+ o --parallel-immmediate
+ o --pinnedpubkey
+ o --proxy-pass
+ o --proxy-ssl-allow-beast
+
+ Closes #14075
+
+- managen: fix removing backticks from subtitles
+
+ It erroneously removed them from the wrong variable.
+
+ Closes #14081
+
+Viktor Szakats (2 Jul 2024)
+
+- cmake: show protocols, then features
+
+ To match the order used by `curl -V` and `./configure`.
+
+ Closes #14082
+
+- cmdline-docs: fix `--proxy-ca-native` example + tidy-ups
+
+ Also:
+ - fix an indentation.
+ - fix capitalized option in comment.
+
+ Closes #14078
+
+- cmake: sync protocol/feature list with `curl -V` output
+
+ - sort features case-insensitively.
+ Requires CMake v3.13.0.
+ Follow-up to 0f26abeef1dd1d1a02f8e12dbc3d51e73e9d2e9c #14063
+
+ - convert protocol list to lowercase.
+ But leave it uppercase in `curl-config`.
+
+ Closes #14066
+
+- GHA/badwords.yml: fixup indent for yamllint [ci skip]
+
+renovate[bot] (1 Jul 2024)
+
+- GHA: update dependency awslabs/aws-lc to v1.31.0
+
+ Closes #14080
+
+Daniel Stenberg (1 Jul 2024)
+
+- GHA/badwords.yml: check source code wording
+
+ Closes #14073
+
+- code: language cleanup in comments
+
+ Based on the standards and guidelines we use for our documentation.
+
+ - expand contractions (they're => they are etc)
+ - host name = > hostname
+ - file name => filename
+ - user name = username
+ - man page => manpage
+ - run-time => runtime
+ - set-up => setup
+ - back-end => backend
+ - a HTTP => an HTTP
+ - Two spaces after a period => one space after period
+
+ Closes #14073
+
+Yedaya Katsman (1 Jul 2024)
+
+- docs: add RELEASE-TOOLS.md.dist to .gitignore
+
+ Closes #14079
+
+Viktor Szakats (1 Jul 2024)
+
+- libcurl.pc: add more `Requires.private`/`Requires` dependencies
+
+ - add `libmsh3` reference from cmake and autotools.
+
+ - add `mit-krb5-gssapi` reference from cmake.
+
+ It leaves GSS not set from autotools. The handling of heimdal in cmake
+ is fuzzy, that's probably missing too.
+
+ Follow-up to f057de5a1a950a90d1920021db152a4b695f1a8a #13911
+ Closes #14072
+
+- cmake: improve wolfSSL detection
+
+ - support detecting wolfSSL via pkg-config (like autotools.)
+
+ - detect wolfSSL version.
+
+ - detect `HAVE_WOLFSSL_DES_ECB_ENCRYPT`.
+ (needs e.g. `--enable-curl` when building wolfSSL)
+
+ - detect `HAVE_WOLFSSL_FULL_BIO` and enable HTTPS-proxy feature.
+ (needs e.g. `--enable-opensslall` when building wolfSSL)
+
+ - fix to show `HTTPS-proxy` in cmake feature list.
+ Ref: 55807e6c056f27846d70cec70ee6ac3f0e5b3bbe #9962
+
+ - fix to show `NTLM` in cmake feature list.
+
+ - fix to show `smb` and `smbs` in cmake protocol list.
+
+ - add wolfSSL CMake job to GHA (for macOS).
+
+ - fix mqtt and wolfSSL symbol clash.
+ ```
+ ./curl/lib/mqtt.c: In function 'mqtt_doing':
+ ./curl/lib/mqtt.c:746:17: error: declaration of 'byte' shadows a global dec
+ laration [-Werror=shadow]
+ 746 | unsigned char byte;
+ | ^~~~
+ /opt/homebrew/Cellar/wolfssl/5.7.0_1/include/wolfssl/wolfcrypt/types.h:85:3
+ 6: note: shadowed declaration is here
+ 85 | typedef unsigned char byte;
+ | ^~~~
+ ```
+
+ - format `FindWolfSSL.cmake` closer to neighbours.
+
+ Closes #14064
+
+Daniel Stenberg (1 Jul 2024)
+
+- curl_url_set: elaborate on scheme guessing
+
+ Explain a little more and refer to the CURLU_NO_GUESS_SCHEME flag
+ for getting scheme or URL.
+
+ Closes #14071
+
+- docs: misc language polish
+
+ - CURLINFO_FILETIME*: improve language
+ - add '32bit' and '64bit' as bad words, use 32-bit and 64-bit
+ - mksymbolsmanpage.pl: avoid "will"
+
+ Closes #14070
+
+- curl_easy_escape: elaborate a little on encoding a URL
+
+ Closes #14069
+
+Viktor Szakats (1 Jul 2024)
+
+- cmake: fix feature and protocol lists for SecureTransport
+
+ NTLM was missing from the features list, and SMB/SMBS from
+ the protocols list in SecureTransport builds.
+
+ Follow-up to 76a9c3c4be10b3d4d379d5b23ca76806bbae536a #3619
+
+ Reported-by: Tal Regev
+ Bug: https://github.com/curl/curl/pull/13963#issuecomment-2178791390
+ Closes #14065
+
+Daniel Stenberg (1 Jul 2024)
+
+- curl_str[n]equal.md: tidy up text to make them stand-alone
+
+ Previously this was one single manpage for two functions but as they are
+ two separate ones since a while back, they should each clearly document
+ their single specific functions.
+
+ Follow-up to eefcc1bda4bc
+
+ Closes #14068
+
+- RELEASE-NOTES: synced
+
+Tal Regev (30 Jun 2024)
+
+- GHA: use vcpkg to install packages for MSVC jobs
+
+ - enable new dependencies for existing jobs.
+
+ - add cache for vcpkg packages.
+
+ - tidy-up CMake options and environment for vcpkg.
+
+ Closes #13979
+
+Daniel Stenberg (30 Jun 2024)
+
+- curl_mprintf.md: add missing comma
+
+- CURLOPT_TLSAUTH_PASSWORD/USERNAME.md: language fixups
+
+ - relies *on* TLS SRP
+ - *for* the specific TLS backends
+
+ Closes #14061
+
+- docs/libcurl: polish the single-line descriptions
+
+ - use imperative form
+ - use lowercase
+ - no period
+ - unify some phrases
+ - fix curl_multi_socket and curl_multi_socket_all to keep their own
+ descriptions
+
+ Closes #14062
+
+Viktor Szakats (30 Jun 2024)
+
+- cmake: alpha-sort feature list
+
+ Like autotools does.
+
+ Closes #14063
+
+renovate[bot] (29 Jun 2024)
+
+- GHA: update github/codeql-action digest to b611370
+
+ Closes #14058
+
+Tatsuhiro Tsujikawa (29 Jun 2024)
+
+- vquic: fix UDP_GRO struct cmsghdr data type
+
+ The data type for UDP_GRO in struct cmsghdr is int. Limit the usage of
+ UDP_GRO to linux only because it is not portable.
+
+ Closes #14056
+
+Sertonix (29 Jun 2024)
+
+- mk-ca-bundle.pl: delay 'curl -V' execution until it is needed
+
+ Avoid an `Can't exec "curl"` message when curl is not actually needed.
+
+ Closes #14060
+
+Daniel Stenberg (29 Jun 2024)
+
+- src/Makefile.am: remove SUBDIRS assignment
+
+ It was once used to continue into ../docs but is just leftovers now.
+
+ Closes #14054
+
+z2_ (28 Jun 2024)
+
+- x509asn1: remove superfluous free()
+
+Stefan Eissing (28 Jun 2024)
+
+- ngtcp2+quictls: fix cert-status use
+
+ - add test for --cert-status on all http versions
+
+ Reported-by: Dexter Gerig
+ Fixes #14049
+ Closes #14050
+
+Daniel Stenberg (28 Jun 2024)
+
+- RELEASE-PROCEDURE.md: update release date
+
+- managen: insert final .fi for files ending with a quote
+
+ When an individual file ended with a quote (typically an example), the
+ render function would return without ending the quote correctly with a
+ ".fi" (fill in) in the manpage output.
+
+ This made the additional text provided below to render wrongly.
+
+ Closes #14048
+
+Junho Choi (28 Jun 2024)
+
+- quic: update to quiche 0.22.0
+
+ quiche 0.22.0 will set SONAME in libquiche.so (libquiche.so.0) for
+ linux/BSDs. Install a symlink with SONAME.
+
+ Closes #14030
+ Closes #14046
+
+Daniel Stenberg (28 Jun 2024)
+
+- managen: introduce "Multi: per-URL"
+
+ For -O, -o and -T that are used once per specified URL.
+
+ Closes #14045
+
+- quiche: fix operand of ‘?:’ changes signedness
+
+ ... from ‘int’ to ‘curl_uint64_t’
+
+ Closes #14041
+
+- GHA: add --enable-werror to the quiche job
+
+ Closes #14041
+
+- KNOWN_BUGS: three new bugs
+
+ These have lingered in the issue tracker for a long time without action.
+ We don't expect any fixes in the near term either. Move them to the
+ KNOWN_BUGS document.
+
+ Closes #12177
+ Closes #12171
+ Closes #13350
+
+ Closes #14042
+
+Viktor Szakats (27 Jun 2024)
+
+- CI: add whitespace checker
+
+ Fix issues detected.
+
+ Also:
+
+ - One of the `.vc` files used LF EOLs, while the other didn't.
+ Make that one also use LF EOLs, as this is apparently supported by
+ `nmake`.
+
+ - Drop `.dsw` and `.btn` types from `.gitattributes`.
+ The repository doesn't use them.
+
+ - Sync section order with the rest of files in
+ `tests/certs/EdelCurlRoot-ca.prm`.
+
+ - Indent/align `.prm` and `.pem` files.
+
+ - Delete dummy `[something]` section from `.prm` and `.pem` files.
+
+ Mental note:
+ MSVC `.sln` files seem to accept spaces for indentation and also support
+ LF line-endings. I cannot test this and I don't know what's more
+ convenient when updating them, so left them as-is, with specific
+ exclusions.
+
+ Closes #14031
+
+- CI: fix typo in job name
+
+ Closes #14040
+
+Stefan Eissing (27 Jun 2024)
+
+- tests/httpd: adjust ReadBufferSize for better performance
+
+ - list httpd and caddy versions in scorecard run
+
+ Closes #14039
+
+Daniel Stenberg (27 Jun 2024)
+
+- runtests: fix %VERNUM
+
+ It needs to be set to the leading digits and dots only, so that the
+ `-[date]` suffix strings are not included, as those used in the daily
+ snapshots.
+
+ Fixes #14035
+ Reported-by: Marcel Raad
+ Closes #14036
+
+Philip Heiduck (27 Jun 2024)
+
+- CI/synopsis.yml: run on `.md` files
+
+ Reported-by: Viktor Szakats
+ Fixes #14032
+ Closes #14037
+
+Daniel Stenberg (27 Jun 2024)
+
+- verify-synopsis.pl: work with .md files
+
+ Ref: #14037
+ Closes #14038
+
+- conncache: done always evaluates to false
+
+ Follow-up to c9b95c0bb30f88bf00e1ac
+
+ Spotted by CodeSonar
+
+ Reviewed-by: Stefan Eissing
+ Closes #14034
+
+- lib: add a few DEBUGASSERT(data) to aid code analyzers
+
+ ... where 'data' is assumed to always work.
+
+ Closes #14033
+
+- RELEASE-NOTES: synced
+
+Viktor Szakats (26 Jun 2024)
+
+- tidy-up: use `/usr/bin/env perl` shebang
+
+ Most Perl scripts already used it. Sync up the few outliers.
+
+ Closes #14029
+
+Stefan Eissing (26 Jun 2024)
+
+- quic: openssl quic, cmake and doc version update to 3.3.0
+
+ Closes #14028
+
+- http/3: add shutdown support
+
+ - openssl-quic shutdown handling
+ - ngtcp2 shutdown handling
+ - quiche shutdown handling
+ - add test_19_06 for verfication
+
+ Reported-by: Dexter Gerig
+ Closes #14027
+ Fixes #14022
+
+Daniel Stenberg (26 Jun 2024)
+
+- tests: verify managen
+
+ 1705: verifies the manpage output
+
+ 1706: verifies the ascii output
+
+ Closes #14025
+
+- runtests: support %DATE for YYYY-MM-DD of right now
+
+- runtests: support %VERNUM
+
+ For the plain version number of the built curl without -DEV etc. Only
+ digits and dots.
+
+- managen: only output .RE for manpage output
+
+ For ascii they are just rubbish.
+
+ Closes #14025
+
+Tatsuhiro Tsujikawa (26 Jun 2024)
+
+- quic: enable UDP GRO
+
+ Closes #14012
+
+Stefan Eissing (26 Jun 2024)
+
+- quic: require at least OpenSSL 3.3 for QUIC
+
+ - when checking for QUIC support in OpenSSL, also check
+ for it being at least 3.3.0
+ - remove workarounds for features buggy or missing in 3.2
+
+ Closes #14026
+
+Daniel Stenberg (26 Jun 2024)
+
+- FILEFORMAT.md: mentioned <file[num]> for "client"
+
+ They can be used to create more files.
+
+ Closes #14024
+
+Marcel Raad (26 Jun 2024)
+
+- system_win32: add missing curl.h include
+
+ It's required for `CURLcode`.
+
+ Closes https://github.com/curl/curl/pull/14019
+
+Daniel Stenberg (26 Jun 2024)
+
+- TODO: specify which response codes that make -f/--fail return error
+
+ Suggestion from the user survey 2024
+
+ Closes #14020
+
+Stefan Eissing (26 Jun 2024)
+
+- lib: graceful connection shutdown
+
+ When libcurl discards a connection there are two phases this may go
+ through: "shutdown" and "closing". If a connection is aborted, the
+ shutdown phase is skipped and it is closed right away.
+
+ The connection filters attached to the connection implement the phases
+ in their `do_shutdown()` and `do_close()` callbacks. Filters carry now a
+ `shutdown` flags next to `connected` to keep track of the shutdown
+ operation.
+
+ Filters are shut down from top to bottom. If a filter is not connected,
+ its shutdown is skipped. Notable filters that *do* something during
+ shutdown are HTTP/2 and TLS. HTTP/2 sends the GOAWAY frame. TLS sends
+ its close notify and expects to receive a close notify from the server.
+
+ As sends and receives may EAGAIN on the network, a shutdown is often not
+ successful right away and needs to poll the connection's socket(s). To
+ facilitate this, such connections are placed on a new shutdown list
+ inside the connection cache.
+
+ Since managing this list requires the cooperation of a multi handle,
+ only the connection cache belonging to a multi handle is used. If a
+ connection was in another cache when being discarded, it is removed
+ there and added to the multi's cache. If no multi handle is available at
+ that time, the connection is shutdown and closed in a one-time,
+ best-effort attempt.
+
+ When a multi handle is destroyed, all connection still on the shutdown
+ list are discarded with a final shutdown attempt and close. In curl
+ debug builds, the environment variable `CURL_GRACEFUL_SHUTDOWN` can be
+ set to make this graceful with a timeout in milliseconds given by the
+ variable.
+
+ The shutdown list is limited to the max number of connections configured
+ for a multi cache. Set via CURLMOPT_MAX_TOTAL_CONNECTIONS. When the
+ limit is reached, the oldest connection on the shutdown list is
+ discarded.
+
+ - In multi_wait() and multi_waitfds(), collect all connection caches
+ involved (each transfer might carry its own) into a temporary list.
+ Let each connection cache on the list contribute sockets and
+ POLLIN/OUT events it's connections are waiting for.
+
+ - in multi_perform() collect the connection caches the same way and let
+ them peform their maintenance. This will make another non-blocking
+ attempt to shutdown all connections on its shutdown list.
+
+ - for event based multis (multi->socket_cb set), add the sockets and
+ their poll events via the callback. When `multi_socket()` is invoked
+ for a socket not known by an active transfer, forward this to the
+ multi's cache for processing. On closing a connection, remove its
+ socket(s) via the callback.
+
+ TLS connection filters MUST NOT send close nofity messages in their
+ `do_close()` implementation. The reason is that a TLS close notify
+ signals a success. When a connection is aborted and skips its shutdown
+ phase, the server needs to see a missing close notify to detect
+ something has gone wrong.
+
+ A graceful shutdown of FTP's data connection is performed implicitly
+ before regarding the upload/download as complete and continuing on the
+ control connection. For FTP without TLS, there is just the socket close
+ happening. But with TLS, the sent/received close notify signals that the
+ transfer is complete and healthy. Servers like `vsftpd` verify that and
+ reject uploads without a TLS close notify.
+
+ - added test_19_* for shutdown related tests
+ - test_19_01 and test_19_02 test for TCP RST packets
+ which happen without a graceful shutdown and should
+ no longer appear otherwise.
+ - add test_19_03 for handling shutdowns by the server
+ - add test_19_04 for handling shutdowns by curl
+ - add test_19_05 for event based shutdowny by server
+ - add test_30_06/07 and test_31_06/07 for shutdown checks
+ on FTP up- and downloads.
+
+ Closes #13976
+
+Daniel Stenberg (25 Jun 2024)
+
+- managen: fix blank line detection
+
+ Follow-up to d14a53eea7b87 which ruined the output somewhat.
+
+ Closes #14017
+
+- managen: output tabs for each 8 leading spaces
+
+ This replacing of eight leading spaces into tabs was already done for
+ the embedded uncompressed version in tool_hugehelp.c so it does not save
+ anything there. But the gzip compressed version ends up almost 2K
+ smaller.
+
+ The output in a terminal should be identical.
+
+ Before using TABs:
+
+ curl.txt 282492 bytes
+ curl.txt.gz 73261 bytes
+
+ With this change applied:
+
+ curl.txt 249382 bytes
+ curl.txt.gz 71470 bytes
+
+ Closes #14016
+
+- managen: error on trailing blank lines in input files
+
+ Ref: #14014
+ Closes #14015
+
+Viktor Szakats (25 Jun 2024)
+
+- tidy-up: more whitespace
+
+ Closes #14014
+
+Stefan Eissing (25 Jun 2024)
+
+- multi: multi_getsock(), check correct socket
+
+ - in phase CONNECTING/TUNNELING/PROTOCONNECT, retrieve
+ the socket from the connection filters and do not rely
+ on `conn->sockfd` being already set by the transfer.
+ - this applies to the default behaviour, a protocol handler
+ may override this via its callbacks.
+ - add a warning message in multi_getsock() when the transfer
+ is expected to have something in its pollset, but instead
+ it is empty.
+
+ Reported-by: saurabhsingh-dev on github
+ Fixes #13998
+ Closes #14011
+
+Daniel Stenberg (25 Jun 2024)
+
+- managen: fix each options footer to end with newline
+
+ A previous change sometimes made a command line option's description not
+ end with a newline immediately before the next command line.
+
+ Also widened the lines to wrap on column 79 instead of 78.
+
+ Closes #14010
+
+Alex Snast (25 Jun 2024)
+
+- wolfssl: assume key_file equal to clientcert in the absence of key_file
+
+ When user sets CURLOPT_SSLCERT but leaves CURLOPT_SSLKEY unset assume
+ the path passed in CURLOPT_SSLCERT holds the ssl key which is what we do
+ in openssl implementation.
+
+ Fixes #14007
+ Closes #14008
+
+Viktor Szakats (24 Jun 2024)
+
+- autotools: fix pkg-config names (zstd, ngtcp2*)
+
+ Also verified that all names now match up with CMake.
+
+ Follow-up to f057de5a1a950a90d1920021db152a4b695f1a8a #13911
+ Follow-up to eeab0ea7aa19af61af881e8a0bf9ff1f2e28ef79 #13994
+ Reported-by: 李四
+ Fixes #14005
+ Closes #14006
+
+- tidy-up: whitespace [ci skip]
+
+Daniel Stenberg (24 Jun 2024)
+
+- cmdline-docs: "added in" cleanups
+
+ - markup fixes
+ - remove some mentions of < 7.60.0 changes
+
+ Closes #14003
+
+- RELEASE-NOTES: synced
+
+- managen: "added in" fixes
+
+ - up the limit: remove all mentions of 7.60 or earlier from manpage
+ 7.60 is 6 years old now.
+ - warn on "broken" added in lines, as they avoid detection
+ - fixup added in markup in a few curldown files
+
+ Closes #14002
+
+Matt Jolly (24 Jun 2024)
+
+- configure: fix pkg-config library name 'libnghttp3'
+
+ Closes #13994
+
+Daniel Stenberg (24 Jun 2024)
+
+- managen: cleanups to generate nicer-looking output
+
+ - output "see also" last
+ - when there are multiple mutex items, use commas between all of them
+ except the last.
+ - call them mututally exclusive WITH not TO other options.
+ - remove trailing space from added in, add newline prefix
+ - smoother language for requires
+
+ Closes #14001
+
+- configure: require a QUIC library if nghttp3 is used
+
+ Instead of just silently disabling HTTP/3.
+
+ Reported-by: Matt Jolly
+ Fixes #13995
+ Closes #13999
+
+- docs/cmdline-opts: remove two superfluous "Added in" mentions
+
+ The key "added in" phrase for the option itself is added automatically.
+
+ Closes #14000
+
+- cookie-jar.md: see also --junk-session-cookies
+
+ Closes #13996
+
+- runtests: support crlf="yes" for the <stderr> section
+
+- TODO: -h option
+
+ Support "curl -h --insecure" etc to output the manpage section for the
+ --insecure command line option in the terminal. Should be possible to
+ work with either long or short versions of command line options.
+
+ Closes #13990
+
+- trace-ascii.md: mention "%" for stderr
+
+ Closes #13991
+
+- connect-to.md: expand with examples
+
+ - add referer from the resolve section to connect-to if user wants
+ wildcard for the port number
+
+ Closes #13989
+
+- TODO: connect to multiple IPs in parallel
+
+ Closes #13986
+
+- dump-header.md: mention minus for stdout
+
+ Closes #13985
+
+- CURLOPT_RESOLVE.md: mention hostname can be wildcard ('*')
+
+ Closes #13983
+
+Andy Pan (22 Jun 2024)
+
+- cf-socket: optimize curlx_nonblock() and check its return error
+
+ Reviewed-by: Stefan Eissing
+ Closes #13942
+
+z2_ (22 Jun 2024)
+
+- x509asn1: prevent NULL dereference
+
+ Closes #13978
+
+Daniel Stenberg (19 Jun 2024)
+
+- unit2604: use 'unitfail' instead of 'error' variable
+
+ Since the framework is already returning that variable by default.
+ Avoids a warning for unreachable code.
+
+ Reported-by: Tal Regev
+ Fixes #13967
+ Closes #13973
+
+- KNOWN_BUGS: TFTP tests fail on OpenBSD
+
+ Closes #13623
+ Closes #13975
+
+- VULN-DISCLOSURE-POLICY: NULL dereferences and crashes
+
+ If a malicious server can trigger a NULL dereference in curl or
+ otherwise cause curl to crash (and nothing worse), chances are big that
+ we do not consider that a security problem.
+
+ Closes #13974
+
+- RELEASE-NOTES: synced
+
+Sergey Markelov (19 Jun 2024)
+
+- mbedtls: support CURLOPT_CERTINFO
+
+ Closes #13113
+
+Daniel Stenberg (19 Jun 2024)
+
+- x509asn1: ASN1tostr() should fail when 'constructed' is set
+
+ This is a regression from my refactor in 623c3a8fa0bdb (#12808)
+
+ Follow-up to 623c3a8fa0bdb2751f14b37417
+
+ Closes #13972
+
+- x509asn1: remove two static variables
+
+ cnOID and sanOID were not used outside of the OID table anyway
+
+ Closes #13971
+
+brian m. carlson (18 Jun 2024)
+
+- TODO: TLS channel binding
+
+ Closes #13483
+
+Tal Regev (17 Jun 2024)
+
+- cmake: add CURL_USE_GSASL option with detection + CI test
+
+ Reviewed-by: Viktor Szakats
+ Closes #13948
+
+Daniel Stenberg (16 Jun 2024)
+
+- x509asn1: make Curl_extract_certinfo store error message
+
+ To help us all better understand where the error actually comes from.
+
+ Ref: #13958
+ Closes #13959
+
+Viktor Szakats (15 Jun 2024)
+
+- appveyor: dump build logs on failure in VS2008 jobs
+
+ This seems to be the only way to see what actual toolchain commands were
+ run, and with what arguments.
+
+ Without `dos2unix`, `cat` output comes out empty.
+
+ Closes #13957
+
+- cmake: fix quotes when appending multiple options (SecureTransport)
+
+ Copied from a vcpkg distro patch:
+ https://github.com/microsoft/vcpkg/blob/02745e0f4749d1f51d2025824209408f5a6c3
+ 614/ports/curl/dependencies.patch#L43C38-L44
+
+ Ref: https://github.com/microsoft/vcpkg/pull/38847
+ Ref: https://github.com/microsoft/vcpkg/commit/795f2f137e6cf6d985fcc927bffcaf
+ 9c0a96e4ac
+ Ref: https://github.com/microsoft/vcpkg/pull/38847/commits/36f0c917de5319e953
+ 61451fc0aef0698b264874#diff-ab5c23e5dc5df412539cc93e24b37abbc588e1918236f8abc
+ 019d676b270c85fR39 (sub-commit)
+
+ Authored-by: Kai Pastor
+ Closes #13953
+
+Daniel Stenberg (15 Jun 2024)
+
+- CURLOPT_NETRC.md: clarify what it does on Windows
+
+ Closes #13956
+
+- KNOWN_BUGS: "HTTP/2 + TLS spends a lot of time in recv"
+
+ Closes #13416
+ Closes #13955
+
+- RELEASE-NOTES: synced
+
+Yedaya Katsman (14 Jun 2024)
+
+- examples: add missing binaries to .gitignore
+
+ They were showing as changed when built. Add them sorted alphabetically,
+ while also moving a few more entries to sorted order.
+
+ Closes #13952
+
+- docs: reference non deprecated libcurl options
+
+ There are a places where man pages reference deprecated CURLOPT options,
+ where it doesn't make sense, replace them with the reccomended
+ replacement option.
+
+ also remove reference to the removed mesalink TLS backend
+
+ Closes #13951
+
+Daniel Stenberg (14 Jun 2024)
+
+- gnutls: pass in SNI name, not hostname when checking cert
+
+ The function we use is called 'gnutls_x509_crt_check_hostname()' but if
+ we pass in the hostname with a trailing dot, the check fails. If we pass
+ in the SNI name, which cannot have a trailing dot, it succeeds for
+ https://pyropus.ca./
+
+ I consider this as a flaw in GnuTLS and have submitted this issue
+ upstream:
+
+ https://gitlab.com/gnutls/gnutls/-/issues/1548
+
+ In order to work with old and existing GnuTLS versions, we still need
+ this change no matter how they view the issue or might change it in the
+ future.
+
+ Fixes #13428
+ Reported-by: Ryan Carsten Schmidt
+ Closes #13949
+
+- BINDINGS: update java link to one that exists
+
+ The previous java binding seems to have vanished. Link to one that still
+ exists.
+
+ Bug: https://github.com/curl/everything-curl/issues/456
+ Reported-by: Jiang Wenjian
+ Closes #13950
+
+renovate[bot] (14 Jun 2024)
+
+- GHA: update pinned actions
+
+ - github/codeql-action digest to 23acc5c
+ - actions/checkout digest to 692973e
+ - rojopolis/spellcheck-github-actions digest to d354a4d
+
+ Closes #13935
+ Closes #13945
+ Closes #13946
+
+Jay Satiro (14 Jun 2024)
+
+- tool_cb_hdr: allow etag and content-disposition for 3xx reply
+
+ - Parse etag and content-disposition headers for 3xx replies.
+
+ For example, a server may send a content-disposition filename header
+ with a redirect reply (3xx) but not with the final response (2xx).
+ Without this change curl would ignore the server's specified filename
+ and continue to use the filename extracted from the user-specified URL.
+
+ Prior to this change, 75d79a4 had limited etag and content-disposition
+ to 2xx replies only.
+
+ Tests-by: Daniel Stenberg
+
+ Reported-by: Morgan Willcock
+ Fixes https://github.com/curl/curl/issues/13302
+ Closes #13484
+
+Daniel Stenberg (13 Jun 2024)
+
+- transfer: set CSELECT_IN if there is data pending
+
+ When aborting the transfer loop early, like when there is rate limiting
+ in effect, there might be buffered data already read off the socket so
+ the socket might not signal reability. Therefore we must set the
+ CSELECT_IN manually if data_pending_() suggests there might be more data
+ to get. This is particularly noticeable with SSH when the underlying
+ library has drained the socket and holds pending data in its buffer.
+
+ Reported-by: alervd on github
+ Fixes #13695
+ Closes #13943
+
+Viktor Szakats (13 Jun 2024)
+
+- cmake: enable SOVERSION for Cygwin and `CMAKE_DLL_NAME_WITH_SOVERSION`
+
+ - enable SOVERSION when `CMAKE_DLL_NAME_WITH_SOVERSION=ON` is set.
+ Ref: https://cmake.org/cmake/help/v3.27/variable/CMAKE_DLL_NAME_WITH_SOVERS
+ ION.html
+ Use: https://github.com/search?q=-DCMAKE_DLL_NAME_WITH_SOVERSION&type=code
+
+ - enable SOVERSION for Cygwin builds by default.
+
+ Ref: #13936
+ Ref: #13944
+ Closes #13898
+
+- cmake: allow SOVERSION override with `CURL_LIBCURL_SOVERSION`
+
+ Allow overriding SOVERSION with the new CMake option:
+ `CURL_LIBCURL_SOVERSION=ON/OFF`
+
+ For certain target platforms the shared libcurl library filename
+ contains the SOVERSION. This new option allows to enable/disable
+ this behavior manually. If set, it takes precedence over the default
+ setting.
+
+ Ref: #13898
+ Closes #13944
+
+renovate[bot] (13 Jun 2024)
+
+- Dockerfile: update debian:bookworm-slim to 84d83b2
+
+ Closes #13934
+
+Daniel Stenberg (13 Jun 2024)
+
+- configure: use AC_MSG_WARN for TLS/experimental warning texts
+
+ - no longer warns for mbedtls
+ - warns for each item on individual lines
+ - no longer shows irrelevant TLS libraries when multiple are selected
+ - removes ech repetition
+
+ Closes #13941
+
+- GHA: detect and warn for more English contractions
+
+ As we try to avoid them in curl documentation
+
+ Closes #13940
+
+Stefan Eissing (13 Jun 2024)
+
+- transfer: do not use EXPIRE_NOW while blocked
+
+ - When a transfer sets `data->state.select_bits`, it is
+ scheduled for rerun with EXPIRE_NOW. If such a transfer
+ is blocked (due to PAUSE, for example), this will lead to
+ a busy loop.
+ - multi.c: check for transfer block
+ - sendf.*: add Curl_xfer_is_blocked()
+ - sendf.*: add client reader `is_paused()` callback
+ - implement is_paused()` callback where needed
+
+ Closes #13908
+
+renovate[bot] (13 Jun 2024)
+
+- ci: update dependency ngtcp2/ngtcp2 to v1.6.0
+
+ Closes #13939
+
+- ci: update ngtcp2/nghttp3 to v1.4.0
+
+ Closes #13938
+
+Viktor Szakats (13 Jun 2024)
+
+- cmake: stop setting SOVERSION for the static lib target
+
+ Also move the logic closer to its use and related tidy-ups.
+
+ Cherry-picked from #13898
+ Closes #13936
+
+Patrick Monnerat (13 Jun 2024)
+
+- os400: make it compilable again
+
+ A newly introduced use of getsockname() in the cli tool makes it require
+ the ascii wrapper module, which is not available outside of the library:
+ as the tool only uses the address family field (binary), disable
+ wrappers outside of libcurl.
+
+ Fix setsockopt() parameter type mismatch using a (void *) cast.
+
+ Sync ILE/RPG binding.
+
+ Closes #13930
+
+Viktor Szakats (13 Jun 2024)
+
+- libcurl.pc: add `Requires.private`, `Requires` for static linking
+
+ - cmake: populate for dependencies.
+ - autotools: populate for dependencies.
+ (including mbedtls, though the script does not detect
+ mbedtls through pkgconfig. mbedtls 3.6.0 now supports it.)
+
+ Skip dealing with gssapi in this patch.
+
+ Fixes #864
+ Closes #13911
+
+- cmake: bring `curl-config.cmake` closer to `FindCURL`
+
+ Set `CURL_LIBRARIES` and `CURL_INCLUDE_DIRS` variables
+ for compatibility with CMake's `FindCURL.cmake`:
+ https://github.com/Kitware/CMake/blob/b411d0146c2e06acfb0c823bb039e99f0191b61
+ 1/Modules/FindCURL.cmake#L209
+
+ For dependent projects, CMake's suggestion is to replace
+ `CURL_LIBRARIES` with `CURL::libcurl`, and drop `CURL_INCLUDE_DIRS`.
+
+ Reported-by: Aurélien Pierre
+ Ref: https://curl.se/mail/lib-2024-06/0014.html
+ Ref: https://gitlab.kitware.com/cmake/cmake/-/issues/24580
+ Closes #13897
+
+Daniel Stenberg (13 Jun 2024)
+
+- tool_getparam: fix the bsearch call for ip-tos names
+
+ Follow-up to 3c20ae08b9591
+ Reported-by: Samuel Chiang
+ Fixes #13932
+ Closes #13933
+
+- request: change the struct field bodywrites to a bool, only for hyper
+
+ Only hyper needs to know this, and it can use it as a boolean.
+
+ Closes #13928
+
+Andy Pan (12 Jun 2024)
+
+- test: fix CURLOPT_TCP_KEEPCNT typo
+
+ Follow up to b77d627d242
+
+ Closes #13931
+
+Daniel Stenberg (12 Jun 2024)
+
+- http: remove "struct HTTP"
+
+ It is not actually used anymore and only contained a dummy struct field.
+ Remove all traces and uses of it.
+
+ Closes #13927
+
+- cd2nroff: convert two warnings to errors
+
+ Since the warnings tend to get missed too easily and these are problems
+ we rather want addressed than letting slide.
+
+ Closes #13929
+
+- urlapi: use a correct value for CURLU_NO_GUESS_SCHEME
+
+ It was mistakenly set to the same value as CURLU_GET_EMPTY uses.
+
+ Reported-by: Patrick Monnerat
+ Bug: https://github.com/curl/curl/commit/655d44d139489625e77cf6790d36
+ Closes #13926
+
+- file: separate fake headers and body with a stand-alone CRLF
+
+ Instead of bolting on the extra CRLF to the final header - as that makes
+ the behavior inconsistent and not as documented. The final CRLF is now
+ also made unconditional, just like it is for HTTP.
+
+ Reported-by: dogma
+ Bug: https://curl.se/mail/lib-2024-06/0033.html
+ Closes #13925
+
+- RELEASE-NOTES: synced
+
+Andy Pan (12 Jun 2024)
+
+- tcpkeepalive: add CURLOPT_TCP_KEEPCNT and --keepalive-cnt
+
+ Closes #13885
+
+Daniel Stenberg (12 Jun 2024)
+
+- TODO: make it "Add missing features to TLS backends"
+
+ ... instead of just mentioning CA caching.
+
+ Closes #13924
+
+Orgad Shaneh (11 Jun 2024)
+
+- curl: support VLAN Priority: --vlan-priority
+
+ Add --vlan-priority option to the command line tool for setting VLAN
+ priority.
+
+ Closes #13907
+
+RainRat (11 Jun 2024)
+
+- misc: fix typos
+
+ Closes #13923
+
+Daniel Stenberg (11 Jun 2024)
+
+- CURLOPT_ECH.md: remove repeated 'if'
+
+ Closes #13922
+
+- vms: fixed language in comment
+
+ It started with me fixing a repeated "are are" but the wording was
+ incomprehensible so I tried to untangle it.
+
+ Closes #13921
+
+Stefan Eissing (11 Jun 2024)
+
+- lib: xfer_setup and non-blocking shutdown
+
+ - clarify Curl_xfer_setup() with RECV/SEND flags and different calls for
+ which socket they operate on. Add a shutdown flag for secondary
+ sockets
+ - change Curl_xfer_setup() calls to new functions
+ - implement non-blocking connection shutdown at the end of receiving or
+ sending a transfer
+
+ Closes #13913
+
+Daniel Stenberg (11 Jun 2024)
+
+- test1486: verify that write-out.md and tool_writeout.c are in sync
+
+ - also verify alphabetialal order in the source
+ - add two missing variables to write-out.md
+
+ Closes #13920
+
+Viktor Szakats (11 Jun 2024)
+
+- GHA: add cmake MSYS2 native job
+
+ curl, libcurl, examples, build-only.
+
+ To compare build behaviour with autotools.
+
+ Closes #13917
+
+Daniel Stenberg (11 Jun 2024)
+
+- openssl: shortcut store_expired for negative timeouts
+
+ Avoid some unnecessary computation if the timeout is negative.
+
+ Spotted by CodeSonar
+ Closes #13919
+
+- RELEASE-NOTES: synced
+
+- curl: support -w '%{num_retries}
+
+ Suggested-by: Jay Guerette
+ Ref: https://github.com/curl/curl/discussions/13901
+ Closes #13910
+
+Guilherme Puida (11 Jun 2024)
+
+- pytest: include testenv/vsftpd.py in dist tarball
+
+ Closes #13918
+
+Viktor Szakats (11 Jun 2024)
+
+- DISTROS: add MSYS2 (native) links
+
+ Also rename existing 'MSYS2' to 'MSYS2 (mingw-w64)'.
+
+ Closes #13915
+
+Daniel Stenberg (10 Jun 2024)
+
+- tool_writeout: get certinfo only when needing it
+
+ Removes a fairly expensive libcurl call when not necessary
+
+ Closes #13914
+
+- tool_writeout: bsearch the variable name
+
+ As the list of variable names grows, doing a simple loop to find the
+ name get increasingly worse. This switches to a bsearch.
+
+ Also: do a case sensitive check for the variable name. The names have
+ not been documented to be case insensitive and there is no point in
+ having them so.
+
+ Closes #13914
+
+Stefan Eissing (10 Jun 2024)
+
+- multi: prepare multi_wait() for future shutdown usage
+
+ - new struct curl_pollfds and struct curl_waitfds
+ - add structs and methods to init/add/cleanup an array of pollfd and
+ struct curl_waitfd. Use in multi_wait() and multi_waitfds() to
+ populate the sets for polling.
+ - place USE_WINSOCK WSAEventSelect() setting into a separate loop over
+ all collected pfds
+
+ Closes #13900
+
+- connection: shutdown TLS (for FTP) better
+
+ This adds connection shutdown infrastructure and first use for FTP. FTP
+ data connections, when not encountering an error, are now shut down in a
+ blocking way with a 2sec timeout.
+
+ - add cfilter `Curl_cft_shutdown` callback
+ - keep a shutdown start timestamp and timeout at connectdata
+ - provide shutdown timeout default and member in
+ `data->set.shutdowntimeout`.
+ - provide methods for starting, interrogating and clearing
+ shutdown timers
+ - provide `Curl_conn_shutdown_blocking()` to shutdown the
+ `sockindex` filter chain in a blocking way. Use that in FTP.
+ - add `Curl_conn_cf_poll()` to wait for socket events during
+ shutdown of a connection filter chain.
+ This gets the monitoring sockets and events via the filters
+ "adjust_pollset()" methods. This gives correct behaviour when
+ shutting down a TLS connection through a HTTP/2 proxy.
+ - Implement shutdown for all socket filters
+ - for HTTP/2 and h2 proxying to send GOAWAY
+ - for TLS backends to the best of their capabilities
+ - for tcp socket filter to make a final, nonblocking
+ receive to avoid unwanted RST states
+ - add shutdown forwarding to happy eyeballers and
+ https connect ballers when applicable.
+
+ Closes #13904
+
+Daniel Stenberg (7 Jun 2024)
+
+- CURLOPT_CONNECTTIMEOUT*: clarify, document the milliseond version
+
+ Provide an explanation in the CURLOPT_CONNECTTIMEOUT_MS page instead of
+ just referring to the non-MS version.
+
+ Closes #13905
+
+- cmdline-opts: tidy up --ip-tos and --mptcp
+
+ To make them render nicer in the manpage and minor polish.
+
+ Closes #13906
+
+- RELEASE-NOTES: synced
+
+Dorian Craps (7 Jun 2024)
+
+- curl: (on linux) add MPTCP support
+
+ Multipath TCP (MPTCP), standardized in RFC8684 [1], is a TCP extension
+ that enables a TCP connection to use different paths.
+
+ Multipath TCP has been used for several use cases. On smartphones, MPTCP
+ enables seamless handovers between cellular and Wi-Fi networks while
+ preserving established connections. This use-case is what pushed Apple
+ to use MPTCP since 2013 in multiple applications [2]. On dual-stack
+ hosts, Multipath TCP enables the TCP connection to automatically use the
+ best performing path, either IPv4 or IPv6. If one path fails, MPTCP
+ automatically uses the other path.
+
+ To benefit from MPTCP, both the client and the server have to support
+ it. Multipath TCP is a backward-compatible TCP extension that is enabled
+ by default on recent Linux distributions (Debian, Ubuntu, Redhat, ...).
+ Multipath TCP is included in the Linux kernel since version 5.6 [3]. To
+ use it on Linux, an application must explicitly enable it when creating
+ the socket. No need to change anything else in the application.
+
+ This attached patch adds an --mptcp option which allows the creation of
+ an MPTCP socket instead of TCP on Linux. If Multipath TCP is not
+ supported on the system, an error will be reported. It is important to
+ note that if the end server doesn't support MPTCP, the connection will
+ continue after a seamless fallback to TCP.
+
+ Link: https://www.rfc-editor.org/rfc/rfc8684.html [1]
+ Link: https://www.tessares.net/apples-mptcp-story-so-far/ [2]
+ Link: https://www.mptcp.dev [3]
+ Co-developed-by: Dorian Craps (@CrapsDorian) <doriancraps@gmail.com>
+ Co-developed-by: Olivier Bonaventure (@obonaventure) <Olivier.Bonaventure@ucl
+ ouvain.be>
+ Co-developed-by: Matthieu Baerts (@matttbe) <matttbe@kernel.org>
+ Signed-off-by: Dorian Craps <dorian.craps@student.vinci.be>
+
+ Closes #13278
+
+Orgad Shaneh (7 Jun 2024)
+
+- curl: support IP Type of Service / Traffic Class: --ip-tos
+
+ Add --ip-tos option to the command line tool for setting TOS for IPv4 or
+ Traffic Class for IPv6.
+
+ Closes #13606
+
+Andy Pan (7 Jun 2024)
+
+- socketpair: provide `Curl_socketpair` only when `!CURL_DISABLE_SOCKETPAIR`
+
+ Ref: https://curl.se/dev/log.cgi?id=20240605035856-3529577
+
+ Reported-by: Marcel Raad
+ Closes #13888
+
+Daniel Stenberg (7 Jun 2024)
+
+- noproxy: test bad ipv6 net size first
+
+ No need to parse anything if the size is out of range.
+
+ Added some tests to this effect to test 1614.
+
+ Closes #13902
+
+- managen: warn on excessively long help texts
+
+ Help texts at 49 characters or longer get a warning displayed because
+ they make --help output uglier and we should make an effort to keep the
+ help texts short and succinct.
+
+ The warning is only for display, it does not break the build. That is
+ left for the future if necessary.
+
+ I picked 49 because the longest current text is 48.
+
+ Closes #13895
+
+Viktor Szakats (5 Jun 2024)
+
+- lib: tidy up types and casts
+
+ Cherry-picked from #13489
+ Closes #13862
+
+Daniel Stenberg (5 Jun 2024)
+
+- cmdline-opts/ech.md: shorten the help text
+
+ To make --help look sensible again
+
+ Closes #13894
+
+- cmdline-opts/_PROTOCOLS.md: mention WS(S)
+
+ Closes #13891
+
+Viktor Szakats (5 Jun 2024)
+
+- GHA: disable TFTP and WebSockets tests in old-mingw-w64
+
+ Follow-up to 03bd16e5339b069aa9409b75fcab2b21fd3a4b16 #13860
+ Follow-up to def7d05382743ea7aa1d356d1e41dcb22ecdd4d7
+
+Daniel Stenberg (5 Jun 2024)
+
+- cmdline-opts/fail.md: expand and clarify
+
+ Closes #13890
+
+- doh-insecure.md: expand
+
+ Closes #13889
+
+- cmdline: expand proxy option explanations
+
+ - do less references to other options
+ - provide more specific text about proxies
+ - added more see-also references
+
+ Closes #13887
+
+- cmdline-opts: expand the parallel explanations
+
+ Closes #13886
+
+- RELEASE-NOTES: synced
+
+Stefan Eissing (5 Jun 2024)
+
+- vtls: new io_need flags for poll handling
+
+ - decouple need to recv/send from negotiation state, we need
+ this later in shutdown handling as well
+ - move ssl enums from urldata.h to vtls_int.h
+ - implement use of `connssl->io_need` in vtls.c. and all backends
+
+ Closes #13879
+
+Daniel Stenberg (5 Jun 2024)
+
+- cfilters: make Curl_conn_connect always assign 'done'
+
+ It could return error without assigning it, and we have a caller in
+ multi.c that assumes it gets set.
+
+ Spotted by CodeSonar
+ Closes #13884
+
+- CURLOPT_INTERFACE.md: quote the less-than and larger-than
+
+ Fixes the warnings shown on stderr.
+
+ Follow-up from 3060557af702dd5
+
+ Closes #13883
+
+- cmdline-opts/interface.md: expand the documentation
+
+ Explain the syntax it supports.
+
+ Closes #13882
+
+- url: allow DoH transfers to override max connection limit
+
+ When reaching the set maximum limit of allowed connections, allow a new
+ connection anyway if the transfer is created for the (internal) purpose
+ of doing a DoH name resolve. Otherwise, unrelated "normal" transfers can
+ starve out new DoH requests making it impossible to name resolve for new
+ transfers.
+
+ Bug: https://curl.se/mail/lib-2024-06/0001.html
+ Reported-by: kartatz
+ Closes #13880
+
+Viktor Szakats (5 Jun 2024)
+
+- windows: fix UWP builds, add GHA job
+
+ Add new job to test building for UWP (aka `CURL_WINDOWS_APP`).
+
+ Fix fallouts when building for UWP:
+ - rand: do not use `BCryptGenRandom()`.
+ - cmake: disable using win32 LDAP.
+ - cmake: disable telnet.
+ - version_win32: fix code before declaration.
+ - schannel: disable `HAS_MANUAL_VERIFY_API`.
+ - schannel: disable `SSLSUPP_PINNEDPUBKEY`
+ and make `schannel_checksum()` a stub.
+ Ref: e178fbd40a896f2098278ae61e1166c88e7b31d0 #1429
+ - schannel: make `cert_get_name_string()` a failing stub.
+ - system_win32: make `Curl_win32_impersonating()` a failing stub.
+ - system_win32: try to fix `Curl_win32_init()` (untested).
+ - threads: fix to use `CreateThread()`.
+ - src: disable searching `PATH` for the CA bundle.
+ - src: disable bold text support and capability detection.
+ - src: disable `getfiletime()`/`setfiletime()`.
+ - tests: make `win32_load_system_library()` a failing stub.
+ - tests/server/util: make it compile.
+ - tests/server/sockfilt: make it compile.
+ - tests/lib3026: fix to use `CreateThread()`.
+
+ See individual commits for build error details.
+
+ Some of these fixes may have better solutions, and some may not work
+ as expected. The goal of this patch is to make curl build for UWP.
+
+ Closes #13870
+
+Orgad Shaneh (4 Jun 2024)
+
+- socket: support binding to interface *AND* IP
+
+ Introduce new notation for CURLOPT_INTERFACE / --interface:
+ ifhost!<interface>!<host>
+
+ Binding to an interface doesn't set the address, and an interface can
+ have multiple addresses.
+
+ When binding to an address (without interface), the kernel is free to
+ choose the route, and it can route through any device that can access
+ the target address, not necessarily the one with the chosen address.
+
+ Moreover, it is possible for different interfaces to have the same IP
+ address, on which case we need to provide a way to be more specific.
+
+ Factor out the parsing part of interface option, and add unit tests:
+ 1663.
+
+ Closes #13719
+
+Andy Pan (4 Jun 2024)
+
+- socketpair: add `eventfd` and use `SOCK_NONBLOCK` for `socketpair()`
+
+ Currently, we use `pipe` for `wakeup_create`, which requires ***two***
+ file descriptors. Furthermore, given its complexity inside, `pipe` is a
+ bit heavyweight for just a simple event wait/notify mechanism.
+
+ `eventfd` would be a more suitable solution for this kind of scenario,
+ kernel also advocates for developers to use `eventfd` instead of `pipe`
+ in some simple use cases:
+
+ Applications can use an eventfd file descriptor instead of a pipe
+ (see pipe(2) in all cases where a pipe is used simply to signal
+ events. The kernel overhead of an eventfd file descriptor is much
+ lower than that of a pipe, and only one file descriptor is required
+ (versus the two required for a pipe).
+
+ This change adds the new backend of `eventfd` for `wakeup_create` and
+ uses it where available, eliminating the overhead of `pipe`. Also, it
+ optimizes the `wakeup_create` to eliminate the system calls that make
+ file descriptors non-blocking by moving the logic of setting
+ non-blocking flags on file descriptors to `socketpair.c` and using
+ `SOCK_NONBLOCK` for `socketpair(2)`, `EFD_NONBLOCK` for `eventfd(2)`.
+
+ Ref:
+ https://man7.org/linux/man-pages/man7/pipe.7.html
+ https://man7.org/linux/man-pages/man2/eventfd.2.html
+ https://man7.org/linux/man-pages/man2/socketpair.2.html
+ https://www.gnu.org/software/gnulib/manual/html_node/eventfd.html
+
+ Closes #13874
+
+renovate[bot] (4 Jun 2024)
+
+- ci: update github/codeql-action digest to 2e230e8
+
+ Closes #13881
+
+Jay Satiro (4 Jun 2024)
+
+- examples/threaded-ssl: remove locking callback code
+
+ - Remove the locking callback code that demonstrates how to meet
+ requirements of threading libraries (mainly OpenSSL).
+
+ Locking callback code has not been needed for many years. According to
+ the documentation for OpenSSL and GnuTLS they are thread-safe by design,
+ assuming support for the underlying OS threading API is built-in.
+
+ Ref: https://github.com/curl/curl/pull/13850#issuecomment-2143538458
+
+ Closes https://github.com/curl/curl/pull/13851
+
+Viktor Szakats (4 Jun 2024)
+
+- tests: delete redundant `!MSDOS` guard
+
+ This fix was supposed to be committed earlier, but ended up missing from
+ the final commit.
+
+ Follow-up to e9a7d4a1c8377dbcf9a2d94365f60e3e5dff48f8 #12376
+ Closes #13878
+
+- lib: fix thread entry point to return `DWORD` on WinCE
+
+ We already do this in `tests/server/util.c`:
+ https://github.com/curl/curl/blob/97e5e37cc8269660bc5d4a1936f10f2390b97c5a/te
+ sts/server/util.c#L604-L606
+ and in `sockfilt.c`, `lib3026.c`.
+
+ Before this patch it returned `unsigned int`.
+
+ Closes #13877
+
+Andy Pan (4 Jun 2024)
+
+- socket: use SOCK_NONBLOCK to eliminate extra system call
+
+ Every time function `cf_socket_open()` is called to create a socket,
+ `curlx_nonblock()` is called to make that socket non-blocking. And
+ `curlx_nonblock()` will cost us 1 or 2 system calls (2 for `fcntl()`, 1
+ for `ioctl()`, etc.), meanwhile, tucking `SOCK_NONBLOCK` and
+ `SOCK_CLOEXEC` into the `type` argument for `socket()` is widely
+ supported across UNIX-like OS: Linux, *BSD, Solaris, etc. With that
+ ability, we can save 1 or 2 system calls on each socket.
+
+ Another change in this PR is to eliminate the redundant
+ `curlx_nonblock()` call on the socket in `cf_udp_setup_quic()` as that
+ socket created by `cf_socket_open()` is already non-blocking.
+
+ Ref:
+ https://man7.org/linux/man-pages/man2/socket.2.html
+ https://man.freebsd.org/cgi/man.cgi?socket(2)
+ https://man.dragonflybsd.org/?command=socket§ion=2
+ https://man.netbsd.org/socket.2
+ https://man.openbsd.org/socket
+ https://docs.oracle.com/cd/E88353_01/html/E37843/socket-3c.html
+ https://illumos.org/man/3SOCKET/socket
+ ...
+
+ Closes #13855
+
+Viktor Szakats (4 Jun 2024)
+
+- GHA: show cmake error log in Windows and non-native workflows
+
+ CMake configure doesn't fail often, but when it does, it helps to see
+ its `CMakeFiles/CMakeConfigureLog.yaml` output. This file is present
+ since CMake v3.26:
+ https://cmake.org/cmake/help/v3.26/manual/cmake-configure-log.7.html
+
+ (Older CMake versions save similar contend to
+ `CMakeFiles\CMakeOutput.log` and
+ `CMakeFiles\CMakeError.log`. This patch doesn't deal with that because
+ the workflows touched are all running a newer CMake.)
+
+ After this patch, we dump the content if cmake fails. Syncing this with
+ autotools, where we already did that.
+
+ Closes #13872
+
+- GHA: switch a Windows job to UCRT (gcc)
+
+ Cherry-picked from #13870
+
+- curl-config: revert to backticks to support old target envs
+
+ Make an exception for `curl-config` because this script that may be
+ running on any target system, including old ones, e.g. SunOS 5.10.
+
+ Reported-by: Alejandro R. Sedeño
+ Ref: https://github.com/curl/curl/pull/13307#issuecomment-2146427358
+ Follow-up to fa69b41c7790fab86fd363242c81d8ef2e89e183 #13307
+ Closes #13871
+
+Stefan Eissing (4 Jun 2024)
+
+- mbedtls: v3.6.0 workarounds
+
+ - add special sauce to disable unwanted peer verification by mbedtls
+ when negotiating TLS v1.3
+ - add special sauce for MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET
+ return code on *writing* TLS data. We assume the data had not been
+ written and EAGAIN.
+ - return correct Curl error code when peer verification failed.
+ - disable test_08_05 with 50 HTTP/1.1 connections, as mbedtls reports a
+ memory allocation failed during handshake.
+ - bump CI mbedtls version to 3.6.0
+
+ Fixes #13653
+ Closes #13838
+
+- gnutls: support CA caching
+
+ - similar to openssl, use a shared 'credentials' instance
+ among TLS connections with a plain configuration.
+ - different to openssl, a connection with a client certificate
+ is not eligible to sharing.
+ - document CURLOPT_CA_CACHE_TIMEOUT in man page
+
+ Closes #13795
+
+Dan Fandrich (3 Jun 2024)
+
+- tests: don't log buffer length in throwing away message
+
+ It's not available at that point, and it will be written in the
+ non-error case right afterward.
+
+- tests: log "Throwing away" messages before throwing away
+
+ In case the read that follows hangs we'll get a clue as to what it was
+ doing.
+
+- CI: reduce memory request for FreeBSD builds
+
+ Also, add a comment with link to the Cirrus credit page since it's not
+ easy to find otherwise.
+
+Andy Pan (3 Jun 2024)
+
+- tcpkeepalive: support setting TCP keep-alive parameters on Solaris <11.4
+
+ Solaris didn't support TCP_KEEPIDLE and TCP_KEEPINTVL until 11.4,
+ before that it use TCP_KEEPALIVE_THRESHOLD and TCP_KEEPALIVE_ABORT_THRESHOLD
+ as the substitute. Therefore, for Solaris <11.4 we need to use this substitut
+ e
+ for setting TCP keep-alive parameters.
+
+ Ref:
+ https://docs.oracle.com/cd/E86824_01/html/E54777/tcp-7p.html
+ https://docs.oracle.com/cd/E88353_01/html/E37851/tcp-4p.html
+
+ Closes #13864
+
+Daniel Stenberg (3 Jun 2024)
+
+- KNOWN_BUGS: quiche: QUIC connection is draining
+
+ Closes #12037
+ Closes #13867
+
+- KNOWN_BUGS: aws-sigv4 has problems with particular URLs
+
+ Closes #13058
+ Closes #13866
+
+- KNOWN_BUGS: aws-sigv4 does not handle multipart/form-data correctly
+
+ Closes #13351
+ Closes #13866
+
+- RELEASE-NOTES: synced
+
+Viktor Szakats (3 Jun 2024)
+
+- GHA: fix old mingw-w64 32-bit job
+
+ This toolchain resides in the `mingw32` directory. Make sure to
+ configure `PATH` accordingly.
+
+ Before this patch, it pointed to a non-existing `mingw64` directory,
+ making the job use the wrong compiler (gcc 12, 64-bit).
+
+ Follow-up to e838b341a08b44d4a8486fb0d3f15d12fc794c62 #12927
+ Closes #13863
+
+Daniel Stenberg (2 Jun 2024)
+
+- tool_cb_hdr: return error for failed header writes
+
+ By checking that fflush() works.
+
+ Reported-by: Sebastian Andersson
+ Fixes #13836
+ Closes #13859
+
+Viktor Szakats (2 Jun 2024)
+
+- GHA: bump all build jobs to nproc+1
+
+ - bump rest of the workflows (windows, macos, distrocheck).
+
+ - non-native virtualized envs have 2 CPUs, bump down accordingly.
+ (for `vmactions/omnios-vm` it's just a guess.)
+
+ - bump all to nproc + 1.
+
+ Follow-up to e838b341a08b44d4a8486fb0d3f15d12fc794c62 #12927
+ Closes #13807
+
+- GHA: disable MQTT and WebSocket tests in Windows jobs
+
+ Trying to figure out which category is causing the remaining hangs.
+
+ Follow-up to def7d05382743ea7aa1d356d1e41dcb22ecdd4d7
+ Closes #13860
+
+- lib/v*: tidy up types and casts
+
+ Also add a couple of negative checks.
+
+ Cherry-picked from #13489
+ Closes #13622
+
+- GHA: fix caching old mingw-w64 toolchains in the Windows workflow
+
+ - stop altering the `PATH` via `GITHUB_ENV`. This confused the
+ `actions/cache` post-job, which needs to run in the exact same
+ environment as its pre-job, to have a consistent cache entry "version"
+ hash. Altering the `PATH` via `GITHUB_ENV` spills into the the
+ post-job and breaks this hash. GHA doesn't reset the env automatically
+ and I have not found a way to do it manually.
+
+ - add double-quotes where missing.
+
+ - move cache directory under `USERPROFILE` to not rely on absolute
+ paths.
+
+ - make cache directory flatter and versionless.
+
+ Follow-up to 0914d8aadddac0d1459673d5b7f77e8f3378b22b #13759
+ Closes #13856
+
+renovate[bot] (2 Jun 2024)
+
+- ci: pin actions/github-script action to 60a0d83
+
+ Closes #13846
+
+Bo Anderson (2 Jun 2024)
+
+- x509asn1: add some common ECDSA OIDs
+
+ Closes #13857
+
+renovate[bot] (2 Jun 2024)
+
+- ci: update rojopolis/spellcheck-github-actions digest to e36f662
+
+ Closes #13852
+
+Bo Anderson (2 Jun 2024)
+
+- x509asn1: fallback to dotted OID representation
+
+ Reported-by: Luke Hamburg
+ Fixes #13845
+ Closes #13858
+
+Lee Li (2 Jun 2024)
+
+- request.md: language fix
+
+ improved for better readability and correctness
+
+ Closes #13854
+
+Christian Schmitz (2 Jun 2024)
+
+- vtls: deprioritize Secure Transport
+
+ Moved Secure Transport behind OpenSSL, so we can build CURL with both
+ and prefer using OpenSSL over Secure Transport by default.
+
+ Closes #13547
+
+Daniel Stenberg (1 Jun 2024)
+
+- urlapi: add CURLU_NO_GUESS_SCHEME
+
+ Used for extracting:
+
+ - when used asking for a scheme, it will return CURLUE_NO_SCHEME if the
+ stored information was a guess
+
+ - when used asking for a URL, the URL is returned without a scheme, like
+ when previously given to the URL parser when it was asked to guess
+
+ - as soon as the scheme is set explicitly, it is no longer internally
+ marked as guessed
+
+ The idea being:
+
+ 1. allow a user to figure out if a URL's scheme was set as a result of
+ guessing
+
+ 2. extract the URL without a guessed scheme
+
+ 3. this makes it work similar to how we already deal with port numbers
+
+ Extend test 1560 to verify.
+
+ Closes #13616
+
+- wolfssl: support CA caching
+
+ As a bonus, add SSLSUPP_CA_CACHE to let TLS backends signal its support
+ for this so that *setopt() return error if there is no support.
+
+ Closes #13786
+
+Andy Pan (1 Jun 2024)
+
+- socket: change TCP keepalive from ms to seconds on DragonFly BSD
+
+ DragonFly BSD changed the time unit for TCP keep-alive from milliseconds
+ to seconds since v5.8, thus setting the keepalive options with
+ milliseconds with curl/libcurl will result in unexpected behaviors on
+ DragonFlyBSD 5.8+
+
+ Distinguish the DragonFly BSD versions and use the proper time units
+ accordingly.
+
+ Ref:
+ https://lists.dragonflybsd.org/pipermail/commits/2019-July/719125.html
+ https://github.com/DragonFlyBSD/DragonFlyBSD/blob/965b380e960908836b97aa034
+ fa2753091e0172e/sys/sys/param.h#L207
+
+ Fixes #13847
+ Closes #13848
+
+Daniel Stenberg (1 Jun 2024)
+
+- curlver.h: aiming for 8.9.0
+
+- noproxy: patterns need to be comma separated
+
+ or they will not parse correctly.
+
+ Mentioned in DEPRECATED since Janurary 2023 (in 7ad8a7ba9ebdedc).
+
+ Closes #13789
+
+Jan Venekamp (1 Jun 2024)
+
+- sectransp: remove large cipher table
+
+ Previously a large table of ciphers was used to determine the default
+ ciphers and to lookup manually selected ciphers names.
+
+ With the lookup of the manually selected cipher names moved to
+ Curl_cipher_suite_walk_str() the large table is no longer needed for
+ that purpose.
+
+ The list of manually selected cipher can now be intersected with the
+ ciphers supported by Secure Transport (SSLGetSupportedCiphers()),
+ instead of using the fixed table for that.
+
+ The other use of the table was to filter the list of all supported
+ ciphers offered by Secure Transport to create a list of ciphers to
+ use by default, excluding ciphers in the table marked as weak.
+
+ Instead of using a complement based approach (exclude weak), switch
+ to using an intersection with a smaller list of ciphers deemed
+ appropriate.
+
+ Closes #13823
+
+Tatsuhiro Tsujikawa (1 Jun 2024)
+
+- GHA: unify http3 workflows into one
+
+ This commit unifies the following http3 workflows into http3-linux.yml:
+
+ - ngtcp2-linux.yml
+ - osslq-linux.yml
+ - quiche-linux.yml
+
+ The idea is better use of the build cache. Previously, they
+ independently create caches with the same key. Some of the caches
+ include source code and intermediate object files, which makes cache
+ quite large. In this commit, only built artifacts are cached, which
+ drastically reduces the cache size. OpenSSL v3, mod_h2 and quiche caches
+ still include all stuff, but they are left for the later improvement.
+ Because the contents of the cache have been changed, the cache keys are
+ also changed to include the word "http3".
+
+ Closes #13841
+
+Stephen Farrell (1 Jun 2024)
+
+- openSSL: fix hostname handling when using ECH
+
+ Reported-by: vvb2060
+ Fixes #13818
+ Closes #13822
+
+renovate[bot] (1 Jun 2024)
+
+- ci: update github/codeql-action digest to f079b84
+
+ Closes #13837
+
+Daniel Stenberg (1 Jun 2024)
+
+- RELEASE-NOTES: synced
+
+- curl_multi_poll.md: expand the example with an custom file descriptor
+
+ Closes #13842
+
+Christian Heusel (1 Jun 2024)
+
+- DISTROS: add a link to the list archive
+
+ Related to https://github.com/curl/curl/discussions/13833
+
+ Signed-off-by: Christian Heusel <christian@heusel.eu>
+ Closes #13843
+
+Matt Jolly (31 May 2024)
+
+- autoconf: remove 'deeper' checks for `AC_CHECK_FUNCS`
+
+ The net effect of the deeper checks is to raise implicit function decls
+ on modern compilers.
+
+ These checks appear to have been added ~20 years ago, relating to an
+ unverifiable claim about HP-UX. Autoconf support for the platform has
+ grown in leaps and bounds since.
+
+ It didn't cause a real problem here, but when investigating a FP this
+ came up. No evidence has been identified that this was actually broken
+ in the past, and there is no evidence that this is necessary now.
+
+ `-Werror=implicit-function-declarations` is enabled for both checks;
+ without a working prototype they will both fail regardless. In the
+ second case there will in fact never be a working prototype and
+ therefore it will always fail unconditionally.
+
+ `AC_CHECK_FUNCS` does effectively the same thing as the removed checks,
+ except it actually defines a dummy prototype to see if it links.
+
+ If `AC_CHECK_FUNCS` is broken on a given platform we have bigger
+ problems than trying to build cURL. This should also be faster.
+
+ Bug: https://bugs.gentoo.org/932827
+ Reviewed-By: Eli Schwartz <eschwartz93@gmail.com>
+ Closes #13830
+
+Jay Satiro (30 May 2024)
+
+- cf-socket: improve SO_SNDBUF update for Winsock
+
+ - Rename: Curl_sndbufset => Curl_sndbuf_init
+
+ - Rename: win_update_buffer_size => win_update_sndbuf_size
+
+ - Save the last set SO_SNDBUF size to compare against so that we can
+ avoid setsockopt calls every second.
+
+ This is a follow-up to 0b520e12 which moved the SO_SNDBUF update check
+ into cf-socket. This change improves it further by making the function
+ names easier to understand and reducing the amount of setsockopt calls.
+
+ Closes https://github.com/curl/curl/pull/13827
+
+Viktor Szakats (30 May 2024)
+
+- tidy-up: use consistent casing for Windows directories
+
+ C:\Windows\System32
+
+ Closes #13832
+
+- GHA: use ubuntu-latest with OmniOS job
+
+ It's the same as ubuntu-22.04.
+
+ Also update OmniOS package search link.
+
+ Closes #13831
+
+Ayesh Karunaratne (30 May 2024)
+
+- GHA: adjust parallel job counts
+
+ Adjusts the `make -j` flag to match the latest GitHub-hosted runner
+ hardware specs[^1]:
+
+ - `ubuntu-latest` on 4 CPU cores
+ - `macos-latest` on 3 CPU cores
+
+ The processor count is ideally obtained from `nproc`, but setting env
+ vars from the current CI yaml files is not possible because they expect
+ literal strings.
+
+ [^1]: https://docs.github.com/en/actions/using-github-hosted-runners/about-gi
+ thub-hosted-runners/about-github-hosted-runners#standard-github-hosted-runner
+ s-for-public-repositories
+
+ Closes #12927
+
+pszlazak (30 May 2024)
+
+- get.d: clarify the explanation
+
+ Closes #13706
+
+Daniel Stenberg (30 May 2024)
+
+- curl_url_set.md: libcurl only parses :// URLs
+
+ Make it clearer in the documentation.
+
+ Closes #13821
+
+Stefan Eissing (30 May 2024)
+
+- multi: fix multi_wait() timeout handling
+
+ - determine the actual poll timeout *after* all sockets
+ have been collected. Protocols and connection filters may
+ install new timeouts during collection.
+ - add debug logging to test1533 where the mistake was noticed
+
+ Reported-by: Matt Jolly
+ Fixes #13782
+ Closes #13825
+
+Viktor Szakats (29 May 2024)
+
+- lib: prefer `var = time(NULL)` over `time(&var)`
+
+ Following up on previous occurrences showing up as gcc warnings, replace
+ the remaining `time(&var)` calls with `var = time(NULL)`, though these
+ aren't specifically causing compiler warnings. These are in the TFTP
+ client code (`lib/tftp.c`), except one which is in a debug branch in
+ `lib/http_aws_sigv4.c`.
+
+ What's unexplainable is that this patch seems to mitigate TFTP tests
+ often hanging or going into an infinite loop on GHA windows workflows
+ with MSYS2, mingw-w64 and MSVC (Cygwin is unaffected):
+ https://github.com/curl/curl/pull/13599#issuecomment-2119372376
+ TFTP hangs did not entirely disappear though, so could be unrelated.
+
+ `time()` docs:
+ https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/time-time32
+ -time64
+ https://manpages.debian.org/bookworm/manpages-dev/time.2.en.html
+
+ Follow-up to 58ca0a2f0743a586716ca357c382b29e3f08db69 #13800
+ Follow-up to d0728c9109629ee82b855b350a4c3f1f52ee61df #13643
+ Closes #13815
+
+Stefan Eissing (29 May 2024)
+
+- winsock: move SO_SNDBUF update into cf-socket
+
+ - Move the code that updates the SO_SNDBUF size for Windows to
+ cf_socket_send.
+
+ Prior to this change the code was in readwrite_upload but the socket
+ filter is the more appropriate place because it applies to all sends.
+
+ Background:
+
+ For Windows users SO_SNDBUF (the total per-socket buffer size reserved
+ by Winsock for sends) is updated dynamically by libcurl during the
+ transfer. This is because Windows does not do it automatically for
+ non-blocking sockets and without it the performance of large transfers
+ may suffer.
+
+ Closes https://github.com/curl/curl/pull/13763
+
+Jan Venekamp (29 May 2024)
+
+- sectransp: use common code for cipher suite lookup
+
+ Take advantage of the Curl_cipher_suite_walk_str() and
+ Curl_cipher_suite_get_str() functions introduced in commit fba9afe.
+
+ Closes #13521
+
+Matthias Gatto (29 May 2024)
+
+- aws-sigv4: url encode the canonical path
+
+ Refactors canon_query, so it could use the encoding part of the function
+ to use it in the path.
+
+ As the path doesn't encode '/', but encode '=', I had to add some
+ conditions to know If I was doing the query or path encoding.
+
+ Also, instead of adding a `bool in_path` variable, I use `bool
+ *found_equals` to know if the function was called for the query or path,
+ as found_equals is used only in query_encoding.
+
+ Test 472 verifies.
+
+ Reported-by: Alexander Shtuchkin
+ Fixes #13754
+ Closes #13814
+
+ Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
+
+Daniel Stenberg (29 May 2024)
+
+- cd2nroff: use an empty "##" to signal end of .IP sequence
+
+ Like when we list a series of options and then want to add "normal" text
+ again afterwards.
+
+ Without this, the indentation level wrongly continues even after the
+ final "##" header, making following text wrongly appear to belong to the
+ header above.
+
+ Adjusted several curldown files to use this.
+
+ Fixes #13803
+ Reported-by: Jay Satiro
+ Closes #13806
+
+vvb2060 (28 May 2024)
+
+- openssl: fix %-specifier in infof() call
+
+ Closes #13816
+
+Daniel Stenberg (28 May 2024)
+
+- curl: make warnings and other messages aware of terminal width
+
+ This removes unnecessary line wraps when the terminal is wider than 79
+ columns and it also makes messages look better in narrower terminals.
+
+ The get_terminal_columns() function is not split out into its own source
+ file.
+
+ Suggested-by: Elliott Balsley
+ Fixes #13804
+ Closes #13808
+
+Viktor Szakats (28 May 2024)
+
+- GHA: enable tests 1139, 1177, 1477 on Windows
+
+ These exclusions came from the AppVeyor CI config, but they do pass now
+ and they are static tests with no flakiness risk.
+
+ Follow-up to 0914d8aadddac0d1459673d5b7f77e8f3378b22b #13759
+ Closes #13817
+
+Dan Fandrich (28 May 2024)
+
+- CI: Improve labeler tag detection
+
+ Also, simplify patterns with a single glob.
+
+Viktor Szakats (28 May 2024)
+
+- GHA: disable TFTP tests in Windows jobs
+
+ Shot in the dark trying to find out which tests are
+ hanging / going to an infinite loop.
+
+ The ones failing after 45 minutes (mingw-w64) or 30 minutes (MSVC).
+
+ Ref: https://github.com/curl/curl/pull/13599#issuecomment-2119372376
+
+renovate[bot] (28 May 2024)
+
+- ci: update vmactions/omnios-vm digest to a61ca1e
+
+ Closes #13801
+
+Daniel Stenberg (28 May 2024)
+
+- openssl/gnutls: rectify the TLS version checks for QUIC
+
+ The versions check wrongly complained and return error if the *minimum*
+ version was set to something less than 1.3. QUIC is always TLS 1.3, but
+ that means minimum 1.2 is still fine to ask for.
+
+ This also renames the local variable to make the mistake harder to make
+ in the future.
+
+ Regression shipped in 8.8.0
+
+ Follow-up to 3210101088dfa3d6a125
+
+ Reported-by: fds242 on github
+ Fixes #13799
+ Closes #13802
+
+Stefan Eissing (28 May 2024)
+
+- gnutls: improve TLS shutdown
+
+ local ftp upload tests sometimes failed with an invalid TLS record being
+ reported by gnutls. vsftp did log that the shutdown was not regarded as
+ clean, failing the control connection thereafter.
+
+ These changes make test_31_05 work reliable locally.
+
+ - on closing the SSL filter, shutdown READ *and* WRITE
+ - on closing, try a receive after shutdown is sent
+ - convert to DEBUGF to CURL_TRC_CF
+
+ Closes #13790
+
+Daniel Stenberg (28 May 2024)
+
+- RELEASE-NOTES: synced
+
+- tests: run with "--trace-config all" to provide even more info
+
+ in case of problems.
+
+ Closes #13791
+
+Viktor Szakats (28 May 2024)
+
+- build: untangle `CURLDEBUG` and `DEBUGBUILD` macros
+
+ `CURLDEBUG` is meant to enable memory tracking, but in a bunch of cases,
+ it was protecting debug features that were supposed to be guarded with
+ `DEBUGBUILD`.
+
+ Replace these uses with `DEBUGBUILD`.
+
+ This leaves `CURLDEBUG` uses solely for its intended purpose: to enable
+ the memory tracking debug feature.
+
+ Also:
+ - autotools: rely on `DEBUGBUILD` to enable `checksrc`.
+ Instead of `CURLDEBUG`, which worked in most cases because debug
+ builds enable `CURLDEBUG` by default, but it's not accurate.
+ - include `lib/easyif.h` instead of keeping a copy of a declaration.
+ - add CI test jobs for the build issues discovered.
+
+ Ref: https://github.com/curl/curl/pull/13694#issuecomment-2120311894
+ Closes #13718
+
+- examples: delete unused includes
+
+ Delete a bunch of unnecessary-looking headers from some examples. This
+ is known to be tricky on AIX (perhaps also in other less-tested envs).
+
+ Let me know if any of this looks incorrect or outright fails on some
+ systems.
+
+ Follow-up to d4b85890555388bec212b75f47a5c1a48705b156 #13771
+ Closes #13785
+
+- appveyor: fixup job name [ci skip]
+
+ Follow-up to fc8e0dee3045658f293452121f5290d81ba3aa1e #13694
+
+- cmake: fix `-Wredundant-decls` in unity/mingw-w64/gcc/curldebug/DLL builds
+
+ It affected cmake-unity shared-curltool curldebug mingw-w64 gcc builds
+ when building the `testdeps` target.
+
+ Apply the solution already used in `lib/base64.c` and `lib/dynbuf.c`
+ to fix it.
+
+ Also update an existing GHA CI job to test the issue fixed.
+
+ ```
+ In file included from curl/lib/version_win32.c:35,
+ from curl/_bld/src/CMakeFiles/curl.dir/Unity/unity_0_c.c:145
+ :
+ curl/lib/memdebug.h:52:14: error: redundant redeclaration of 'curl_dbg_logfil
+ e' [-Werror=redundant-decls]
+ 52 | extern FILE *curl_dbg_logfile;
+ | ^~~~~~~~~~~~~~~~
+ In file included from curl/src/slist_wc.c:32,
+ from curl/_bld/src/CMakeFiles/curl.dir/Unity/unity_0_c.c:4:
+ curl/lib/memdebug.h:52:14: note: previous declaration of 'curl_dbg_logfile' w
+ ith type 'FILE *' {aka 'struct _iobuf *'}
+ 52 | extern FILE *curl_dbg_logfile;
+ | ^~~~~~~~~~~~~~~~
+ curl/lib/memdebug.h:55:44: error: redundant redeclaration of 'curl_dbg_malloc
+ ' [-Werror=redundant-decls]
+ 55 | CURL_EXTERN ALLOC_FUNC ALLOC_SIZE(1) void *curl_dbg_malloc(size_t siz
+ e,
+ | ^~~~~~~~~~~~~~~
+ curl/lib/memdebug.h:55:44: note: previous declaration of 'curl_dbg_malloc' wi
+ th type 'void *(size_t, int, const char *)' {aka 'void *(long long unsigned
+ int, int, const char *)'}
+ 55 | CURL_EXTERN ALLOC_FUNC ALLOC_SIZE(1) void *curl_dbg_malloc(size_t siz
+ e,
+ | ^~~~~~~~~~~~~~~
+ [...]
+ curl/lib/memdebug.h:110:17: error: redundant redeclaration of 'curl_dbg_fclos
+ e' [-Werror=redundant-decls]
+ 110 | CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *sou
+ rce);
+ | ^~~~~~~~~~~~~~~
+ curl/lib/memdebug.h:110:17: note: previous declaration of 'curl_dbg_fclose' w
+ ith type 'int(FILE *, int, const char *)' {aka 'int(struct _iobuf *, int, c
+ onst char *)'}
+ 110 | CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *sou
+ rce);
+ | ^~~~~~~~~~~~~~~
+ ```
+ Ref: https://ci.appveyor.com/project/curlorg/curl/builds/49840554/job/a4aoet1
+ 7e9qnqx1a#L362
+
+ After: https://ci.appveyor.com/project/curlorg/curl/builds/49843735/job/hbo2u
+ ah2vj0ns523
+
+ Ref: #13689 (CI testing this PR with `DEBUGBUILD`/`CURLDEBUG`/shared-static c
+ ombinations)
+ Depends-on: #13694
+ Depends-on: #13800
+ Closes #13705
+
+- lib: fix gcc warning in certain debug builds
+
+ ```
+ curl/lib/http_aws_sigv4.c:536:10: error: 'clock' may be used uninitialized [-
+ Werror=maybe-uninitialized]
+ 536 | time_t clock;
+ | ^~~~~
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9158755123/job/25177765000#ste
+ p:13:79
+
+ Cherry-picked from #13718
+ Closes #13800
+
+- cmake: always build unit tests with the `testdeps` target
+
+ Before this patch, the `testdeps` build target required `-DCURLDEBUG`
+ be set either via `ENABLE_DEBUG=ON` or `ENABLE_CURLDEBUG=ON` to build
+ the curl unit tests.
+
+ After fixing build issues in #13694, we can drop this requirement and
+ build unit tests unconditionally.
+
+ Depends-on: #13694
+ Depends-on: #13697 (fix unit test issue revealed by Old Linux CI job)
+ Follow-up to 39e7c22bb459c2e818f079984989a26a09741860 #11446
+ Closes #13698
+
+- CI: disable dependency tracking in most autotools builds
+
+ For better build performance. Dependency tracking causes a build
+ overhead while compiling to help a subsequent build, but in CI there is
+ never one and the extra work is discarded.
+
+ Closes #13794
+
+- build: untangle `UNITTESTS` and `DEBUGBUILD` macros
+
+ - fix `DEBUGBUILD` guards that should be `UNITTESTS`, in libcurl code
+ used by unit tests.
+ - fix guards for libcurl functions used in unit tests only.
+ - sync `UNITTEST` attribute between declarations and definitions.
+ - drop `DEBUGBUILD` guard from test `unit2600`.
+ - fix guards for libcurl HSTS code used by both a unit test (`unit1660`)
+ and `test0446`.
+ - update an existing AppVeyor CI job to test the issues fixed.
+
+ This fixes building tests with `CURLDEBUG` enabled but `DEBUGBUILD`
+ disabled. This can happen when building tests with CMake with
+ `ENABLE_DEBUG=ON` in Release config, or with `ENABLE_CURLDEBUG=ON`
+ and _without_ `ENABLE_DEBUG=ON`. Possibly also with autotools
+ when using `--enable-curldebug` without `--enable-debug`.
+
+ Test results:
+ - before:
+ https://ci.appveyor.com/project/curlorg/curl/builds/49835609
+ https://ci.appveyor.com/project/curlorg/curl/builds/49898529/job/k8qpbs8idb
+ y70smw
+ https://github.com/curl/curl/actions/runs/9259078835/job/25470318167?pr=137
+ 98#step:13:821
+ - after: https://ci.appveyor.com/project/curlorg/curl/builds/49839255
+ (the two failures are unrelated, subject to PR #13705)
+
+ Ref: #13592 (issue discovery)
+ Ref: #13689 (CI testing this PR with `DEBUGBUILD`/`CURLDEBUG` combinations)
+ Closes #13694
+
+- GHA: ignore flaky MQTT and FTP test results [ci skip]
+
+ MQTT / OmniOS:
+ ```
+ TESTFAIL: These test cases failed: 1190 1198 3017
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9258522297/job/25468730731?pr=
+ 13694#step:3:10251
+
+ MQTT / OmniOS:
+ ```
+ TESTFAIL: These test cases failed: 1194 2200 2203 2205
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9150523540/job/25155409832#ste
+ p:3:10233
+
+ FTP / OmniOS:
+ ```
+ TESTFAIL: These test cases failed: 1096
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9150702711/job/25155793948#ste
+ p:3:10247
+
+ FTP / OmniOS:
+ ```
+ TESTFAIL: These test cases failed: 381
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9163863822/job/25193897640#ste
+ p:3:10230
+
+ FTP / OmniOS:
+ ```
+ TESTFAIL: These test cases failed: 340
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9233804752/job/25406671742?pr=
+ 13771#step:3:10245
+
+ Ref: https://github.com/curl/curl/pull/13583#issuecomment-2119376898
+
+- CI: tidy up skipping tests build/run in Windows jobs
+
+ Simplify controlling whether to build and/run tests in a CI job.
+
+ Apply the TFLAGS='skipall' (do not build nor run tests) or
+ 'skiprun' (build, but do not run) method already used with old-mingw-w64
+ and msvc jobs to existing Windows jobs in GHA and AppVeyor.
+
+ Also:
+ - add Cygwin/cmake test build and run steps while here.
+ - replace `DISABLED_TESTS` with `TFLAGS` in AppVeyor.
+
+ Closes #13796
+
+- cmake: use `APPLE` instead of `CMAKE_SYSTEM_NAME` string
+
+ Follow-up to a86254b39307af1a53735b065a382567805cd9b8 #12515
+ Closes #13713
+
+- cmake: whitespace, formatting/tidy-up in comments
+
+ Also correct casing in a few option descriptions.
+
+ Closes #13711
+
+- cmake: allow `ENABLE_CURLDEBUG=OFF` with `ENABLE_DEBUG=ON`
+
+ Before this patch, `ENABLE_CURLDEBUG` (memory tracking) was
+ unconditionally enabled when `ENABLE_DEBUGBUILD` was set. This made
+ testing some build configurations complicated. To fix it, this patch
+ makes `ENABLE_CURLDEBUG` to receive the value of `ENABLE_DEBUG` by
+ default, while allowing free override by the user.
+
+ This allows to use the config:
+ `ENABLE_DEBUGBUILD=ON ENABLE_CURLDEBUG=OFF`
+ to enable debug features, without also enabling memory tracking.
+
+ This is important because some other build methods allow to set one of
+ these features but not the other. This patch allows to test any
+ combination with CMake.
+
+ This makes it unnecessary to use the workaround of passing
+ `-DDEBUGBUILD` via `CMAKE_C_FLAGS`. Which has the disadvantage that our
+ CMake logic cannot easily detect it, e.g. for disabling symbol hiding on
+ Windows for `ENABLE_DEBUG`/`DEBUGBUILD` builds.
+
+ Cherry-picked from #13718
+ Closes #13792
+
+- cmake: `ENABLE_DEBUG=ON` to always set `-DDEBUGBUILD`
+
+ Before this patch `ENABLE_DEBUG=ON` always enabled the TrackMemory
+ (aka `ENABLE_CURLDEBUG=ON`) feature, but required the `Debug` CMake
+ configration to actually enable curl debug features
+ (aka `-DDEBUGBUILD`).
+
+ Curl debug features do not require compiling with C debug options. This
+ also made enabling debug features unintuitive and complicated to use.
+ Due to other issues (subject to PR #13694) it also caused an error in
+ default (and `Release`/`MinSizeRel`/`RelWithDebInfo`) configs, when
+ building the `testdeps` target:
+ ```
+ ld: CMakeFiles/unit1395.dir/unit1395.c.o: in function `test':
+ unit1395.c:(.text+0x1a0): undefined reference to `dedotdotify'
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9037287098/job/24835990826#ste
+ p:3:2483
+
+ Fix it by always defining `DEBUGBUILD` when setting `ENABLE_DEBUG=ON`.
+ Decoupling this option from the selected CMake configuration.
+
+ Note that after this patch `ENABLE_DEBUG=ON` unconditionally enables
+ curl debug features. These features are insecure and unsuited for
+ production. Make sure to omit this option when building for production
+ in default, `Release` (and other not-`Debug`) modes.
+
+ Also delete a workaround no longer necessary in GHA CI jobs.
+
+ Ref: 1a62b6e68c08c7e471ff22dd92932aba7e026817 (2015-03-03)
+ Ref: #13583
+ Closes #13592
+
+- GHA: add autotools mingw-64, build-only job
+
+ Cherry-picked from #13718
+ Closes #13793
+
+- GHA: add three MSVC jobs
+
+ Continuing the theme, add 3 MSVC jobs with tests, matching
+ configurations used on AppVeyor. MSVC versions are identical:
+ 19.39.33523.0 + Windows SDK 10.0.22621.0.
+
+ Also enable websockets, and build examples. Tests are run in parallel
+ (`-j14`), with improved performance.
+
+ Job performance:
+ ```
+ AppVeyor GHA
+ w/examples
+ -------- ----------
+ CMake, VS2022, Debug, x64, Schannel, Static, Unicode 38m 4s 11m57s
+ CMake, VS2022, Debug, x64, no SSL, Static 35m15s 12m 6s
+ CMake, VS2022, Debug, x64, no SSL, Static, HTTP only 25m25s 10m36s
+ ```
+ Based on these runs:
+ https://ci.appveyor.com/project/curlorg/curl/builds/49884748
+ https://github.com/curl/curl/actions/runs/9229448468
+
+ This is the first time examples are built in CI with MSVC: Fix all
+ warnings and errors that came up via
+ d4b85890555388bec212b75f47a5c1a48705b156 #13771.
+
+ Closes #13766
+
+- GHA: add three old (gcc 6, 7, 9) mingw-w64 jobs
+
+ Re-implement old mingw-w64 jobs in GHA. This allows to use the latest
+ Windows runners, replacing Windows Server 2012 R2 (gcc 6) and Windows
+ Server 2016 (gcc 7, 9) with Windows Server 2022.
+
+ GHA runners are also significantly faster, and allow running tests in
+ parallel (`-j14`). It also offloads 3 more long-running jobs from
+ AppVeyor CI.
+
+ These jobs download (then cache) the mingw-w64 packages from their
+ original location, which allows flexibility in choosing which versions
+ and flavours (win32/POSIX, SEH/DWARF, 64/32-bit) we want to test in CI.
+ The new jobs use these distros:
+ - https://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20
+ Win64/Personal%20Builds/mingw-builds/ (for gcc 7, same as on AppVeyor)
+ - https://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20
+ Win32/Personal%20Builds/mingw-builds/ (for gcc 6, same as on AppVeyor)
+ - https://winlibs.com/ (for gcc 9)
+
+ I matched existing AppVeyor job configs, with these differences:
+ - gcc 6.4.0 instead of 6.3.0.
+ (same distro as on AppVeyor, but the latest bugfix release)
+ - gcc 9.5.0 instead of 9.1.0 and a different (but compatible) binary distro.
+ (in AppVeyor this relies on an old MSYS2 pre-installed on the runner)
+ - using win32 builds instead of posix for gcc 6.4.0 and 7.3.0.
+ - websockets enabled.
+ - always build examples.
+ - always build tests (this wasn't done for 6.4.0 with AppVeyor CI).
+
+ I did not replicate existing test exclusions, and oddly enough the few
+ failures (so far) were different from MSYS2 jobs and also from their
+ AppVeyor CI counterparts.
+
+ Also:
+ - delete redundant (default) `-u` option from `cygpath` calls.
+ - allow matrix options to override default ones in CMake.
+ - detect and use Windows-supplied curl for `TFLAGS` `-ac` option.
+ (it's available in modern runners.)
+ - delete the 3 AppVeyor CI jobs now replicated in GHA.
+ - appveyor: prefer `SYSTEMROOT` over `WINDIR`.
+ - tidy-up quotes.
+
+ Job performance:
+ ```
+ AppVeyor GH
+ A
+ w/
+ examples
+ w/
+ tests
+ -------- --
+ --------
+ CMake, mingw-w64, gcc 6, Debug, x86, Schannel, Static, no-unity 1m25s 8
+ m50s
+ CMake, mingw-w64, gcc 7, Debug, x64, Schannel, Static, Unicode 31m45s 9
+ m39s
+ CMake, mingw-w64, gcc 9, Debug, x64, Schannel, Static 28m25s 13
+ m38s
+ ```
+ Based on these runs:
+ https://ci.appveyor.com/project/curlorg/curl/builds/49880799
+ https://github.com/curl/curl/actions/runs/9218292508
+
+ Notice that building examples and tests is time consuming.
+
+ We can tweak any build parameter as necessary to make them more useful
+ and/or without clogging the job queue or introducing flakiness.
+
+ Closes #13759
+
+Daniel Stenberg (27 May 2024)
+
+- TODO: remove some old, clarify, add something
+
+ Closes #13788
+
+- TODO: Add "Share CA cache" + "CA caching to more TLS backends"
+
+ Closes #13787
+
+Viktor Szakats (26 May 2024)
+
+- runtests: sort test IDs in summary lines
+
+ Changing this output:
+ ```
+ TESTFAIL: These test cases failed: 2301 2303 2302 2307
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9228638364/job/25393106631#ste
+ p:6:21181
+
+ To:
+ ```
+ TESTFAIL: These test cases failed: 2301 2302 2303 2307
+ ```
+
+ Cherry-picked from #13766
+ Closes #13774
+
+- examples: fix compiling with MSVC
+
+ - `websocket.c`: use `Sleep()` on Windows.
+ `sleep()` and `unistd.h` are not available in MSVC.
+
+ - `http2-upload.c`: use local `gettimeofday()` implementation when
+ compiled with MSVC.
+ (Alternate solution is to disable the trace function for MSVC.)
+ Public domain code copied and adapted from libssh2:
+ https://github.com/libssh2/libssh2/blob/e973493f992313b3be73f51d3f7ca6d52e2
+ 88558/src/misc.c#L719-L743
+
+ - silence compiler warning for deprecated `inet_addr()`.
+ Also drop duplicate winsock2 include.
+ ```
+ curl\docs\examples\externalsocket.c(125,32): error C2220: the following war
+ ning is treated as an error [curl\bld\docs\examples\curl-example-externalsock
+ et.vcxproj]
+ curl\docs\examples\externalsocket.c(125,32): warning C4996: 'inet_addr': Us
+ e inet_pton() or InetPton() instead or define _WINSOCK_DEPRECATED_NO_WARNINGS
+ to disable deprecated API warnings [curl\bld\docs\examples\curl-example-e
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9227337318/job/25389073450#s
+ tep:4:95
+
+ - silence an MSVC compiler warning. This is in conflict with `checksrc`
+ rules, so silence the rule in favour of the warning-free C syntax.
+ ```
+ curl\docs\examples\multi-legacy.c(152,1): error C2220: the following warnin
+ g is treated as an error [curl\bld\docs\examples\curl-example-multi-legacy.vc
+ xproj]
+ curl\docs\examples\multi-legacy.c(152,1): warning C4706: assignment within
+ conditional expression [curl\bld\docs\examples\curl-example-multi-legacy.vcxp
+ roj]
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9227337318/job/25389073450#s
+ tep:4:226
+
+ - do not use `sys/time.h` and `unistd.h` in Windows builds.
+ Some of these includes look unnecessary. Subject to another PR.
+
+ Cherry-picked from #13766
+ Closes #13771
+
+Jonathan Matthews (26 May 2024)
+
+- docs/cmdline-opts: fix mail-auth example TLD typo
+
+ Closes: #13784
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
+
+Daniel Stenberg (26 May 2024)
+
+- libssh: remove CURLOPT_SSL_VERIFYHOST check
+
+ It was never meant for SSH: it should rely on the knownhosts file (if
+ set) in the same way libssh2 already does.
+
+ Reported-by: James Abbatiello
+ Fixes #13767
+ Closes #13781
+
+Stefan Eissing (26 May 2024)
+
+- multi: add multi->proto_hash, a key-value store for protocol data
+
+ - add `Curl_hash_add2()` that passes a destructor function for
+ the element added. Call element destructor instead of hash
+ destructor if present.
+ - multi: add `proto_hash` for protocol related information,
+ remove `struct multi_ssl_backend_data`.
+ - openssl: use multi->proto_hash to keep x509 shared store
+ - schannel: use multi->proto_hash to keep x509 shared store
+ - vtls: remove Curl_free_multi_ssl_backend_data() and its
+ equivalents in the TLS backends
+
+ Closes #13345
+
+Jan Venekamp (25 May 2024)
+
+- tests: add pytest for --ciphers and --tls13-ciphers options
+
+ Closes #13530
+
+Orgad Shaneh (25 May 2024)
+
+- tool_operate: avoid explicitly setting verifypeer to 1
+
+ Also for the proxy verison. It is the default, just like verifyhost,
+ since a long time.
+
+ Closes #13704
+
+- tests: extend user/password parsing test1620
+
+ Closes #13756
+
+Alejandro R. Sedeño (25 May 2024)
+
+- configure: use `$EGREP` in place of `grep -E`
+
+ `$EGREP` is set based on an earlier test in configure so that we can
+ work with systems that have `egrep` and a `grep` that does not support
+ `-E`.
+
+ Closes #13780
+
+renovate[bot] (25 May 2024)
+
+- ci: update dependency awslabs/aws-lc to v1.28.0
+
+ Closes #13770
+
+Jan Venekamp (25 May 2024)
+
+- tests: test_17_ssl_use.py clarify mbedtls TLSv1.3 support
+
+ Closes #13779
+
+Stefan Eissing (25 May 2024)
+
+- http: write last header line late
+
+ - HEADERFUNCTIONS might inspect response properties like
+ CURLINFO_CONTENT_LENGTH_DOWNLOAD_T on seeing the last header line. If
+ the line is being written before this is initialized, values are not
+ available.
+
+ - write the last header line late when analyzing a HTTP response so that
+ all information is available at the time of the writing.
+
+ - add test1485 to verify that CURLINFO_CONTENT_LENGTH_DOWNLOAD_T works
+ on seeing the last header.
+
+ Fixes #13752
+ Reported-by: Harry Sintonen
+ Closes #13757
+
+Dan Fandrich (24 May 2024)
+
+- tests: use exec when spawning nghttpx
+
+ This stops keeping perl and shell processes around that are no longer
+ needed, plus it eliminates an unneeded shell message when the server is
+ later terminated.
+
+ Closes #13772
+
+Viktor Szakats (24 May 2024)
+
+- GHA: ignore flaky test 3017 (MQTT) on OpenBSD
+
+ ```
+ TESTFAIL: These test cases failed: 3017
+ ```
+ Ref: https://github.com/curl/curl/actions/runs/9223543272/job/25376999226?pr=
+ 13759#step:3:16326
+ Ref: https://github.com/curl/curl/actions/runs/9230183764/job/25397883193?pr=
+ 13766#step:3:16345
+
+ Ref: https://github.com/curl/curl/pull/13583#issuecomment-2119376898
+
+Joseph Chen (24 May 2024)
+
+- build: add more supported attributes to the IAR compiler
+
+ Closes #13744
+
+Viktor Szakats (24 May 2024)
+
+- cmake: fix test 1013 with websockets enabled and no TLS
+
+ test 1013 is 'Compare curl --version with curl-config --protocols'.
+
+ Ref: https://github.com/curl/curl/actions/runs/9228363859/job/25392251955
+
+ Closes #13769
+
+- GHA: stop deleting curl in non-native workflows
+
+ We do it in Cirrus CI, but for some platforms it's not possible to
+ delete it and tests work anyway.
+
+ The test runner also runs `../src/curl` by default, which is always the
+ one freshly built. The runner may also need the system curl to talk to
+ APIs when needed.
+
+ Also:
+ - stop setting `CURL` env. This isn't picked up by the runners,
+ and works out of the box anyway.
+ - quote an option just in case.
+
+ Follow-up to 90e644f944969bb11c6448bf50c6d441b5c0b1e6 #13583
+ Closes #13765
+
+Jay Satiro (24 May 2024)
+
+- openssl: stop duplicate ssl key logging for legacy OpenSSL
+
+ - Don't call the keylog function if it has already logged the key.
+
+ For old OpenSSL versions and its forks that do not have support for
+ OpenSSL's keylog callback, libcurl has its own legacy key logging
+ function that logs the TLS 1.2 (and earlier) key (client random + master
+ key) on a single line.
+
+ Prior to this change, since e7de80e8 (precedes 8.8.0), the legacy key
+ logging function could write the same key line more than once (usually
+ twice) due to some incorrect logic.
+
+ Closes https://github.com/curl/curl/pull/13683
+
+Stefan Eissing (24 May 2024)
+
+- transfer: remove curl_upload_refill_watermark, no longer used
+
+ the define applied to upload buffers which we removed
+
+ Closes #13764
+
+Daniel Stenberg (24 May 2024)
+
+- RELEASE-NOTES: synced
+
+Viktor Szakats (24 May 2024)
+
+- cmake: fix brotli lib order
+
+ Fix root cause that caused missing symbols when linking brotli
+ statically with e.g. binutils `ld` (and any other "picky" linker,
+ or "traditional" linker as CMake now calls them).
+
+ Also drop existing workaround that added brotli libs twice to the lib
+ list.
+
+ ```
+ x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(decode.c.o
+ bj):decode.c:(.text$ProcessCommands[ProcessCommands]+0xbb5): undefined refere
+ nce to `BrotliTransformDictionaryWord'
+ x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(decode.c.o
+ bj):decode.c:(.text$SafeProcessCommands[SafeProcessCommands]+0xe8a): undefine
+ d reference to `BrotliTransformDictionaryWord'
+ x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(decode.c.o
+ bj):decode.c:(.rdata$.refptr._kBrotliContextLookupTable[.refptr._kBrotliConte
+ xtLookupTable]+0x0): undefined reference to `_kBrotliContextLookupTable'
+ x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(decode.c.o
+ bj):decode.c:(.rdata$.refptr._kBrotliPrefixCodeRanges[.refptr._kBrotliPrefixC
+ odeRanges]+0x0): undefined reference to `_kBrotliPrefixCodeRanges'
+ x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(state.c.ob
+ j):state.c:(.text$BrotliDecoderStateInit[BrotliDecoderStateInit]+0x21): undef
+ ined reference to `BrotliDefaultAllocFunc'
+ x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(state.c.ob
+ j):state.c:(.text$BrotliDecoderStateInit[BrotliDecoderStateInit]+0x2f): undef
+ ined reference to `BrotliDefaultFreeFunc'
+ x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(state.c.ob
+ j):state.c:(.text$BrotliDecoderStateInit[BrotliDecoderStateInit]+0x10e): unde
+ fined reference to `BrotliSharedDictionaryCreateInstance'
+ x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(state.c.ob
+ j):state.c:(.text$BrotliDecoderStateCleanup[BrotliDecoderStateCleanup]+0xf4):
+ undefined reference to `BrotliSharedDictionaryDestroyInstance'
+ collect2: error: ld returned 1 exit status
+ ```
+
+ Breakage reproducible with curl-for-win config "`win-gcc`" and deleting
+ the `LDFLAGS+=' -Wl,--start-group'` line from its `curl.sh` script.
+ (Above line still required for some non-brotli cases, e.g. libssh2 and
+ zlib.)
+
+ Assisted-by: Kai Pastor
+ Ref: https://github.com/curl/curl/pull/10857#discussion_r1611714989
+ Follow-up to 1e3319a167d2f32d295603167486e9e88af9bb4e #10857
+ Closes #13761
+
+Pavel Pavlov (24 May 2024)
+
+- cmake: fix building in unity mode
+
+ - Fix sha256 and sha512 duplicate macro names (eg function-like macro Ch
+ is now Sha256_Ch and Sha512_Ch).
+
+ - Avoid defining short defines like R, S. (eg S is now Sha256_S).
+
+ Closes https://github.com/curl/curl/pull/13751
+
+Jay Satiro (24 May 2024)
+
+- winbuild: remove outdated WIN32 defines
+
+ - Remove all instances in the makefile of compiler option /DWIN32.
+
+ This is a follow-up to e9a7d4a1 which replaced all defined(WIN32) checks
+ with defined(_WIN32) in the codebase, since only the latter is
+ automatically defined by all compilers for Windows builds.
+
+ Bug: https://github.com/curl/curl/pull/13739#issuecomment-2123937859
+ Reported-by: Viktor Szakats
+
+ Closes https://github.com/curl/curl/pull/13742
+
+renovate[bot] (24 May 2024)
+
+- ci: update github/codeql-action digest to 9fdb3e4
+
+ Closes #13726
+
+Pavel Pavlov (23 May 2024)
+
+- asyn-thread: avoid using GetAddrInfoExW with impersonation
+
+ Multiple reports suggest that GetAddrInfoExW fails when impersonation is
+ used. This PR checks if thread is impersonating and avoids using
+ GetAddrInfoExW api.
+
+ Reported-by: Keerthi Timmaraju
+ Assisted-by: edmcln on github
+ Fixes #13612
+ Closes #13738
+
+Stefan Eissing (23 May 2024)
+
+- transfer: conn close on paused upload
+
+ - add 2 variations on test_07_42 which PAUSEs uploads
+ and response connections terminating either right away
+ or after the 100-continue response
+ - when detecting the connection being closed in transfer.c
+ readwrite_data(), clear ALL send bits in data->req.keepon.
+ It no longer makes send to wait for a KEEP_SEND_PAUSE or HOLD.
+ - in the protocol client writer add the check for incomplete
+ response bodies. When an EOS is seen and the length is known,
+ check that and fail if bytes are missing.
+
+ Reported-by: Sergey Bronnikov
+ Fixes #13740
+ Closes #13750
+
+- CI GHA: add vsftpd to ngtcp2-linux runs
+
+ - not using HTTP/3, but gnutls does not seem to run
+ somewhere else right now
+
+ Closes #13760
+
+Orgad Shaneh (23 May 2024)
+
+- GHA: increase timeout for Cygwin autotools build tests step
+
+ Apparently 10 minutes are not (always) enough:
+ https://github.com/curl/curl/actions/runs/9197003907/job/25296439556#step:8:1
+ 936
+
+ Closes #13753
+
+Stefan Eissing (22 May 2024)
+
+- mbedtls: send close-notify on close
+
+ - send the TLS close notify message when cloding down
+ the mbedtls connection filter
+ - this is a "least" effort version and, as other TLS filters,
+ is lacking a graceful send/receive/timeout for a really
+ clean shutdown.
+
+ Closes #13745
+
+- mbedtls: check version for cipher id
+
+ mbedtls_ssl_get_ciphersuite_id_from_ssl() seems to have been added in
+ mbedtls 3.2.0. Check for that version.
+
+ Closes #13749
+
+Viktor Szakats (22 May 2024)
+
+- cmake: fix building with both md4 and md5 in unity mode
+
+ Macro and static function names were colliding between
+ `lib/md4.c` and
+ `lib/md5.c`.
+
+ Fix it by namespacing these symbols.
+
+ Seen with a basic macOS build using these options:
+ `-DCMAKE_UNITY_BUILD=ON -DCURL_USE_SECTRANSP=ON`
+
+ Closes #13737
+
+Daniel Stenberg (22 May 2024)
+
+- docs/Makefile.am: make curl-config.1 install
+
+ on "make install" like it should
+
+ Follow-up to 60971d665b9b1df87082
+
+ Closes #13741
+
+dependabot[bot] (22 May 2024)
+
+- GHA: bump actions/checkout from 4.1.4 to 4.1.6
+
+ Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.4 to 4
+ .1.6.
+ - [Release notes](https://github.com/actions/checkout/releases)
+ - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
+ - [Commits](https://github.com/actions/checkout/compare/0ad4b8fadaa221de15dce
+ c353f45205ec38ea70b...a5ac7e51b41094c92402da3b24376905380afc29)
+
+ ---
+ updated-dependencies:
+ - dependency-name: actions/checkout
+ dependency-type: direct:production
+ update-type: version-update:semver-patch
+ ...
+
+ Signed-off-by: dependabot[bot] <support@github.com>
+
+ Closes #13720
+
+Stefan Eissing (22 May 2024)
+
+- pytest: add ftp upload tests
+
+ - refs #13556
+ - allow anon uploads on vsftpd test server
+ - add test_30_05 for plain upload of 1k, 100k, 1m
+ - add test_31_05 for SSL upload of 1k, 100k, 1m
+ - verify file size and contents
+
+ Closes #13734
+
+- test: add test1546, chunked not last transfer encoding
+
+ with more than one transfer-encoding, 'chunked' must be the last added
+ to the writer stack (and therefore the first to decode). RFC 9112, ch.
+ 6.1.
+
+ Closes #13736
+
+- test: add test1484, for HEAD with content
+
+ - test HEAD request with 'Transfer-Encoding:chunked' and
+ non-encoded response content
+ - verifies #13725
+
+ Closes #13735
+
+Daniel Stenberg (22 May 2024)
+
+- RELEASE-NOTES: synced
+
+ bump to 8.8.1 for now
+
+Viktor Szakats (22 May 2024)
+
+- (lib)curl.rc: set debug flag also for `CURLDEBUG` and `UNITTESTS`
+
+ These macros also enable debug features in both libcurl and curl.
+ Enable `VS_FF_DEBUG` version resource flag when they are set.
+
+ Closes #13730
+
+Jay Satiro (22 May 2024)
+
+- winbuild: fix PE version info debug flag
+
+ - Only set PE file flag VS_FF_DEBUG if curl.exe and libcurl.dll were
+ built with winbuild option DEBUG=yes which builds with debug info.
+
+ VS_FF_DEBUG is a PE flag (Portable Executable file flag - dll, exe, etc)
+ that indicates the file contains or was built with debug info.
+
+ Prior to this change when winbuild was used to build curl, curl.exe
+ and libcurl.dll always had VS_FF_DEBUG set, regardless of build option
+ DEBUG=yes/no, due to some bad logic.
+
+ Closes https://github.com/curl/curl/pull/13739
+
Version 8.8.0 (22 May 2024)
Daniel Stenberg (22 May 2024)
@@ -5972,4738 +11730,3 @@ Daniel Stenberg (5 Feb 2024) - THANKS: add Dmitry Tretyakov
... since I missed to give credit to the report in the fix of #12861
-
-Stefan Eissing (5 Feb 2024)
-
-- openssl-quic: check on Windows that socket conv to int is possible
-
- Fixes #12861
- Closes #12865
-
-Daniel Stenberg (5 Feb 2024)
-
-- tool_cb_hdr: only parse etag + content-disposition for 2xx
-
- ... and ignore them for other response codes.
-
- Reported-by: Harry Sintonen
- Closes #12866
-
-- md4: include strdup.h for the memdup proto
-
- Reported-by: Erik Schnetter
- Fixes #12849
- Closes #12863
-
-Joel Depooter (5 Feb 2024)
-
-- docs: add missing slashes to SChannel client certificate documentation
-
- When setting the CURLOPT_SSLCERT option to a certificate thumprint, it
- is required to have a backslash between the "store location", "store
- name" and "thumbprint" tokens. These slashes were present in the
- previous documentation, but were missed in the transition to markdown
- documentation.
-
- Closes #12854
-
-Stefan Eissing (5 Feb 2024)
-
-- HTTP/2: write response directly
-
- - use the new `Curl_xfer_write_resp()` to write incoming responses
- directly to the client
- - eliminates `stream->recvbuf`
- - memory consumption on parallel transfers minimized
-
- Closes #12828
-
-Daniel Stenberg (5 Feb 2024)
-
-- cookie.md: provide an example sending a fixed cookie
-
- Closes #12868
-
-Lars Kellogg-Stedman (5 Feb 2024)
-
-- ALTSVC.md: correct a typo
-
- The ALPN documentation erroneously referred to a "host number" instead
- of a "port number".
-
- Closes #12852
-
-Boris Verkhovskiy (5 Feb 2024)
-
-- proxy1.0.md: fix example
-
- Closes #12856
-
-Chris Webb (5 Feb 2024)
-
-- configure: add --disable-docs flag
-
- Building man pages from curldown sources now requires perl. Add a
- --disable-docs flag to configure to enable building and installing
- without documentation where perl is not available or man pages are not
- required. This is selected automatically (with a warning) when perl is
- not found by configure.
-
- Fixes #12832
- Closes #12857
-
-Faraz Fallahi (5 Feb 2024)
-
-- connect.c: fix typo
-
- Closes #12858
-
-Daniel Stenberg (1 Feb 2024)
-
-- sendf: ignore response body to HEAD
-
- and mark the stream for close, but return OK since the response this far
- was ok - if headers were received. Partly because this is what curl has
- done traditionally.
-
- Test 499 verifies. Updates test 689.
-
- Reported-by: Sergey Bronnikov
- Bug: https://curl.se/mail/lib-2024-02/0000.html
- Closes #12842
-
-- ftp: treat a 226 arriving before data as a signal to read data
-
- For active mode transfers.
-
- Due to some interesting timing, curl can sometimes get the 226 (transfer
- complete) over the control channel first, before the data connection
- signals readability. If this happens, use that as a signal to check the
- data connection.
-
- Additionally, set the socket filter in listen mode *before* the
- PORT/EPRT command is issued, to reduce the risk that the little time gap
- could interfere.
-
- This issue never reproduced for me on Debian and takes several hundred
- rounds for me to trigger on my mac.
-
- Reported-by: Stefan Eissing
- Fixes #12823
- Closes #12841
-
-Patrick Monnerat (1 Feb 2024)
-
-- OS400: avoid using awk in the build scripts
-
- Awk is a PASE program and its use may cause a failure depending on the
- CCSID of the calling script (IBM bug?).
-
- For this reason, revert to an sed-only solution to extract the exported
- symbols from the header files.
-
- Closes #12826
-
-Jan Macku (1 Feb 2024)
-
-- docs: remove `mk-ca-bundle.1` from `man_MANS`
-
- It was accidentally added in https://github.com/curl/curl/pull/12730
-
- Co-authored-by: Lukáš Zaoral <lzaoral@redhat.com>
- Signed-off-by: Jan Macku <jamacku@redhat.com>
-
- Follow-up to eefcc1bda4bccd800f5a56a0fe17a2f44a96e88b
- Closes #12843
-
-Daniel Stenberg (1 Feb 2024)
-
-- RELEASE-NOTES: synced
-
- and bump to 8.6.1 for now
-
-- cmdline-docs/Makefile: avoid using a fixed temp file name
-
- By appending the pid number two different runs at the same time will not
- trample over the same file.
-
- Reported-by: Jon Rumsey
- Fixes #12829
- Closes #12839
-
-- asyn-thread: use wakeup_close to close the read descriptor
-
- Reported-by: Dan Fandrich
- Ref: #12834
- Closes #12836
-
-Stefan Eissing (1 Feb 2024)
-
-- ntml_wb: fix buffer type typo
-
- Closes #12825
-
-Daniel Stenberg (1 Feb 2024)
-
-- tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds
-
- Since it allows (small) memory leaks that interfere with torture tests
- and regular memory-leak checks.
-
- Reported-by: Dan Fandrich
- Fixes #12834
- Closes #12835
-
-Boris Verkhovskiy (31 Jan 2024)
-
-- form-string.md: correct the example
-
- Closes #12822
-
-Version 8.6.0 (31 Jan 2024)
-
-Daniel Stenberg (31 Jan 2024)
-
-- RELEASE-NOTES: synced
-
- curl 8.6.0
-
-- THANKS: new contributors from 8.5.0
-
-Jay Satiro (31 Jan 2024)
-
-- cd2nroff: use perl 'strict' and 'warnings'
-
- - Use strict and warnings pragmas.
-
- - If open() fails then show the reason.
-
- - Set STDIN io layer :crlf so that input is properly read on Windows.
-
- - When STDIN is used as input, the filename $f is now set to "STDIN".
-
- Various error messages in single() use $f for the filename and this way
- it is not undefined when STDIN.
-
- Closes https://github.com/curl/curl/pull/12819
-
-Daniel Stenberg (30 Jan 2024)
-
-- cd2nroff: fix duplicate output issue
-
- Assisted-by: Jay Satiro
- Fixes https://github.com/curl/curl-www/issues/321
- Closes #12818
-
-- lib: error out on multissl + http3
-
- Since the QUIC/h3 code has no knowledge or handling of multissl it might
- bring unintended consequences if we allow it.
-
- configure, cmake and curl_setup.h all now reject this combination.
-
- Assisted-by: Viktor Szakats
- Assisted-by: Gisle Vanem
- Ref: #12806
- Closes #12807
-
-Patrick Monnerat (29 Jan 2024)
-
-- OS400: sync ILE/RPG binding
-
- Also do not force git CRLF line endings on *.cmd files for OS400.
-
- Closes #12815
-
-Viktor Szakats (28 Jan 2024)
-
-- build: delete/replace 3 more clang warning pragmas
-
- - tool_msgs: delete redundant `-Wformat-nonliteral` suppression pragma.
-
- - whitespace formatting in `mprintf.h`, lib518, lib537.
-
- - lib518: fix wrong variable in `sizeof()`.
-
- - lib518: bump variables to `rlim_t`.
- Follow-up to e2b394106d543c4615a60795b7fdce04bd4e5090 #1469
-
- - lib518: sync error message with lib537
- Follow-up to 365322b8bcf9efb6a361473d227b70f2032212ce
-
- - lib518, lib537: replace `-Wformat-nonliteral` suppression pragmas
- by reworking test code.
-
- Follow-up to 5b286c250829e06a135a6ba998e80beb7f43a734 #12812
- Follow-up to aee4ebe59161d0a5281743f96e7738ad97fe1cd4 #12803
- Follow-up to 09230127589eccc7e01c1a7217787ef8e64f3328 #12540
- Follow-up to 3829759bd042c03225ae862062560f568ba1a231 #12489
-
- Reviewed-by: Daniel Stenberg
- Closes #12814
-
-Richard Levitte (27 Jan 2024)
-
-- cmake: freshen up docs/INSTALL.cmake
-
- - Turn docs/INSTALL.cmake into a proper markdown file,
- docs/INSTALL-CMAKE.md
- - Move things around to divide the description into configuration,
- building and installing sections
- - Mention the more modern cmake options to configure, build and install,
- but also retain the older variants as fallbacks
-
- Closes #12772
-
-Viktor Szakats (27 Jan 2024)
-
-- build: delete/replace clang warning pragmas
-
- - delete redundant warning suppressions for `-Wformat-nonliteral`.
- This now relies on `CURL_PRINTF()` and it's theoratically possible
- that this macro isn't active but the warning is. We're ignoring this
- as a corner-case here.
-
- - replace two pragmas with code changes to avoid the warnings.
-
- Follow-up to aee4ebe59161d0a5281743f96e7738ad97fe1cd4 #12803
- Follow-up to 09230127589eccc7e01c1a7217787ef8e64f3328 #12540
- Follow-up to 3829759bd042c03225ae862062560f568ba1a231 #12489
-
- Reviewed-by: Daniel Stenberg
- Closes #12812
-
-Daniel Stenberg (27 Jan 2024)
-
-- RELEASE-NOTES: synced
-
-- http: only act on 101 responses when they are HTTP/1.1
-
- For 101 responses claiming to be any other protocol, bail out. This
- would previously trigger an assert.
-
- Add test 1704 to verify.
-
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66184
- Closes #12811
-
-Scarlett McAllister (27 Jan 2024)
-
-- _VARIABLES.md: add missing 'be' into the sentence
-
- Closes #12809
-
-Stefan Eissing (27 Jan 2024)
-
-- mqtt, remove remaining use of data->state.buffer
-
- Closes #12799
-
-Daniel Stenberg (27 Jan 2024)
-
-- x509asn1: switch from malloc to dynbuf
-
- Closes #12808
-
-- x509asn1: make utf8asn1str() use dynbuf instead of malloc + memcpy
-
- Closes #12808
-
-- x509asn1: reduce malloc in Curl_extract_certinfo
-
- Using dynbuf
-
- Closes #12808
-
-Jay Satiro (27 Jan 2024)
-
-- THANKS: add Alexander Bartel and Brennan Kinney
-
- They reported and investigated #10259 which was fixed by 7b2d98df.
-
- Ref: https://github.com/curl/curl/issues/10259
-
-Daniel Stenberg (26 Jan 2024)
-
-- krb5: add prototype to silence clang warnings on mvsnprintf()
-
- "error: format string is not a string literal"
-
- Follow-up to 09230127589eccc7 which made the warning appear
-
- Assisted-by: Viktor Szakats
- Closes #12803
-
-- x509asn1: remove code for WANT_VERIFYHOST
-
- No code ever sets this anymore since we dropped gskit
-
- Follow-up to 78d6232f1f326b9ab4d
-
- Closes #12804
-
-- socks: reduce the buffer size to 600 (from 8K)
-
- This is malloc'ed memory and it does not more. Test 742 helps us verify
- this.
-
- Closes #12789
-
-Stefan Eissing (26 Jan 2024)
-
-- file+ftp: use stack buffers instead of data->state.buffer
-
- Closes #12789
-
-- vtls: receive max buffer
-
- - do not only receive one TLS record, but try to fill
- the passed buffer
- - consider <4K remaning space is "filled".
-
- Closes #12801
-
-Daniel Stenberg (26 Jan 2024)
-
-- docs: do not start lines/sentences with So, But nor And
-
- Closes #12802
-
-- docs: remove spurious ampersands from markdown
-
- They were leftovers from the nroff conversion.
-
- Follow-up to eefcc1bda4bccd800f5a5
-
- Closes #12800
-
-Patrick Monnerat (26 Jan 2024)
-
-- sasl: make login option string override http auth
-
- - Use http authentication mechanisms as a default, not a preset.
-
- Consider http authentication options which are mapped to SASL options as
- a default (overriding the hardcoded default mask for the protocol) that
- is ignored if a login option string is given.
-
- Prior to this change, if some HTTP auth options were given, sasl mapped
- http authentication options to sasl ones but merged them with the login
- options.
-
- That caused problems with the cli tool that sets the http login option
- CURLAUTH_BEARER as a side-effect of --oauth2-bearer, because this flag
- maps to more than one sasl mechanisms and the latter cannot be cleared
- individually by the login options string.
-
- New test 992 checks this.
-
- Fixes https://github.com/curl/curl/issues/10259
- Closes https://github.com/curl/curl/pull/12790
-
-Stefan Eissing (26 Jan 2024)
-
-- socks: use own buffer instead of data->state.buffer
-
- Closes #12788
-
-Daniel Stenberg (26 Jan 2024)
-
-- socks: fix generic output string to say SOCKS instead of SOCKS4
-
- ... since it was also logged for SOCKS5.
-
- Closes #12797
-
-- test742: test SOCKS5 with max length user, password and hostname
-
- Adjusted the socksd server accordingly to allow for configuring that
- long user name and password.
-
- Closes #12797
-
-Stefan Eissing (25 Jan 2024)
-
-- ssh: use stack scratch buffer for seeks
-
- - instead of data->state.buffer
-
- Closes #12794
-
-Daniel Stenberg (25 Jan 2024)
-
-- krb5: access the response buffer correctly
-
- As the pingpong code no longer uses the download buffer.
-
- Folllow-up to c2d973627bab12ab
- Pointed-out-by: Stefan Eissing
- Closes #12796
-
-Stefan Eissing (25 Jan 2024)
-
-- mqtt: use stack scratch buffer for recv+publish
-
- - instead of data->state.buffer
-
- Closes #12792
-
-- telnet, use stack scratch buffer for do
-
- - instead of data->state.buffer
-
- Closes #12793
-
-- http, use stack scratch buffer
-
- - instead of data->state.buffer
-
- Closes #12791
-
-- ntlm_wb: do not use data->state.buf any longer
-
- Closes #12787
-
-- gitignore: the generated `libcurl-symbols.md`
-
- Closes #12795
-
-Daniel Stenberg (25 Jan 2024)
-
-- tool: fix the listhelp generation command
-
- The previous command line to generate the tool_listhelp.c source file
- broke with 2494b8dd5175cee7.
-
- Make 'make listhelp' invoked in src/ generate it. Also update the
- comment in the file to mention the right procedure.
-
- Closes #12786
-
-- http: check for "Host:" case insensitively
-
- When checking if the user wants to replace the header, the check should
- be case insensitive.
-
- Adding test 461 to verify
-
- Found-by: Dan Fandrich
- Ref: #12782
- Closes #12784
-
-Tatsuhiro Tsujikawa (25 Jan 2024)
-
-- configure: add libngtcp2_crypto_boringssl detection
-
- If OpenSSL is found to be BoringSSL or AWS-LC, and ngtcp2 is requested,
- try to detect libngtcp2_crypto_boringssl.
-
- Reported-by: ウさん
- Fixes #12724
- Closes #12769
-
-Daniel Stenberg (25 Jan 2024)
-
-- http: remove comment reference to a removed solution
-
- Follow-up to 58974d25d
-
- Closes #12785
-
-Stefan Eissing (25 Jan 2024)
-
-- pytest: Scorecard tracking CPU and RSS
-
- Closes #12765
-
-Graham Campbell (25 Jan 2024)
-
-- GHA: bump ngtcp2, gnutls, mod_h2, quiche
-
- - ngtcp2 to v1.2.0
- - gnutls to 3.8.3
- - mod_h2 to 2.0.26
- - quiche to 0.20.0
-
- Closes #12778
- Closes #12779
- Closes #12780
- Closes #12781
-
-Daniel Stenberg (25 Jan 2024)
-
-- ftpserver.pl: send 213 SIZE response without spurious newline
-
-- pingpong: stop using the download buffer
-
- The pingpong logic now uses its own dynbuf for receiving command
- response data.
-
- When the "final" response header for a commanad has been received, that
- final line is left first in the recvbuf for the protocols to parse at
- will. If there is additional data behind the final response line, the
- 'overflow' counter is indicate how many bytes.
-
- Closes #12757
-
-- gen.pl: remove bold from .IP used for ##
-
- Reported-by: Viktor Szakats
- Fixes #12776
- Closes #12777
-
-Viktor Szakats (24 Jan 2024)
-
-- cmake: rework options to enable curl and libcurl docs
-
- Rework CMake options for building/using curl tool and libcurl manuals.
-
- - rename `ENABLE_MANUAL` to `ENABLE_CURL_MANUAL`, meaning:
- to build man page and built-in manual for curl tool.
-
- - rename `BUILD_DOCS` to `BUILD_LIBCURL_DOCS`, meaning:
- to build man pages for libcurl.
-
- - `BUILD_LIBCURL_DOCS` now works without having to enable
- `ENABLE_CURL_MANUAL` too.
-
- - drop support for existing CMake-level `USE_MANUAL` option to avoid
- confusion. (It used to work with the effect of current
- `ENABLE_CURL_MANUAL`, but only by accident.)
-
- Assisted-by: Richard Levitte
- Ref: #12771
- Closes #12773
-
-Daniel Stenberg (24 Jan 2024)
-
-- urlapi: remove assert
-
- This assert triggers wrongly when CURLU_GUESS_SCHEME and
- CURLU_NO_AUTHORITY are both set and the URL is a single path.
-
- I think this assert has played out its role. It was introduced in a
- rather big refactor.
-
- Follow-up to 4cfa5bcc9a
-
- Reported-by: promptfuzz_ on hackerone
- Closes #12775
-
-Patrick Monnerat (24 Jan 2024)
-
-- tests: avoid int/size_t conversion size/sign warnings
-
- Closes #12768
-
-Daniel Stenberg (24 Jan 2024)
-
-- GHA: add a job scanning for "bad words" in markdown
-
- This means words, phrases or things we have decided not to use - words that
- are spelled right according to the dictionary but we want to avoid. In the
- name of consistency and better documentation.
-
- Closes #12764
-
-Viktor Szakats (23 Jan 2024)
-
-- cmake: speed up curldown processing, enable by default
-
- - cmake: enable `BUILD_DOCS` by default (this controls converting and
- installing `.3` files from `.md` sources)
-
- - cmake: speed up generating `.3` files by using a single command per
- directory, instead of a single command per file. This reduces external
- commands by about a thousand. (There remains some CMake logic kicking
- in resulting in 500 -one per file- external `-E touch_nocreate` calls.)
-
- - cd2nroff: add ability to process multiple input files.
-
- - cd2nroff: add `-k` option to use the source filename to form the
- output filename. (instead of the default in-file `Title:` line.)
-
- Follow-up to 3f08d80b2244524646ce86915c585509ac54fb4c
- Follow-up to ea0b575dab86a3c44dd1d547dc500276266aa382 #12753
- Follow-up to eefcc1bda4bccd800f5a56a0fe17a2f44a96e88b #12730
-
- Closes #12762
-
-Richard Levitte (23 Jan 2024)
-
-- docs: install curl.1 with cmake as well
-
- Closes #12759
-
-Daniel Stenberg (23 Jan 2024)
-
-- osslq: remove the TLS library from the version output
-
- Since we only support using a single TLS library at any one time, we
- know that the TLS library for QUIC is the same that is also shown for
- regular TLS.
-
- Fixes #12763
- Reported-by: Viktor Szakats
- Closes #12767
-
-Stefan Eissing (23 Jan 2024)
-
-- CI: remove unnecessary OpenSSL 3 option `enable-tls1_3`
-
- .. and switch OpenSSL 3 libdir from lib64 to lib for consistency.
-
- Closes https://github.com/curl/curl/pull/12758
-
-- GHA: bump nghttp2 version to v1.59.0
-
- - Switch to v1.59.0 for GHA CI jobs that use a specific nghttp2-version.
-
- Closes https://github.com/curl/curl/pull/12766
-
-Daniel Stenberg (23 Jan 2024)
-
-- RELEASE-NOTES: synced
-
-- docs/cmdline: change to .md for cmdline docs
-
- - switch all invidual files documenting command line options into .md,
- as the documentation is now markdown-looking.
-
- - made the parser treat 4-space indents as quotes
-
- - switch to building the curl.1 manpage using the "mainpage.idx" file,
- which lists the files to include to generate it, instead of using the
- previous page-footer/headers. Also, those files are now also .md
- ones, using the same format. I gave them underscore prefixes to make
- them sort separately:
- _NAME.md, _SYNOPSIS.md, _DESCRIPTION.md, _URL.md, _GLOBBING.md,
- _VARIABLES.md, _OUTPUT.md, _PROTOCOLS.md, _PROGRESS.md, _VERSION.md,
- _OPTIONS.md, _FILES.md, _ENVIRONMENT.md, _PROXYPREFIX.md,
- _EXITCODES.md, _BUGS.md, _AUTHORS.md, _WWW.md, _SEEALSO.md
-
- - updated test cases accordingly
-
- Closes #12751
-
-dependabot[bot] (23 Jan 2024)
-
-- CI: bump actions/cache from 3 to 4
-
- Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4.
- - [Release notes](https://github.com/actions/cache/releases)
- - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- - [Commits](https://github.com/actions/cache/compare/v3...v4)
-
- ---
- updated-dependencies:
- - dependency-name: actions/cache
- dependency-type: direct:production
- update-type: version-update:semver-major
- ...
-
- Signed-off-by: dependabot[bot] <support@github.com>
- Closes #12756
-
-Daniel Stenberg (23 Jan 2024)
-
-- openssl: when verifystatus fails, remove session id from cache
-
- To prevent that it gets used in a subsequent transfer that skips the
- verifystatus check since that check can't be done when the session id is
- reused.
-
- Reported-by: Hiroki Kurosawa
- Closes #12760
-
-Viktor Szakats (23 Jan 2024)
-
-- cmake: add option to disable building docs
-
-Richard Levitte (23 Jan 2024)
-
-- cmake: use curldown to build man pages
-
- This throws away the previous HTML and PDF producers, to mimic what
- Makefile.am does as faithfully as possible.
-
- Closes #12753
-
-Daniel Stenberg (23 Jan 2024)
-
-- mksymbolsmanpage.pl: provide references to where the symbol is used
-
-- docs: introduce "curldown" for libcurl man page format
-
- curldown is this new file format for libcurl man pages. It is markdown
- inspired with differences:
-
- - Each file has a set of leading headers with meta-data
- - Supports a small subset of markdown
- - Uses .md file extensions for editors/IDE/GitHub to treat them nicely
- - Generates man pages very similar to the previous ones
- - Generates man pages that still convert nicely to HTML on the website
- - Detects and highlights mentions of curl symbols automatically (when
- their man page section is specified)
-
- tools:
-
- - cd2nroff: converts from curldown to nroff man page
- - nroff2cd: convert an (old) nroff man page to curldown
- - cdall: convert many nroff pages to curldown versions
- - cd2cd: verifies and updates a curldown to latest curldown
-
- This setup generates .3 versions of all the curldown versions at build time.
-
- CI:
-
- Since the documentation is now technically markdown in the eyes of many
- things, the CI runs many more tests and checks on this documentation,
- including proselint, link checkers and tests that make sure we capitalize the
- first letter after a period...
-
- Closes #12730
-
-Viktor Szakats (22 Jan 2024)
-
-- libssh2: use `libssh2_session_callback_set2()` with v1.11.1
-
- To avoid a local hack to pass function pointers and to avoid
- deprecation warnings when building with libssh2 v1.11.1 or newer:
- ```
- lib/vssh/libssh2.c:3324:5: warning: 'libssh2_session_callback_set' is depreca
- ted: since libssh2 1.11.1. Use libssh2_session_callback_set2() [-Wdeprecated-
- declarations]
- lib/vssh/libssh2.c:3326:5: warning: 'libssh2_session_callback_set' is depreca
- ted: since libssh2 1.11.1. Use libssh2_session_callback_set2() [-Wdeprecated-
- declarations]
- ```
- Ref: https://github.com/curl/curl-for-win/actions/runs/7609484879/job/2072082
- 1100#step:3:4982
-
- Ref: https://github.com/libssh2/libssh2/pull/1285
- Ref: https://github.com/libssh2/libssh2/commit/c0f69548be902147ce014ffa40b8db
- 3cf1d4b0b4
- Reviewed-by: Daniel Stenberg
- Closes #12754
-
-Daniel Stenberg (22 Jan 2024)
-
-- transfer: make the select_bits_paused condition check both directions
-
- If there is activity in a direction that is not paused, return false.
-
- Reported-by: Sergey Bronnikov
- Bug: https://curl.se/mail/lib-2024-01/0049.html
- Closes #12740
-
-Stefan Eissing (22 Jan 2024)
-
-- http3: initial support for OpenSSL 3.2 QUIC stack
-
- - HTTP/3 for curl using OpenSSL's own QUIC stack together
- with nghttp3
- - configure with `--with-openssl-quic` to enable curl to
- build this. This requires the nghttp3 library
- - implementation with the following restrictions:
- * macOS has to use an unconnected UDP socket due to an
- issue in OpenSSL's datagram implementation
- See https://github.com/openssl/openssl/issues/23251
- This makes connections to non-reponsive servers hang.
- * GET requests will send the indicator that they have
- no body in a separate QUIC packet. This may result
- in processing delays or Transfer-Encodings on proxied
- requests
- * uploads that encounter blocks will use 100% cpu as
- detection of these flow control issue is not working
- (we have not figured out to pry that from OpenSSL).
-
- Closes #12734
-
-Viktor Szakats (22 Jan 2024)
-
-- cmake: fix `ENABLE_MANUAL` option
-
- Fix the `ENABLE_MANUAL` option. Set it to default to `OFF`.
-
- Before this patch `ENABLE_MANUAL=ON` was a no-op, even though it was the
- option designed to enable building and using the built-in curl manual.
- (`USE_MANUAL=ON` option worked for this instead, by accident).
-
- Ref: https://github.com/curl/curl/pull/12730#issuecomment-1902572409
- Closes #12749
-
-Mohammadreza Hendiani (19 Jan 2024)
-
-- TODO: update broken link to ratelimit-headers draft
-
- Closes #12741
-
-Daniel Stenberg (19 Jan 2024)
-
-- cmake: when USE_MANUAL=YES, build the curl.1 man page
-
- Fixes KNOWN_BUG 15.4
-
- Closes #12742
-
-- cmdline-opts/write-out.d: remove spurious double quotes
-
-Stefan Eissing (19 Jan 2024)
-
-- rtsp: Convert assertion into debug log
-
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65934
-
- - write excess bytes to the client where the standard excess bytes
- checks will report any wrongness and fail the transfer
-
- Fixes #12738
- Closes #12739
-
-Daniel Stenberg (19 Jan 2024)
-
-- headers: remove assert from Curl_headers_push
-
- The fuzzer managed to reach the function without a terminating CR or LF
- so let's handle it normally. While there, remove the goto.
-
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65839
-
- Closes #12721
-
-- curl_easy_getinfo.3: remove the wrong time value count
-
- It said "six" time values but they are eight by now. Remove the mention
- of the amount.
-
- Closes #12727
-
-Viktor Szakats (18 Jan 2024)
-
-- mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls`
-
- - Silence warning in mbedTLS v3.5.1 public headers:
- ```
- ./mbedtls/_x64-linux-musl/usr/include/psa/crypto_extra.h:489:14: warning: r
- edundant redeclaration of 'psa_set_key_domain_parameters' [-Wredundant-decls]
- ./mbedtls/_x64-linux-musl/usr/include/psa/crypto_struct.h:354:14: note: pre
- vious declaration of 'psa_set_key_domain_parameters' was here
- ```
- Ref: https://github.com/libssh2/libssh2/commit/ecec68a2c13a9c63fe8c2dc457ae
- 785a513e157c
- Ref: https://github.com/libssh2/libssh2/pull/1226
-
- - Fix compiler warnings seen with gcc 9.2.0 + cmake unity:
- ```
- ./curl/lib/vtls/mbedtls.c: In function 'mbedtls_bio_cf_read':
- ./curl/lib/vtls/mbedtls.c:189:11: warning: null pointer dereference [-Wnull
- -dereference]
- 189 | nread = Curl_conn_cf_recv(cf->next, data, (char *)buf, blen, &res
- ult);
- | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- ~~~~
- ./curl/lib/vtls/mbedtls.c: In function 'mbedtls_bio_cf_write':
- ./curl/lib/vtls/mbedtls.c:168:14: warning: null pointer dereference [-Wnull
- -dereference]
- 168 | nwritten = Curl_conn_cf_send(cf->next, data, (char *)buf, blen, &
- result);
- | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- ~~~~~~~
- ```
-
- - delete stray `#else`.
-
- Closes #12720
-
-Daniel Stenberg (17 Jan 2024)
-
-- docs: cleanup nroff format use
-
- - remove use of .BI for code snippet
- - stop using .br, just do a blank line
- - remove use of .PP
- - remove use for .sp
- - remove backslash in .IP
- - use .IP instead of .TP
-
- Closes #12731
-
-Stefan Eissing (17 Jan 2024)
-
-- test2307: fix expected failure code after ws refactoring
-
- Fixes #12722
- Closes #12728
-
-Jay Satiro (17 Jan 2024)
-
-- cf-socket: show errno in tcpkeepalive error messages
-
- - If the socket keepalive options (TCP_KEEPIDLE, etc) cannot be set
- then show the errno in the verbose error messages.
-
- Ref: https://github.com/curl/curl/discussions/12715#discussioncomment-8151652
-
- Closes https://github.com/curl/curl/pull/12726
-
-- tool_getparam: stop supporting `@filename` style for --cookie
-
- The `@filename` style was never documented for --cookie <data|filename>
- but prior to this change curl would accept it anyway and always treat a
- @ prefixed string as a filename.
-
- That's a problem if the string also contains a = sign because then it is
- documented to be interpreted as a cookie string and not a filename.
-
- Example:
-
- `--cookie @foo=bar`
-
- Before: Interpreted as load cookies from filename foo=bar.
-
- After: Interpreted as cookie `@foo=bar` (name `@foo` and value `bar`).
-
- Other curl options with a data/filename option-value use the `@filename`
- to distinguish filenames which is probably how this happened. The
- --cookie option has never been documented that way.
-
- Ref: https://curl.se/docs/manpage.html#-b
-
- Closes https://github.com/curl/curl/pull/12645
-
-Stefan Eissing (16 Jan 2024)
-
-- websockets: refactor decode chain
-
- - use client writer stack for decoding frames
- - move websocket protocol handler to ws.c
-
- Closes #12713
-
-- websockets: check for negative payload lengths
-
- - in en- and decoding, check the websocket frame payload lengths for
- negative values (from curl_off_t) and error the operation in that case
- - add test 2307 to verify
-
- Closes #12707
-
-Daniel Stenberg (16 Jan 2024)
-
-- docs: mention env vars not used by schannel
-
- Ref: #12704
-
- Co-authored-by: Jay Satiro <raysatiro@yahoo.com>
-
- Closes #12711
-
-- tool_operate: make --remove-on-error only remove "real" files
-
- Reported-by: Harry Sintonen
- Assisted-by: Dan Fandrich
-
- Closes #12710
-
-Jay Wu (16 Jan 2024)
-
-- url: don't set default CA paths for Secure Transport backend
-
- As the default for this backend is the native CA store.
-
- Closes #12704
-
-Lin Sun (16 Jan 2024)
-
-- asyn-ares: with modern c-ares, use its default timeout
-
- Closes #12703
-
-Daniel Stenberg (15 Jan 2024)
-
-- tool_operate: stop setting the file comment on Amiga
-
- - the URL is capped at 80 cols, which ruins it if longer
- - it does not strip off URL credentials
- - it is done unconditonally, not on --xattr
- - we don't have Amiga in the CI which makes fixing it blindly fragile
-
- Someone who builds and tests on Amiga can add it back correctly in a
- future if there is a desire.
-
- Reported-by: Harry Sintonen
- Closes #12709
-
-Stefan Eissing (15 Jan 2024)
-
-- rtsp: deal with borked server responses
-
- - enforce a response body length of 0, if the
- response has no Content-lenght. This is according
- to the RTSP spec.
- - excess bytes in a response body are forwarded to
- the client writers which will report and fail the
- transfer
-
- Follow-up to d7b6ce6
- Fixes #12701
- Closes #12706
-
-Daniel Stenberg (14 Jan 2024)
-
-- version: show only the libpsl version, not its dependencies
-
- The libpsl version output otherwise also includes version number for its
- dependencies, like IDN lib, but since libcurl does not use libpsl's IDN
- functionality those components are not important.
-
- Ref: https://github.com/curl/curl-for-win/issues/63
- Closes #12700
-
-Brad Harder (14 Jan 2024)
-
-- curl.h: CURLOPT_DNS_SERVERS is only available with c-ares
-
- Closes #12695
-
-Daniel Stenberg (14 Jan 2024)
-
-- cmdline-opts/gen.pl: error on initital blank line
-
- After the "---" separator, there should be no blank line and this script
- now errors out if one is detected.
-
- Ref: #12696
- Closes #12698
-
-- cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper
-
- Follow-up to 693cd1679361828a which was incomplete
-
- Ref #12680
- Closes #12697
-
-- curl_multi_fdset.3: remove mention of null pointer support
-
- ... since this funtion has not supported null pointer fd_set arguments since
- at least 2006. (That's when I stopped my git blame journey)
-
- Fixes #12691
- Reported-by: sfan5 on github
- Closes #12692
-
-Mark Huang (14 Jan 2024)
-
-- docs/cmdline: remove unnecessary line breaks
-
- Closes #12696
-
-Daniel Stenberg (14 Jan 2024)
-
-- transfer: remove warning: Value stored to 'blen' is never read
-
- Detected by scan-build
-
- Follow-up from 1cd2f0072f
-
- Closes #12693
-
-Stefan Eissing (13 Jan 2024)
-
-- lib: replace readwrite with write_resp
-
- This clarifies the handling of server responses by folding the code for
- the complicated protocols into their protocol handlers. This concerns
- mainly HTTP and its bastard sibling RTSP.
-
- The terms "read" and "write" are often used without clear context if
- they refer to the connect or the client/application side of a
- transfer. This PR uses "read/write" for operations on the client side
- and "send/receive" for the connection, e.g. server side. If this is
- considered useful, we can revisit renaming of further methods in another
- PR.
-
- Curl's protocol handler `readwrite()` method been changed:
-
- ```diff
- - CURLcode (*readwrite)(struct Curl_easy *data, struct connectdata *conn,
- - const char *buf, size_t blen,
- - size_t *pconsumed, bool *readmore);
- + CURLcode (*write_resp)(struct Curl_easy *data, const char *buf, size_t ble
- n,
- + bool is_eos, bool *done);
- ```
-
- The name was changed to clarify that this writes reponse data to the
- client side. The parameter changes are:
-
- * `conn` removed as it always operates on `data->conn`
- * `pconsumed` removed as the method needs to handle all data on success
- * `readmore` removed as no longer necessary
- * `is_eos` as indicator that this is the last call for the transfer
- response (end-of-stream).
- * `done` TRUE on return iff the transfer response is to be treated as
- finished
-
- This change affects many files only because of updated comments in
- handlers that provide no implementation. The real change is that the
- HTTP protocol handlers now provide an implementation.
-
- The HTTP protocol handlers `write_resp()` implementation will get passed
- **all** raw data of a server response for the transfer. The HTTP/1.x
- formatted status and headers, as well as the undecoded response
- body. `Curl_http_write_resp_hds()` is used internally to parse the
- response headers and pass them on. This method is public as the RTSP
- protocol handler also uses it.
-
- HTTP/1.1 "chunked" transport encoding is now part of the general
- *content encoding* writer stack, just like other encodings. A new flag
- `CLIENTWRITE_EOS` was added for the last client write. This allows
- writers to verify that they are in a valid end state. The chunked
- decoder will check if it indeed has seen the last chunk.
-
- The general response handling in `transfer.c:466` happens in function
- `readwrite_data()`. This mainly operates now like:
-
- ```
- static CURLcode readwrite_data(data, ...)
- {
- do {
- Curl_xfer_recv_resp(data, buf)
- ...
- Curl_xfer_write_resp(data, buf)
- ...
- } while(interested);
- ...
- }
- ```
-
- All the response data handling is implemented in
- `Curl_xfer_write_resp()`. It calls the protocol handler's `write_resp()`
- implementation if available, or does the default behaviour.
-
- All raw response data needs to pass through this function. Which also
- means that anyone in possession of such data may call
- `Curl_xfer_write_resp()`.
-
- Closes #12480
-
-Daniel Stenberg (13 Jan 2024)
-
-- RELEASE-NOTES: synced
-
-- TODO: TFTP doesn't convert LF to CRLF for mode=netascii
-
- Closes #12655
- Closes #12690
-
-- gen: do italics/bold for a range of letters, not just single word
-
- Previously it would match only on a sequence of non-space, which made it
- miss to highlight for example "public suffix list".
-
- Updated the recent cookie.d edit from 5da57193b732 to use bold instead
- of italics.
-
- Closes #12689
-
-- docs: describe and highlight super cookies
-
- Reported-by: Yadhu Krishna M
-
- Closes #12687
-
-- configure: when enabling QUIC, check that TLS supports QUIC
-
- Most importantly perhaps is when using OpenSSL that the used
- build/flavor has the QUIC API: the vanilla OpenSSL does not, only
- BoringSSL, libressl, AWS-LC and quictls do.
-
- Ref: https://github.com/curl/curl/commit/5d044ad9480a9f556f4b6a252d7533b1ba7f
- e57e#r136780413
-
- Closes #12683
-
-Stefan Eissing (11 Jan 2024)
-
-- vquic: extract TLS setup into own source
-
- - separate ngtcp2 specific parts out
- - provide callback during init to allow ngtcp2 to apply its defaults
-
- Closes #12678
-
-Sergey Markelov (11 Jan 2024)
-
-- multi: remove total timer reset in file_do() while fetching file://
-
- The total timer is properly reset in MSTATE_INIT. MSTATE_CONNECT starts
- with resetting the timer that is a start point for further multi states.
- If file://, MSTATE_DO calls file_do() that should not reset the total
- timer. Otherwise, the total time is always less than the pre-transfer
- and the start transfer times.
-
- Closes #12682
-
-Daniel Stenberg (11 Jan 2024)
-
-- http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT
-
- Extended test 80 to verify this.
-
- Reported-by: Stefan Eissing
- Fixes #12680
- Closes #12681
-
-- sectransp: do verify_cert without memdup for blobs
-
- Since the information is then already stored in memory, this can avoid
- an extra set of malloc + free calls.
-
- Closes #12679
-
-- hsts: remove assert for zero length domain
-
- A zero length domain can happen if the HSTS parser is given invalid
- input data which is not unheard of and is done by the fuzzer.
-
- Follow-up from cfe7902111ae547873
-
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65661
-
- Closes #12676
-
-- headers: make sure the trailing newline is not stored
-
- extended test1940 to verify blank header fields too
-
- Bug: https://curl.se/mail/lib-2024-01/0019.html
- Reported-by: Dmitry Karpov
- Closes #12675
-
-- curl_easy_header.3: tiny language fix
-
- Closes #12672
-
-- examples/range.c: add
-
- Closes #12671
-
-- examples/netrc.c: add
-
- Closes #12671
-
-- examples/ipv6.c: new example showing IPv6-only internet transfer
-
- Closes #12671
-
-- examples/address-scope.c: renamed from ipv6.c
-
- It shows address scope use really
-
- Closes #12671
-
-Stefan Eissing (9 Jan 2024)
-
-- multi: pollset adjust, init with FIRSTSOCKET during connect
-
- - `conn->sockfd` is set by `Curl_setup_transfer()`, but that
- is called *after* the connection has been established
- - use `conn->sock[FIRSTSOCKET]` instead
-
- Follow-up to a0f94800d507de
- Closes #12664
-
-Daniel Stenberg (9 Jan 2024)
-
-- WEBSOCKET.md: remove dead link
-
-- CI: spellcheck/appveyor: invoke configure --without-libpsl
-
- Follow-up to 2998874bb61ac6
-
-- cmdline/docs/*.d: switch to using ## instead of .IP
-
- To make the editing easier. To write and to read.
-
- Closes #12667
-
-- gen.pl: support ## for doing .IP in table-like lists
-
- Warn on use of .RS/.IP/.RE
-
- Closes #12667
-
-Jay Satiro (9 Jan 2024)
-
-- cookie.d: Document use of empty string to enable cookie engine
-
- - Explain that --cookie "" can be used to enable the cookie engine
- without reading any initial cookies.
-
- As is documented in CURLOPT_COOKIEFILE.
-
- Ref: https://curl.se/libcurl/c/CURLOPT_COOKIEFILE.html
-
- Bug: https://github.com/curl/curl/issues/12643#issuecomment-1879844420
- Reported-by: janko-js@users.noreply.github.com
-
- Closes https://github.com/curl/curl/pull/12646
-
-Daniel Stenberg (9 Jan 2024)
-
-- setopt: use memdup0 when cloning COPYPOSTFIELDS
-
- Closes #12651
-
-- telnet: use dynbuf instad of malloc for escape buffer
-
- Previously, send_telnet_data() would malloc + free a buffer every time
- for escaping IAC codes. Now, it reuses a dynbuf for this purpose.
-
- Closes #12652
-
-- CI: install libpsl or configure --without-libpsl in builds
-
- As a follow-up to the stricted libpsl check in configure
-
-- configure: make libpsl detection failure cause error
-
- To force users to explictily disable it if they really don't want it
- used and make it harder to accidentally miss it.
-
- --without-libpsl is the option to use if PSL is not wanted.
-
- Closes #12661
-
-- RELEASE-NOTES: synced
-
-- pop3: replace calloc + memcpy with memdup0
-
- ... and make sure to return error on out of memory.
-
- Closes #12650
-
-- lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT
-
- Closes #12658
-
-- mime: use memdup0 instead of malloc + memcpy
-
- Closes #12649
-
-- tool_getparam: move the --rate logic into set_rate()
-
-- tool_getparam: switch to an enum for every option
-
- To make the big switch much easier to read/understand and to make it
- easier to add new options.
-
-- tool_getparam: build post data using dynbuf (more)
-
-- tool_getparam: replace malloc + copy by dynbuf for --data
-
-- tool_getparam: make data_urlencode avoid direct malloc
-
- use aprintf() instead
-
-- tool_getparam: move the --url-query logic into url_query()
-
- This function is not doing post at all so it was always weirdly placed.
-
-- tool_getparam: move the --data logic into set_data()
-
-- tool_getparam: unify the cmdline switch() into a single one
-
- - easier to follow, easier to modify, easier to extend, possibly slightly
- faster
-
- - each case now has the long option as a comment
-
-- tool_getparam: bsearch cmdline options
-
- - the option names are now alpha sorted and lookup is a lot faster
-
- - use case sensitive matching. It was previously case insensitive, but that
- was not documented nor tested.
-
- - remove "partial match" feature. It was not documented, not tested and
- was always fragile as existing use could break when we add a new
- option
-
- - lookup short options via a table
-
- Closes #12631
-
-Gabe (8 Jan 2024)
-
-- COPYING: update copyright year
-
- Closes #12654
-
-Stefan Eissing (8 Jan 2024)
-
-- url: init conn->sockfd and writesockfd to CURL_SOCKET_BAD
-
- Also add more tracing to test 19
-
- Follow-up to a0f9480
-
- Fixes #12657
- Closes #12659
-
-Daniel Stenberg (8 Jan 2024)
-
-- connect: remove margin from eyeballer alloc
-
- Presumably leftovers from debugging
-
- Closes #12647
-
-- ftp: only consider entry path if it has a length
-
- Follow-up from 8edcfedc1a144f438bd1cdf814a0016cb
-
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65631
-
- Avoids a NULL pointer deref.
-
- Closes #12648
-
-Stefan Eissing (7 Jan 2024)
-
-- transfer: adjust_pollset improvements
-
- - let `multi_getsock()` initialize the pollset in what the
- transfer state requires in regards to SEND/RECV
- - change connection filters `adjust_pollset()` implementation
- to react on the presence of POLLIN/-OUT in the pollset and
- no longer check CURL_WANT_SEND/CURL_WANT_RECV
- - cf-socket will no longer add POLLIN on its own
- - http2 and http/3 filters will only do adjustments if the
- passed pollset wants to POLLIN/OUT for the transfer on
- the socket. This is similar to the HTTP/2 proxy filter
- and works in stacked filters.
-
- Closes #12640
-
-Daniel Stenberg (6 Jan 2024)
-
-- ftp: use memdup0 to store the OS from a SYST 215 response
-
- avoid malloc + direct buffer fiddle
-
- Closes #12639
-
-- ftp: use dynbuf to store entrypath
-
- avoid direct malloc
-
- Closes #12638
-
-Lealem Amedie (6 Jan 2024)
-
-- wolfssl: load certificate *chain* for PEM client certs
-
- Closes #12634
-
-Stefan Eissing (4 Jan 2024)
-
-- http: adjust_pollset fix
-
- do not add a socket for POLLIN when the transfer does not want to send
- (for example is paused).
-
- Follow-up to 47f5b1a
-
- Reported-by: bubbleguuum on github
- Fixes #12632
- Closes #12633
-
-Daniel Stenberg (3 Jan 2024)
-
-- tool: make parser reject blank arguments if not supported
-
- Already in the getstr() function that clones the input argument.
-
- Closes #12620
-
-dependabot[bot] (3 Jan 2024)
-
-- build(deps): bump github/codeql-action from 2 to 3
-
- Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2
- to 3.
- - [Release notes](https://github.com/github/codeql-action/releases)
- - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- - [Commits](https://github.com/github/codeql-action/compare/v2...v3)
-
- ---
- updated-dependencies:
- - dependency-name: github/codeql-action
- dependency-type: direct:production
- update-type: version-update:semver-major
- ...
-
- Signed-off-by: dependabot[bot] <support@github.com>
-
- Closes #12625
-
-- build(deps): bump actions/checkout from 3 to 4
-
- Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- - [Release notes](https://github.com/actions/checkout/releases)
- - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- - [Commits](https://github.com/actions/checkout/compare/v3...v4)
-
- ---
- updated-dependencies:
- - dependency-name: actions/checkout
- dependency-type: direct:production
- update-type: version-update:semver-major
- ...
-
- Signed-off-by: dependabot[bot] <support@github.com>
-
- Closes #12624
-
-- build(deps): bump actions/upload-artifact from 3 to 4
-
- Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) f
- rom 3 to 4.
- - [Release notes](https://github.com/actions/upload-artifact/releases)
- - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)
-
- ---
- updated-dependencies:
- - dependency-name: actions/upload-artifact
- dependency-type: direct:production
- update-type: version-update:semver-major
- ...
-
- Signed-off-by: dependabot[bot] <support@github.com>
-
- Closes #12627
-
-- build(deps): bump actions/download-artifact from 3 to 4
-
- Bumps [actions/download-artifact](https://github.com/actions/download-artifac
- t) from 3 to 4.
- - [Release notes](https://github.com/actions/download-artifact/releases)
- - [Commits](https://github.com/actions/download-artifact/compare/v3...v4)
-
- ---
- updated-dependencies:
- - dependency-name: actions/download-artifact
- dependency-type: direct:production
- update-type: version-update:semver-major
- ...
-
- Signed-off-by: dependabot[bot] <support@github.com>
-
- Closes #12626
-
-Stefan Eissing (3 Jan 2024)
-
-- http3/quiche: fix result code on a stream reset
-
- - fixes pytest failures in test 07_22
- - aligns CURLcode values on stream reset with ngtcp2
-
- Closes #12629
-
-Daniel Stenberg (2 Jan 2024)
-
-- setopt: clear mimepost when formp is freed
-
- A precaution to avoid a possibly dangling pointer left behind.
-
- Reported-by: Thomas Ferguson
- Fixes #12608
- Closes #12621
-
-Andy Alt (2 Jan 2024)
-
-- CI: Add dependabot.yml
-
- This will cause dependabot to open a PR when various actions are
- updated, provided that the action maintainer has issued a release.
-
- Closes #12623
-
-Gisle Vanem (2 Jan 2024)
-
-- content_encoding: change return code to typedef'ed enum
-
- ... to work around a clang ubsan warning.
-
- Fixes #12618
- Closes #12622
-
-Daniel Stenberg (2 Jan 2024)
-
-- tool: prepend output_dir in header callback
-
- When Content-Disposition parsing is used and an output dir is prepended,
- make sure to store that new file name correctly so that it can be used
- for setting the file timestamp when --remote-time is used.
-
- Extended test 3012 to verify.
-
- Co-Authored-by: Jay Satiro
- Reported-by: hgdagon on github
- Fixes #12614
- Closes #12617
-
-- test1254: fix typo in name plus shorten it
-
-- RELEASE-NOTES: synced
-
-Viktor Szakats (2 Jan 2024)
-
-- schannel: fix `-Warith-conversion` gcc 13 warning
-
- ```
- lib/vtls/schannel.c:1201:22: warning: conversion to 'unsigned int' from 'int'
- may change the sign of the result [-Warith-conversion]
- 1201 | *extension_len = *list_len +
- | ^
- ```
-
- Closes #12616
-
-- asyn-thread: silence `-Wcast-align` warning for Windows
-
- Seen with llvm/clang 17:
- ```
- lib/asyn-thread.c:310:5: warning: cast from 'PCHAR' (aka 'char *') to 'struct
- thread_sync_data *' increases required alignment from 1 to 8 [-Wcast-align]
- 310 | CONTAINING_RECORD(overlapped, struct thread_sync_data, w8.overlap
- ped);
- | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- ~~~~
- .../llvm-mingw/aarch64-w64-mingw32/include/winnt.h:717:48: note: expanded fro
- m macro 'CONTAINING_RECORD'
- 717 | #define CONTAINING_RECORD(address,type,field) ((type *)((PCHAR)(addre
- ss) - (ULONG_PTR)(&((type *)0)->field)))
- | ^~~~~~~~~~~~~~~~~~~~~~
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- ```
-
- Follow-up to a6bbc87f9e9ffb46a1801dfb983e7534825ed56b #12482
-
- Ref: https://github.com/curl/curl/pull/12482#issuecomment-1873017261
- Closes #12615
-
-Daniel Stenberg (2 Jan 2024)
-
-- tool_listhelp: regenerate after recent .d updates
-
- Makes it survive test 1478
-
- Closes #12612
-
-- test1478: verify src/tool_listhelp.c
-
- Verify that the source file on disk is identical to the output of gen.pl
- listhelp, as otherwise they are out of sync and need attention.
-
- Closes #12612
-
-- testutil: make runtests support %include
-
- Using this instruction, a test case can include the contents of a file
- into the test during the preprocessing.
-
- Closes #12612
-
-- runtests: for mode="text" on <stdout>, fix newlines on both parts
-
- Closes #12612
-
-Jay Satiro (2 Jan 2024)
-
-- quiche: return CURLE_HTTP3 on send to invalid stream
-
- Prior to this change if a send failed on a stream in an invalid state
- (according to quiche) and not marked as closed (according to libcurl)
- then the send function would return CURLE_SEND_ERROR.
-
- We already have similar code for ngtcp2 to return CURLE_HTTP3 in this
- case.
-
- Caught by test test_07_upload.py: test_07_22_upload_parallel_fail.
-
- Fixes https://github.com/curl/curl/issues/12590
- Closes https://github.com/curl/curl/pull/12597
-
-Daniel Stenberg (1 Jan 2024)
-
-- cmdline-opts: update availability for the *-ca-native options
-
- Closes #12613
-
-Patrick Monnerat (31 Dec 2023)
-
-- openldap: fix STARTTLS
-
- It was not working anymore since introduction of connection filters.
-
- Also do not attempt to recover from a failing TLS negotiation with
- CURLUSESSL_TRY.
-
- Closes #12610
-
-Daniel Stenberg (31 Dec 2023)
-
-- haproxy-clientip.d: document the arg
-
- The arg keyword was missing and therefore not present in the man page.
-
- Closes #12611
-
-annalee (29 Dec 2023)
-
-- configure: fix no default int compile error in ipv6 detection
-
- Closes #12607
-
-Dan Fandrich (28 Dec 2023)
-
-- CI: Fix use of any-glob-to-all-files in the labeler
-
- Despite its name, this atom acts like one-glob-to-all-files and a
- different syntax with braces must be used to get
- any-glob-to-all-files semantics. Unfortunately, this makes the file
- completely unreadable.
-
- Ref: https://github.com/actions/labeler/issues/731
-
-Daniel Stenberg (29 Dec 2023)
-
-- CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER
-
-- CURLINFO_REFERER.3: clarify that it is the *request* header
-
- That libcurl itself sent in the most recent request
-
- Closes #12605
-
-Jay Satiro (28 Dec 2023)
-
-- system_win32: fix a function pointer assignment warning
-
- - Use CURLX_FUNCTION_CAST to suppress a function pointer assignment
- warning.
-
- a6bbc87f added lookups of some Windows API functions and then cast them
- like `*(FARPROC*)&Curl_funcname = address`. Some versions of gcc warn
- about that as breaking strict-aliasing rules so this PR changes those
- assignments to use CURLX_FUNCTION_CAST.
-
- Bug: https://github.com/curl/curl/pull/12581#issuecomment-1869804317
- Reported-by: Marcel Raad
-
- Closes https://github.com/curl/curl/pull/12602
-
-- verify-examples.pl: fail verification on unescaped backslash
-
- - Check that all backslashes in EXAMPLE are properly escaped.
-
- eg manpage must always use `\\n` never `\n`.
-
- This is because the manpage requires we always double blackslash to show
- a single backslash. Prior to this change an erroneous single backslash
- would pass through and compile even though it would not show correctly
- in the manpage.
-
- Co-authored-by: Daniel Stenberg
-
- Ref: https://github.com/curl/curl/pull/12588
-
- Closes https://github.com/curl/curl/pull/12589
-
-- vtls: fix missing multissl version info
-
- - Fix erroneous buffer copy logic from ff74cef5.
-
- Prior to this change the MultiSSL version info returned to the user
- was empty.
-
- Closes https://github.com/curl/curl/pull/12599
-
-Daniel Stenberg (27 Dec 2023)
-
-- KNOWN_BUGS: [RTSP] Some methods do not support response bodies
-
- Closes #12414
-
-Patrick Monnerat (27 Dec 2023)
-
-- openldap: fix an LDAP crash
-
- Reported-by: Ozan Cansel
- Fixes #12593
- Closes #12600
-
-Daniel Stenberg (27 Dec 2023)
-
-- getinfo: CURLINFO_QUEUE_TIME_T
-
- Returns the time, in microseconds, during which this transfer was held
- in a waiting queue before it started "for real". A transfer might be put
- in a queue if after getting started, it cannot create a new connection
- etc due to set conditions and limits imposed by the application.
-
- Ref: #12293
- Closes #12368
-
-- RELEASE-NOTES: synced
-
-Jay Satiro (26 Dec 2023)
-
-- examples/sendrecv: fix comment line length
-
- Caught by checksrc.
-
-Haydar Alaidrus (23 Dec 2023)
-
-- CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example
-
- - Escape inner quotes with two backslashes.
-
- Two backslashes escapes the backslash for the man page and will show as
- a single backslash.
-
- eg: "{\\"name\\": \\"daniel\\"}" shows as "{\"name\": \"daniel\"}".
-
- Closes https://github.com/curl/curl/pull/12588
-
-Viktor Szakats (23 Dec 2023)
-
-- appveyor: tidy-ups
-
- - replace two remaining backslashes with forward slashes.
- - tidy up the way we form and pass `TFLAGS`.
-
- Follow-up to 2d4d0c1fd32f5cc3f946c407c8eccd5477b287df #12572
-
- Closes #12582
-
-Stefan Eissing (22 Dec 2023)
-
-- transfer: fix upload rate limiting, add test cases
-
- - add test cases for rate limiting uploads for all
- http versions
- - fix transfer loop handling of limits. Signal a re-receive
- attempt only on exhausting maxloops without an EAGAIN
- - fix `data->state.selectbits` forcing re-receive to also
- set re-sending when transfer is doing this.
-
- Reported-by: Karthikdasari0423 on github
- Fixes #12559
- Closes #12586
-
-Daniel Stenberg (22 Dec 2023)
-
-- mbedtls: free the entropy when threaded
-
- The entropy_free was never done for threaded builds, causing a small
- (fixed) memory leak.
-
- Reported-by: RevaliQaQ on github
- Fixes #12584
- Closes #12585
-
-Stefan Eissing (22 Dec 2023)
-
-- http2: improved on_stream_close/data_done handling
-
- - there seems to be a code path that cleans up easy handles without
- triggering DONE or DETACH events to the connection filters. This
- would explain wh nghttp2 still holds stream user data
- - add GOOD check to easy handle used in on_close_callback to
- prevent crashes, ASSERTs in debug builds.
- - NULL the stream user data early before submitting RST
- - add checks in on_stream_close() to identify UNGOOD easy handles
-
- Reported-by: Hans-Christian Egtvedt
- Fixes #10936
- Closes #12562
-
-Daniel Stenberg (22 Dec 2023)
-
-- mprintf: overhaul and bugfixes
-
- In a test case using lots of snprintf() calls using many commonly used
- %-codes per call, this version is around 30% faster than previous
- version.
-
- It also fixes the #12561 bug which made it not behave correctly when
- given unknown %-sequences. Fixing that flaw required a different take on
- the problem, which resulted in the new two-arrays model.
-
- lib557: extended - Verify the #12561 fix and test more printf features
-
- unit1398: fix test: It used a <num>$ only for one argument, which is not
- supported.
-
- Fixes #12561
- Closes #12563
-
-Viktor Szakats (21 Dec 2023)
-
-- appveyor: replace PowerShell with bash + parallel autotools
-
- PowerShell works (after a steep development curve), but one property of
- it stuck and kept causing unresolvable usability issues: With
- `$ErrorActionPreference=Stop`, it does abort on failures, but shows only
- the first line of the error message. In `Continue` mode, it shows the
- full error message, but doesn't stop on all errors. Another issue is
- PowerShell considering any stderr output as if the command failed (this
- has been improved in 7.2 (2021-Nov), but fixed versions aren't running
- in CI and will not be for a long time in all test images.)
-
- Thus, we're going with bash.
-
- Also:
- - use `-j2` with autotools tests, making them finish 5-15 minutes per
- job faster.
- - omit `POSIX_PATH_PREFIX`.
- - use `WINDIR`.
- - prefer forward slashes.
-
- Follow-up to: 75078a415d9c769419aed4153d3d525a8eba95af #11999
- Ref: #12444
-
- Fixes #12560
- Closes #12572
-
-Pavel Pavlov (21 Dec 2023)
-
-- asyn-thread: use GetAddrInfoExW on >= Windows 8
-
- For doing async DNS resolution instead of starting a thread for each
- request.
-
- Fixes #12481
- Closes #12482
-
-Daniel Stenberg (21 Dec 2023)
-
-- strerror: repair get_winsock_error()
-
- It would try to read longer than the provided string and crash.
-
- Follow-up to ff74cef5d4a0cf60106517a1c7384
- Reported-by: calvin2021y on github
- Fixes #12578
- Closes #12579
-
-- CURLOPT_SSH_*_KEYFILE: clarify
-
- Closes #12554
-
-ivanfywang (21 Dec 2023)
-
-- ngtcp2: put h3 at the front of alpn
-
- Closes #12576
-
-Daniel Stenberg (21 Dec 2023)
-
-- test460: verify a command line using --expand with no argument
-
- This verifies the fix for #12565
-
-- tool_getparam: do not try to expand without an argument
-
- This would lead to a segfault.
-
- Fixes #12565
- Reported-by: Geeknik Labs
- Closes #12575
-
-- RELEASE-NOTES: synced
-
- Bumped version to 8.6.0 because of changes
-
-- Makefile.am: fix the MSVC project generation
-
- It made the vcxproj files not get included in dist tarballs.
-
- Regression since 74423b5df4c8117891eb89 (8.5.0)
-
- Reported-by: iAroc on github
- Fixes #12564
- Closes #12567
-
-zengwei2000 (21 Dec 2023)
-
-- altsvc: free 'as' when returning error
-
- Closes #12570
-
- Signed-off-by: zengwei <zengwei1@uniontech.com>
-
-Viktor Szakats (20 Dec 2023)
-
-- build: fix `-Wconversion`/`-Wsign-conversion` warnings
-
- Fix remaining warnings in examples and tests which are not suppressed
- by the pragma in `lib/curl_setup.h`.
-
- Silence a toolchain issue causing warnings in `FD_SET()` calls with
- older Cygwin/MSYS2 builds. Likely fixed on 2020-08-03 by:
- https://cygwin.com/git/?p=newlib-cygwin.git;a=commitdiff;h=5717262b8ecfed0f7f
- ab63e2c09c78991e36f9dd
-
- Follow-up to 2dbe75bd7f3c36837aa06fd87a442bdf3fb7faef #12492
-
- Closes #12557
-
-- build: fix some `-Wsign-conversion`/`-Warith-conversion` warnings
-
- - enable `-Wsign-conversion` warnings, but also setting them to not
- raise errors.
- - fix `-Warith-conversion` warnings seen in CI.
- These are triggered by `-Wsign-converion` and causing errors unless
- explicitly silenced. It makes more sense to fix them, there just a few
- of them.
- - fix some `-Wsign-conversion` warnings.
- - hide `-Wsign-conversion` warnings with a `#pragma`.
- - add macro `CURL_WARN_SIGN_CONVERSION` to unhide them on a per-build
- basis.
- - update a CI job to unhide them with the above macro:
- https://github.com/curl/curl/actions/workflows/linux.yml -> OpenSSL -O3
-
- Closes #12492
-
-- cmake: tidy-up `OtherTests.cmake`
-
- - make more obvious which detection uses which prep steps.
- - merge and streamline conditions.
- - these should not alter detection results.
-
- Also align log output messages from
- `Macros.cmake` / `curl_internal_test` with rest of the build.
-
- Closes #12551
-
-- appveyor: switch to out-of-tree builds
-
- With cmake and autotools.
-
- Closes #12550
-
-Daniel Stenberg (19 Dec 2023)
-
-- DEPRECATE.md: mention that NTLM_WB no longer works
-
- Ref: #12479
- Closes #12553
-
-- CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add
-
- Proposed-by: Yifei Kong
- Ref: https://curl.se/mail/lib-2023-11/0023.html
- Closes #12369
-
-Viktor Szakats (18 Dec 2023)
-
-- build: more `-Wformat` fixes
-
- - memdebug: update to not trigger `-Wformat-nonliteral` warnings.
- - imap: mark `imap_sendf()` with `CURL_PRINTF()`.
- - tool_msgs: mark static function with `CURL_PRINTF()`.
-
- Follow-up to 3829759bd042c03225ae862062560f568ba1a231 #12489
-
- Closes #12540
-
-- windows: delete redundant headers
-
- `winsock2.h` pulls in `windows.h`. `ws2tcpip.h` pulls in `winsock2.h`.
- `winsock2.h` and `ws2tcpip.h` are also pulled by `curl/curl.h`.
-
- Keep only those headers that are not already included, or the code under
- it uses something from that specific header.
-
- Closes #12539
-
-- cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE`
-
- Also add missing include to `OtherTests.cmake`. It didn't cause an issue
- because the parent already included this earlier by chance.
-
- Closes #12537
-
-Daniel Stenberg (18 Dec 2023)
-
-- runner.pm: fix perl warning when running tests
-
- Use of uninitialized value $runner::gdbthis in numeric eq (==) at runner.
- pm
-
- Follow-up from 3dcf301752a09d9
-
- Closes #12549
-
-- runtests: support -gl. Like -g but for lldb.
-
- Follow-up to 63b5748
-
- Invokes the test case via lldb instead of gdb. Since using gdb is such a
- pain on mac, using lldb is sometimes less quirky.
-
- Closes #12547
-
-- curl.h: add CURLE_TOO_LARGE
-
- A new error code to be used when an internal field grows too large, like
- when a dynbuf reaches its maximum. Previously it would return
- CURLE_OUT_OF_MEMORY for this, which is highly misleading.
-
- Ref: #12268
- Closes #12269
-
-- CI/circleci: disable MQTT in the HTTP-only build
-
- And remove the use of configure options that don't actually exist
-
- Closes #12546
-
-Yedaya Katsman (18 Dec 2023)
-
-- tests: respect $TMPDIR when creating unix domain sockets
-
- When running on termux, where $TMPDIR isn't /tmp, running the tests
- failed, since the server config tried creating sockets in /tmp, without
- checking the temp dir config. Use the TMPDIR variable that makes it find
- the correct directory everywhere [0]
-
- [0] https://perldoc.perl.org/File::Temp#tempfile
-
- Closes #12545
-
-Viktor Szakats (17 Dec 2023)
-
-- ssh: fix namespace of two local macros
-
- Avoid using the libssh and libssh2 macro namespaces by prefixing
- these local macro names with `CURL_`.
-
- Follow-up to 413a0fedd02c8c6df1d294534b8c6e306fcca7a2 #12346
-
- Reviewed-by: Daniel Stenberg
- Closes #12544
-
-- cmake: whitespace tidy-up in `OtherTests.cmake`
-
- Closes #12538
-
-Mark Sinkovics (16 Dec 2023)
-
-- cmake: fix generation for system name iOS
-
- This PR fixes a problem that happens during CMake configuration when
- the `CMAKE_SYSTEM_NAME` set to `iOS` and not `Darwin`. This value is
- available (as far as I remember) version 3.14. The final solution
- (thanks to @vszakats) is to use `APPLE` which contains all the Apple
- platforms https://cmake.org/cmake/help/latest/variable/APPLE.html.
-
- This issue was found when during vcpkg installation. Running command
- `vcpkg install curl:arm64-ios` and `vcpkg install curl:x64-ios` failed
- with message:
- ```
- CMake Error: try_run() invoked in cross-compiling mode, please set the follow
- ing cache variables appropriately:
- HAVE_H_ERRNO_ASSIGNABLE_EXITCODE (advanced)
- ```
- After this fix, I was able to compile the compile the binary without
- any issue.
-
- In addition to that fix, this PR also contains an simplification to
- check if the platform is not APPLE.
-
- Co-authored-by: Viktor Szakats
- Closes #12515
-
-Daniel Stenberg (16 Dec 2023)
-
-- RELEASE-NOTES: synced
-
-Baruch Siach (16 Dec 2023)
-
-- gnutls: fix build with --disable-verbose
-
- infof() parameters must be defined event with --disable-verbose since
- commit dac293cfb702 ("lib: apache style infof and trace
- macros/functions").
-
- Move also 'ptr' definition under !CURL_DISABLE_VERBOSE_STRINGS.
-
- Fixes the following build failure:
-
- In file included from ../lib/sendf.h:29,
- from vtls/gtls.c:44:
- vtls/gtls.c: In function 'Curl_gtls_verifyserver':
- vtls/gtls.c:841:34: error: 'version' undeclared (first use in this function);
- did you mean 'session'?
- 841 | gnutls_protocol_get_name(version), ptr);
- | ^~~~~~~
-
- Closes #12505
-
-Viktor Szakats (16 Dec 2023)
-
-- build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}`
-
- Stop setting `HAVE_GSSHEIMDAL`, `HAVE_GSSMIT` and `HAVE_HEIMDAL`.
- There was no place in the build system or source code that used them.
-
- Reviewed-by: Daniel Stenberg
- Closes #12506
-
-- build: remove redundant `CURL_PULL_*` settings
-
- These macros were not propagated to the source code from CMake.
-
- autotools set only one of them (`CURL_PULL_SYS_POLL_H`), initially to
- address an AIX issue [1]. This later broke when introducing `system.h`
- [2] without the logic it enabled. A subsequent fix [3] re-added the
- logic, and also enabled it for AIX before its use, directly in
- `system.h`.
-
- [1] 2012-11-23: 665adcd4b7bcdb7deb638cdc499fbe71f8d777f2
- [2] 2017-03-29: 9506d01ee50d5908138ebad0fd9fbd39b66bd64d #1373
- [3] 2017-08-25: 8a84fcc4b59e8b78d2acc6febf44a43d6bc81b59 #1828 #1833
-
- Reviewed-by: Daniel Stenberg
- Closes #12502
-
-- system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers
-
- Align mingw with the other Windows compilers and use the `int` type for
- `CURL_TYPEOF_CURL_SOCKLEN_T` (and thus for `curl_socklent_t`). This
- makes it unnecessary to make a mingw-specific trick and pull all Windows
- headers early just for this type definition. This type is specific to
- Windows, not to the compiler. mingw-w64's Windows header maps it to
- `int` too.
-
- With this we also delete all remaining uses of `CURL_PULL_WS2TCPIP_H`.
-
- [ The official solution is to use `socklen_t` for all Windows compilers.
- In this case we may want to update `curl/curl.h` to pull in Windows
- headers before `system.h`. ]
-
- Reviewed-by: Daniel Stenberg
- Reviewed-by: Jay Satiro
- Closes #12501
-
-- windows: simplify detecting and using system headers
-
- - autotools, cmake: assume that if we detect Windows, `windows.h`,
- `winsock2.h` and `ws2tcpip.h` do exist.
- - lib: fix 3 outlier `#if` conditions to use `USE_WINSOCK` instead of
- looking for `winsock2.h`.
- - autotools: merge 3 Windows check methods into one.
- - move Watt-32 and lwIP socket support to `setup-win32.h` from
- `config-win32.h`. It opens up using these with all build tools. Also
- merge logic with Windows Sockets.
- - fix to assume Windows sockets with the mingw32ce toolchain.
- Follow-up to: 2748c64d605b19fb419ae56810ad8da36487a2d4
- - cmake: delete unused variable `signature_call_conv` since
- eb33ccd5332435fa50f1758e5debb869c6942b7f.
- - autotools: simplify `CURL_CHECK_WIN32_LARGEFILE` detection.
- - examples/externalsocket: fix header order.
- - cmake/OtherTests.cmake: delete Windows-specific `_source_epilogue`
- that wasn't used anymore.
- - cmake/OtherTests.cmake: set `WIN32_LEAN_AND_MEAN` for test
- `SIZEOF_STRUCT_SOCKADDR_STORAGE`.
-
- After this patch curl universally uses `_WIN32` to guard
- Windows-specific logic. It guards Windows Sockets-specific logic with
- `USE_WINSOCK` (this might need further work).
-
- Reviewed-by: Jay Satiro
- Closes #12495
-
-- build: enable missing OpenSSF-recommended warnings, with fixes
-
- https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening
- -Guide-for-C-and-C++.html
- as of 2023-11-29 [1].
-
- Enable new recommended warnings (except `-Wsign-conversion`):
-
- - enable `-Wformat=2` for clang (in both cmake and autotools).
- - add `CURL_PRINTF()` internal attribute and mark functions accepting
- printf arguments with it. This is a copy of existing
- `CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible
- with redefinting the `printf` symbol:
- https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94
- - fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for
- mingw-w64 and enable it on this platform.
- - enable `-Wimplicit-fallthrough`.
- - enable `-Wtrampolines`.
- - add `-Wsign-conversion` commented with a FIXME.
- - cmake: enable `-pedantic-errors` the way we do it with autotools.
- Follow-up to d5c0351055d5709da8f3e16c91348092fdb481aa #2747
- - lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format
- checks. Previously it was always disabled due to the internal `printf`
- macro.
-
- Fix them:
-
- - fix bug where an `set_ipv6_v6only()` call was missed in builds with
- `--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`.
- - add internal `FALLTHROUGH()` macro.
- - replace obsolete fall-through comments with `FALLTHROUGH()`.
- - fix fallthrough markups: Delete redundant ones (showing up as
- warnings in most cases). Add missing ones. Fix indentation.
- - silence `-Wformat-nonliteral` warnings with llvm/clang.
- - fix one `-Wformat-nonliteral` warning.
- - fix new `-Wformat` and `-Wformat-security` warnings.
- - fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its
- definition to `lib/curl_setup.h` allowing use in `tests/server`.
- - lib: fix two wrongly passed string arguments in log outputs.
- Co-authored-by: Jay Satiro
- - fix new `-Wformat` warnings on mingw-w64.
-
- [1] https://github.com/ossf/wg-best-practices-os-developers/blob/56c0fde3895b
- fc55c8a973ef49a2572c507b2ae1/docs/Compiler-Hardening-Guides/Compiler-Options-
- Hardening-Guide-for-C-and-C%2B%2B.md
-
- Closes #12489
-
-- Makefile.mk: drop Windows support
-
- And DLL-support with it. This leaves `Makefile.mk` for MS-DOS and Amiga.
-
- We recommend CMake instead. With unity mode it's much faster, and about
- the same without.
-
- Ref: https://github.com/curl/curl/pull/12221#issuecomment-1783761806
- Reviewed-by: Daniel Stenberg
- Closes #12224
-
-Daniel Stenberg (16 Dec 2023)
-
-- cmdline-docs: use .IP consistently
-
- Remove use of .TP and some .B. The idea is to reduce nroff syntax as
- much as possible and to use it consistently. Ultimately, we should be
- able to introduce our own easier-to-use-and-read syntax/formatting and
- convert on generation time.
-
- Closes #12535
-
-Tatsuhiko Miyagawa (16 Dec 2023)
-
-- http: fix off-by-one error in request method length check
-
- It should allow one more byte.
-
- Closes #12534
-
-Daniel Stenberg (15 Dec 2023)
-
-- curl: show ipfs and ipns as supported "protocols"
-
- They are accepted schemes in URLs passed to curl (the tool, not the
- library).
-
- Also makes curl-config show the same list.
-
- Co-Authored-by: Jay Satiro
- Reported-by: Chara White
- Bug: https://curl.se/mail/archive-2023-12/0026.html
- Closes #12508
-
-- Revert "urldata: move async resolver state from easy handle to connectdata"
-
- This reverts commit 56a4db2e4e2bcb9a0dcb75b83560a78ef231fcc8 (#12198)
-
- We want the c-ares channel to be held in the easy handle, not per
- connection - for performance.
-
- Closes #12524
-
-Viktor Szakats (15 Dec 2023)
-
-- openssl: re-match LibreSSL deinit with init
-
- Earlier we switched to use modern initialization with LibreSSL v2.7.0
- and up, but did not touch deinitialization [1]. Fix it in this patch.
-
- Regression from bec0c5bbf34369920598678161d2df8bea0e243b #11611
-
- [1] https://github.com/curl/curl/pull/11611#issuecomment-1668654014
-
- Reported-by: Mike Hommey
- Reviewed-by: Daniel Stenberg
- Fixes #12525
- Closes #12526
-
-Daniel Stenberg (14 Dec 2023)
-
-- libssh: supress warnings without version check
-
- Define unconditionally.
-
- Follow-up from d21bd2190c46ad7fa
-
- Closes #12523
-
-- hostip: return error immediately when Curl_ip2addr() fails
-
- Closes #12522
-
-Theo (14 Dec 2023)
-
-- libssh: improve the deprecation warning dismissal
-
- Previous code was compiler dependant, and dismissed all deprecation warnings
- indiscriminately.
-
- libssh provides a way to disable the deprecation warnings for libssh only, an
- d
- naturally this is the preferred way.
-
- This commit uses that, to prevent the erroneous hiding of potential, unrelate
- d
- deprecation warnings.
-
- Fixes #12519
- Closes #12520
-
-Daniel Stenberg (14 Dec 2023)
-
-- test1474: removed
-
- The test was already somewhat flaky and disabled on several platforms,
- and after 1da640abb688 even more unstable.
-
-- readwrite_data: loop less
-
- This function is made to loop in order to drain incoming data
- faster. Completely removing the loop has a measerably negative impact on
- transfer speeds.
-
- Downsides with the looping include
-
- - it might call the progress callback much more seldom. Especially if
- the write callback is slow.
-
- - rate limiting becomes less exact
-
- - a single transfer might "starve out" other parallel transfers
-
- - QUIC timers for other connections can't be maintained correctly
-
- The long term fix should be to remove the loop and optimize coming back
- to avoid the transfer speed penalty.
-
- This fix lower the max loop count to reduce the starvation problem, and
- avoids the loop completely for when rate-limiting is in progress.
-
- Ref: #12488
- Ref: https://curl.se/mail/lib-2023-12/0012.html
- Closes #12504
-
-Stefan Eissing (14 Dec 2023)
-
-- lib: eliminate `conn->cselect_bits`
-
- - use `data->state.dselect_bits` everywhere instead
- - remove `bool *comeback` parameter as non-zero
- `data->state.dselect_bits` will indicate that IO is
- incomplete.
-
- Closes #12512
-
-- connect: refactor `Curl_timeleft()`
-
- - less local vars, "better" readability
- - added documentation
-
- Closes #12518
-
-Dmitry Karpov (14 Dec 2023)
-
-- cookie: avoid fopen with empty file name
-
- Closes #12514
-
-Viktor Szakats (13 Dec 2023)
-
-- tests/server: delete workaround for old-mingw
-
- mingw-w64 1.0 comes with w32api v3.12, thus doesn't need this.
-
- Follow-up to 38029101e2d78ba125732b3bab6ec267b80a0e72 #11625
-
- Reviewed-by: Jay Satiro
- Closes #12510
-
-- cmake: delete obsolete TODOs more [ci skip]
-
- - manual completed: 898b012a9bf388590c4be7f526815b5ab74feca1 #1288
- - soname completed: 5de6848f104d7cb0017080e31216265ac19d0dde #10023
- - bunch of others that are completed
- - `NTLM_WB_ENABLED` is implemented in a basic form, and now also
- scheduled for removal, so a TODO at this point isn't useful.
-
- And this 'to-check' item:
-
- Q: "The cmake build selected to run gcc with -fPIC on my box while the
- plain configure script did not."
-
- A: With CMake, since 2ebc74c36a19a1700af394c16855ce144d9878e3 #11546
- and fc9bfb14520712672b4784e8b48256fb29204011 #11627, we explicitly
- enable PIC for libcurl shared lib. Or when building libcurl for
- shared and static lib in a single pass. We do this by default for
- Windows or when enabled by the user via `SHARE_LIB_OBJECT`.
- Otherwise we don't touch this setting. Meaning the default set by
- CMake (if any) or the toolchain is used. On Debian Bookworm, this
- means that PIC is disabled for static libs by default. Some platforms
- (like macOS), has PIC enabled by default.
- autotools supports the double-pass mode only, and in that case
- CMake seems to match PIC behaviour now (as tested on Linux with gcc.)
-
- Follow-up to 5d5dfdbd1a6c40bd75e982b66f49e1fa3a7eeae7 #12500
-
- Reviewed-by: Jay Satiro
- Closes #12509
-
-Stefan Eissing (12 Dec 2023)
-
-- CLIENT-WRITERS: design and use documentation
-
- Closes #12507
-
-Viktor Szakats (12 Dec 2023)
-
-- cmake: delete obsolete TODO items [ci skip]
-
- There is always room for improvement, but CMake is up to par now with
- autotools, so there is no longer a good reason to keep around these
- inline TODO items.
-
- Answering one of questions:
-
- Q: "The gcc command line use neither -g nor any -O options. As a
- developer, I also treasure our configure scripts's --enable-debug
- option that sets a long range of "picky" compiler options."
-
- A: CMake offers the `CMAKE_BUILD_TYPE` variable to control debug info
- and optimization level. E.g.:
- - `Release` = `-O3` + no debug info
- - `MinSizeRel` = `-Os` + no debug info
- - `Debug` = `-O0` + debug info
-
- https://stackoverflow.com/questions/48754619/what-are-cmake-build-type-deb
- ug-release-relwithdebinfo-and-minsizerel/59314670#59314670
- https://cmake.org/cmake/help/latest/manual/cmake-buildsystem.7.html#defaul
- t-and-custom-configurations
-
- For picky warnings we have the `PICKY_COMPILER` options, enabled by
- default.
-
- Closes #12500
-
-Stefan Eissing (11 Dec 2023)
-
-- CONNECTION-FILTERS: update documentation
-
- Closes #12497
-
-Daniel Stenberg (11 Dec 2023)
-
-- lib: reduce use of strncpy
-
- - bearssl: select cipher without buffer copies
- - http_aws_sigv4: avoid strncpy, require exact timestamp length
- - http_aws_sigv4: use memcpy isntead of strncpy
- - openssl: avoid strncpy calls
- - schannel: check for 1.3 algos without buffer copies
- - strerror: avoid strncpy calls
- - telnet: avoid strncpy, return error on too long inputs
- - vtls: avoid strncpy in multissl_version()
-
- Closes #12499
-
-- CI/distcheck: run full tests
-
- To be able to detect missing files better, this now runs the full CI
- test suite. If done before, it would have detected #12462 before
- release.
-
- Closes #12503
-
-- docs: clean up Protocols: for cmdline options
-
- ... and some other minor polish.
-
- Closes #12496
-
-- cmdline/gen: fix the sorting of the man page options
-
- They were previously sorted based on the file names, which use a .d
- extension, making "data" get placed after "data-binary" etc. Making the
- sort ignore the extention fixes the ordering.
-
- Reported-by: Boris Verkhovskiy
- Bug: https://curl.se/mail/archive-2023-12/0014.html
- Closes #12494
-
-Daniel Gustafsson (9 Dec 2023)
-
-- doh: remove unused local variable
-
- The nurl variable is no longer used during probing following
- a refactoring, so remove.
-
- Closes #12491
-
-Jay Satiro (8 Dec 2023)
-
-- build: fix Windows ADDRESS_FAMILY detection
-
- - Include winsock2.h for Windows ADDRESS_FAMILY detection.
-
- Prior to this change cmake detection didn't work because it included
- ws2def.h by itself, which is missing needed types from winsock2.h.
-
- Prior to this change autotools detection didn't work because it did not
- include any Windows header.
-
- In both cases libcurl would fall back on unsigned short as the address
- family type, which is the same as ADDRESS_FAMILY.
-
- Co-authored-by: Viktor Szakats
-
- Closes https://github.com/curl/curl/pull/12441
-
-Daniel Stenberg (8 Dec 2023)
-
-- lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding
-
- Since the copy does not stop at a null byte, let's not call it anything
- that makes you think it works like the common strndup() function.
-
- Based on feedback from Jay Satiro, Stefan Eissing and Patrick Monnerat
-
- Closes #12490
-
-- convsrctest.pl: removed: not used, not shipped in tarballs
-
-- tests: rename tests scripts to the test number
-
- It is hard to name the scripts sensibly. Lots of them are similarly
- named and the name did not tell which test that used them.
-
- The new approach is rather to name them based on the test number that
- runs them. Also helps us see which scripts are for individual tests
- rather than for general test infra.
-
- - badsymbols.pl -> test1167.pl
- - check-deprecated.pl -> test1222.pl
- - check-translatable-options.pl -> test1544.pl
- - disable-scan.pl -> test1165.pl
- - error-codes.pl -> test1175.pl
- - errorcodes.pl -> test1477.pl
- - extern-scan.pl -> test1135.pl
- - manpage-scan.pl -> test1139.pl
- - manpage-syntax.pl -> test1173.pl
- - markdown-uppercase.pl -> test1275.pl
- - mem-include-scan.pl -> test1132.pl
- - nroff-scan.pl -> test1140.pl
- - option-check.pl -> test1276.pl
- - options-scan.pl -> test971.pl
- - symbol-scan.pl -> test1119.pl
- - version-scan.pl -> test1177.pl
-
- Closes #12487
-
-Michał Antoniak (8 Dec 2023)
-
-- sendf: fix compiler warning with CURL_DISABLE_HEADERS_API
-
- fix MSVC warning C4189: 'htype': local variable is initialized but not
- referenced - when CURL_DISABLE_HEADERS_API is defined.
-
- Closes #12485
-
-Viktor Szakats (8 Dec 2023)
-
-- tidy-up: whitespace
-
- Closes #12484
-
-Stefan Eissing (7 Dec 2023)
-
-- test_02_download: fix paramters to test_02_27
-
- - it is a special client that only ever uses http/2
-
- Closes #12467
-
-Michał Antoniak (7 Dec 2023)
-
-- vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY
-
- Closes #12459
-
-Daniel Stenberg (7 Dec 2023)
-
-- lib: strndup/memdup instead of malloc, memcpy and null-terminate
-
- - bufref: use strndup
- - cookie: use strndup
- - formdata: use strndup
- - ftp: use strndup
- - gtls: use aprintf instead of malloc + strcpy * 2
- - http: use strndup
- - mbedtls: use strndup
- - md4: use memdup
- - ntlm: use memdup
- - ntlm_sspi: use strndup
- - pingpong: use memdup
- - rtsp: use strndup instead of malloc, memcpy and null-terminate
- - sectransp: use strndup
- - socks_gssapi.c: use memdup
- - vtls: use dynbuf instead of malloc, snprintf and memcpy
- - vtls: use strdup instead of malloc + memcpy
- - wolfssh: use strndup
-
- Closes #12453
-
-- strdup: remove the memchr check from Curl_strndup
-
- It makes it possible to clone a binary chunk of data.
-
- Closes #12453
-
-- ftp: handle the PORT parsing without allocation
-
- Also reduces amount of *cpy() calls.
-
- Closes #12456
-
-- RELEASE-NOTES: synced
-
- Bumped to 8.5.1
-
-- url: for disabled protocols, mention if found in redirect
-
- To help users better understand where the URL (and denied scheme) comes
- from. Also removed "in libcurl" from the message, since the disabling
- can be done by the application.
-
- The error message now says "not supported" or "disabled" depending on
- why it was denied:
-
- Protocol "hej" not supported
- Protocol "http" disabled
-
- And in redirects:
-
- Protocol "hej" not supported (in redirect)
- Protocol "http" disabled (in redirect)
-
- Reported-by: Mauricio Scheffer
- Fixes #12465
- Closes #12469
-
-Stefan Eissing (6 Dec 2023)
-
-- sectransp_ make TLSCipherNameForNumber() available in non-verbose config
-
- Reported-by: Cajus Pollmeier
- Closes #12476
- Fixes #12474
-
-YX Hao (6 Dec 2023)
-
-- lib: fix variable undeclared error caused by `infof` changes
-
- `--disable-verbose` yields `CURL_DISABLE_VERBOSE_STRINGS` defined.
- `infof` isn't `Curl_nop_stmt` anymore: dac293c.
-
- Follow-up to dac293c
-
- Closes #12470
-
-Viktor Szakats (6 Dec 2023)
-
-- tidy-up: fix yamllint whitespace issues in labeler.yml
-
- Follow-up to bda212911457c6fadfbba50be61afc4ca513fa56 #12466
-
- Reviewed-by: Dan Fandrich
- Closes #12475
-
-- tidy-up: fix yamllint whitespace issues
-
- Closes #12466
-
-Chris Sauer (6 Dec 2023)
-
-- cmake: fix typo
-
- Follow-up to aace27b
- Closes #12464
-
-Daniel Stenberg (6 Dec 2023)
-
-- dist: add tests/errorcodes.pl to the tarball
-
- Used by test 1477
-
- Reported-by: Xi Ruoyao
- Follow-up to 0ca3a4ec9a7
- Fixes #12462
- Closes #12463
-
-Dan Fandrich (6 Dec 2023)
-
-- github/labeler: update a missed key in the v5 upgrade
-
- Follow-up to ce03fe3ba
-
-Version 8.5.0 (6 Dec 2023)
-
-Daniel Stenberg (6 Dec 2023)
-
-- RELEASE-NOTES: synced
-
- The curl 8.5.0 release.
-
-Dan Fandrich (5 Dec 2023)
-
-- github/labeler: switch from the beta to labeler v5
-
- Some keys were renamed and the dot option was made default.
-
- Closes #12458
-
-Daniel Stenberg (5 Dec 2023)
-
-- DEPRECATE: remove NTLM_WB in June 2024
-
- Ref: https://curl.se/mail/lib-2023-12/0010.html
-
- Closes #12451
-
-Jacob Hoffman-Andrews (4 Dec 2023)
-
-- rustls: implement connect_blocking
-
- Closes #11647
-
-Daniel Stenberg (4 Dec 2023)
-
-- examples/rtsp-options.c: add
-
- Just a bare bones RTSP example using CURLOPT_RTSP_SESSION_ID and
- CURLOPT_RTSP_REQUEST set to CURL_RTSPREQ_OPTIONS.
-
- Closes #12452
-
-Stefan Eissing (4 Dec 2023)
-
-- ngtcp2: ignore errors on unknown streams
-
- - expecially in is_alive checks on connections, we might
- see incoming packets on streams already forgotten and closed,
- leading to errors reported by nghttp3. Ignore those.
-
- Closes #12449
-
-Daniel Stenberg (4 Dec 2023)
-
-- docs: make all examples in all libcurl man pages compile
-
- Closes #12448
-
-- checksrc.pl: support #line instructions
-
- makes it identify the correct source file and line
-
-- GHA/man-examples: verify libcurl man page examples
-
-- verify-examples.pl: verify that all man page examples compile clean
-
-- RELEASE-NOTES: synced
-
-Graham Campbell (2 Dec 2023)
-
-- http3: bump ngtcp2 and nghttp3 versions
-
- nghttp3 v1.1.0
- ngtcp2 v1.1.0
-
- In docs and CI
-
- Closes #12446
-
-- CI/quiche: use `3.1.4+quic` consistently in CI workflows
-
- Closes #12447
-
-Viktor Szakats (2 Dec 2023)
-
-- test1545: disable deprecation warnings
-
- Fixes:
- https://ci.appveyor.com/project/curlorg/curl/builds/48631551/job/bhx74e0i66yr
- p6pk#L1205
-
- Same with details:
- https://ci.appveyor.com/project/curlorg/curl/builds/48662893/job/ol8a78q9gmil
- b6wt#L1263
- ```
- tests/libtest/lib1545.c:38:3: error: 'curl_formadd' is deprecated: since 7.56
- .0. Use curl_mime_init() [-Werror=deprecated-declarations]
- 38 | curl_formadd(&m_formpost, &lastptr, CURLFORM_COPYNAME, "file",
- | ^~~~~~~~~~~~
- [...]
- ```
-
- Follow-up to 07a3cd83e0456ca17dfd8c3104af7cf45b7a1ff5 #12421
-
- Fixes #12445
- Closes #12444
-
-Daniel Stenberg (2 Dec 2023)
-
-- INSTALL: update list of ports and CPU archs
-
-- symbols-in-versions: the CLOSEPOLICY options are deprecated
-
- The were used with the CURLOPT_CLOSEPOLICY option, which *never* worked.
-
-z2_ (1 Dec 2023)
-
-- build: fix builds that disable protocols but not digest auth
-
- - Build base64 functions if digest auth is not disabled.
-
- Prior to this change if some protocols were disabled but not digest auth
- then a build error would occur due to missing base64 functions.
-
- Fixes https://github.com/curl/curl/issues/12440
- Closes https://github.com/curl/curl/pull/12442
-
-Michał Antoniak (1 Dec 2023)
-
-- connect: reduce number of transportation providers
-
- Use only the ones necessary - the ones that are built-in. Saves a few
- bytes in the resulting code.
-
- Closes #12438
-
-David Benjamin (1 Dec 2023)
-
-- vtls: consistently use typedef names for OpenSSL structs
-
- The foo_st names don't appear in OpenSSL public API documentation. The
- FOO typedefs are more common. This header was already referencing
- SSL_CTX via <openssl/ssl.h>. There is a comment about avoiding
- <openssl/x509v3.h>, but OpenSSL actually declares all the typedefs in
- <openssl/ossl_typ.h>, which is already included by <openssl/ssl.h> (and
- every other OpenSSL header), so just use that. Though I've included it
- just to be explicit.
-
- (I'm also fairly sure including <openssl/ssl.h> already triggers the
- Schannel conflicts anyway. The comment was probably just out of date.)
-
- Closes #12439
-
-Lau (1 Dec 2023)
-
-- libcurl-security.3: fix typo
-
- Fixed minimal typo.
-
- Closes #12437
-
-Stefan Eissing (1 Dec 2023)
-
-- ngtcp2: fix races in stream handling
-
- - fix cases where ngtcp2 invokes callbacks on streams that
- nghttp3 has already forgotten. Ignore the NGHTTP3_ERR_STREAM_NOT_FOUND
- in these cases as it is normal behaviour.
-
- Closes #12435
-
-Emanuele Torre (1 Dec 2023)
-
-- tool_writeout_json: fix JSON encoding of non-ascii bytes
-
- char variables if unspecified can be either signed or unsigned depending
- on the platform according to the C standard; in most platforms, they are
- signed.
-
- This meant that the *i<32 waas always true for bytes with the top bit
- set. So they were always getting encoded as \uXXXX, and then since they
- were also signed negative, they were getting extended with 1s causing
- '\xe2' to be expanded to \uffffffe2, for example:
-
- $ curl --variable 'v=“' --expand-write-out '{{v:json}}\n' file:///dev/nul
- l
- \uffffffe2\uffffff80\uffffff9c
-
- I fixed this bug by making the code use explicitly unsigned char*
- variables instead of char* variables.
-
- Test 268 verifies
-
- Reported-by: iconoclasthero
- Closes #12434
-
-Stefan Eissing (1 Dec 2023)
-
-- cf-socket: TCP trace output local address used in connect
-
- Closes #12427
-
-Jay Satiro (1 Dec 2023)
-
-- CURLINFO_PRETRANSFER_TIME_T.3: fix time explanation
-
- - Change CURLINFO_PRETRANSFER_TIME_T explanation to say that it
- includes protocol-specific instructions that trigger a transfer.
-
- Prior to this change it explicitly said that it did not include those
- instructions in the time, but that is incorrect.
-
- The change is a copy of the fixed explanation already in
- CURLINFO_PRETRANSFER_TIME, fixed by ec8dcd7b.
-
- Reported-by: eeverettrbx@users.noreply.github.com
-
- Fixes https://github.com/curl/curl/issues/12431
- Closes https://github.com/curl/curl/pull/12432
-
-Daniel Stenberg (30 Nov 2023)
-
-- multi: during ratelimit multi_getsock should return no sockets
-
- ... as there is nothing to wait for then, it just waits. Otherwise, this
- causes much more CPU work and updates than necessary during ratelimit
- periods.
-
- Ref: https://curl.se/mail/lib-2023-11/0056.html
- Closes #12430
-
-Dmitry Karpov (30 Nov 2023)
-
-- transfer: abort pause send when connection is marked for closing
-
- This handles cases of some bi-directional "upgrade" scenarios
- (i.e. WebSockets) where sending is paused until some "upgrade" handshake
- is completed, but server rejects the handshake and closes the
- connection.
-
- Closes #12428
-
-Daniel Stenberg (28 Nov 2023)
-
-- RELEASE-NOTES: synced
-
-- openssl: when a session-ID is reused, skip OCSP stapling
-
- Fixes #12399
- Reported-by: Alexey Larikov
- Closes #12418
-
-- test1545: test doing curl_formadd twice with missing file
-
- Reproduces #12410
- Verifies the fix
- Closes #12421
-
-- Curl_http_body: cleanup properly when Curl_getformdata errors
-
- Reported-by: yushicheng7788 on github
- Based-on-work-by: yushicheng7788 on github
- Fixes #12410
- Closes #12421
-
-- test1477: verify that libcurl-errors.3 and public headers are synced
-
- The script errorcodes.pl extracts all error codes from all headers and
- checks that they are all documented, then checks that all documented
- error codes are also specified in a header file.
-
- Closes #12424
-
-- libcurl-errors.3: sync with current public headers
-
- Closes #12424
-
-Stefan Eissing (28 Nov 2023)
-
-- test459: fix for parallel runs
-
- - change warniing message to work better with varying filename
- length.
- - adapt test output check to new formatting
-
- Follow-up to 97ccc4479f77ba3191c6
- Closes #12423
-
-Daniel Stenberg (27 Nov 2023)
-
-- tool_cb_prg: make the carriage return fit for wide progress bars
-
- When the progress bar was made max width (256 columns), the fly()
- function attempted to generate its output buffer too long so that the
- trailing carriage return would not fit and then the output would show
- wrongly. The fly function is called when the expected total transfer is
- unknown, which could be one or more progress calls before the actual
- progress meter get shown when the expected transfer size is provided.
-
- This new take also replaces the msnprintf() call with a much simpler
- memset() for speed.
-
- Reported-by: Tim Hill
- Fixes #12407
- Closes #12415
-
-- tool_parsecfg: make warning output propose double-quoting
-
- When the config file parser detects a word that *probably* should be
- quoted, mention double-quotes as a possible remedy.
-
- Test 459 verifies.
-
- Proposed-by: Jiehong on github
- Fixes #12409
- Closes #12412
-
-Jay Satiro (26 Nov 2023)
-
-- curl.rc: switch out the copyright symbol for plain ASCII
-
- .. like we already do for libcurl.rc.
-
- libcurl.rc copyright symbol used to cause a "non-ascii 8-bit codepoint"
- warning so it was switched to ascii.
-
- Ref: https://github.com/curl/curl/commit/1ca62bb5#commitcomment-133474972
-
- Suggested-by: Robert Southee
-
- Closes https://github.com/curl/curl/pull/12403
-
-Daniel Stenberg (26 Nov 2023)
-
-- conncache: use the closure handle when disconnecting surplus connections
-
- Use the closure handle for disconnecting connection cache entries so
- that anything that happens during the disconnect is not stored and
- associated with the 'data' handle which already just finished a transfer
- and it is important that details from the unrelated disconnect does not
- taint meta-data in the data handle.
-
- Like storing the response code.
-
- This also adjust test 1506. Unfortunately it also removes a key part of
- the test that verifies that a connection is closed since when this
- output vanishes (because the closure handle is used), we don't know
- exactly that the connection actually gets closed in this test...
-
- Reported-by: ohyeaah on github
- Fixes #12367
- Closes #12405
-
-- RELEASE-NOTES: synced
-
-Stefan Eissing (24 Nov 2023)
-
-- quic: make eyeballers connect retries stop at weird replies
-
- - when a connect immediately goes into DRAINING state, do
- not attempt retries in the QUIC connection filter. Instead,
- return CURLE_WEIRD_SERVER_REPLY
- - When eyeballing, interpret CURLE_WEIRD_SERVER_REPLY as an
- inconclusive answer. When all addresses have been attempted,
- rewind the address list once on an inconclusive answer.
- - refs #11832 where connects were retried indefinitely until
- the overall timeout fired
-
- Closes #12400
-
-Daniel Stenberg (24 Nov 2023)
-
-- CI: verify libcurl function SYNPOSIS sections
-
- With the .github/scripits/verify-synopsis.pl script
-
- Closes #12402
-
-- docs/libcurl: SYNSOPSIS cleanup
-
- - use the correct include file
- - make sure they are declared as in the header file
- - fix minor nroff syntax mistakes (missing .fi)
-
- These are verified by verify-synopsis.pl, which extracts the SYNPOSIS
- code and runs it through gcc.
-
- Closes #12402
-
-- sendf: fix comment typo
-
-- fopen: allocate the dir after fopen
-
- Move the allocation of the directory name down to after the fopen() call
- to allow that shortcut code path to avoid a superfluous malloc+free
- cycle.
-
- Follow-up to 73b65e94f35311
-
- Closes #12398
-
-Stefan Eissing (24 Nov 2023)
-
-- transfer: cleanup done+excess handling
-
- - add `SingleRequest->download_done` as indicator that
- all download bytes have been received
- - remove `stop_reading` bool from readwrite functions
- - move excess body handling into client download writer
-
- Closes #12371
-
-Daniel Stenberg (23 Nov 2023)
-
-- fopen: create new file using old file's mode
-
- Because the function renames the temp file to the target name as a last
- step, if the file was previously owned by a different user, not ORing
- the old mode could otherwise end up creating a file that was no longer
- readable by the original owner after save.
-
- Reported-by: Loïc Yhuel
- Fixes #12299
- Closes #12395
-
-- test1476: require proxy
-
- Follow-up from 323df4261c3542
-
- Closes #12394
-
-- fopen: create short(er) temporary file name
-
- Only using random letters in the name plus a ".tmp" extension. Not by
- appending characters to the final file name.
-
- Reported-by: Maksymilian Arciemowicz
-
- Closes #12388
-
-Stefan Eissing (23 Nov 2023)
-
-- tests: git ignore generated second-hsts.txt file
-
- File is generated in test lib1900
-
- Follow-up to 7cb03229d9e9c5
-
- Closes #12393
-
-Viktor Szakats (23 Nov 2023)
-
-- openssl: enable `infof_certstack` for 1.1 and LibreSSL 3.6
-
- Lower the barrier to enable `infof_certstack()` from OpenSSL 3 to
- OpenSSL 1.1.x, and LibreSSL 3.6 or upper.
-
- With the caveat, that "group name" and "type name" are missing from
- the log output with these TLS backends.
-
- Follow-up to b6e6d4ff8f253c8b8055bab9d4d6a10f9be109f3 #12030
-
- Reviewed-by: Daniel Stenberg
- Closes #12385
-
-Daniel Stenberg (23 Nov 2023)
-
-- urldata: fix typo in comment
-
-- CI: codespell
-
- The list of words to ignore is in the file
- .github/scripts/codespell-ignore.txt
-
- Closes #12390
-
-- lib: fix comment typos
-
- Five separate ones, found by codespell
-
- Closes #12390
-
-- test1476: verify cookie PSL mixed case
-
-- cookie: lowercase the domain names before PSL checks
-
- Reported-by: Harry Sintonen
-
- Closes #12387
-
-Viktor Szakats (23 Nov 2023)
-
-- openssl: fix building with v3 `no-deprecated` + add CI test
-
- - build quictls with `no-deprecated` in CI to have test coverage for
- this OpenSSL 3 configuration.
-
- - don't call `OpenSSL_add_all_algorithms()`, `OpenSSL_add_all_digests()`.
- The caller code is meant for OpenSSL 3, while these two functions were
- only necessary before OpenSSL 1.1.0. They are missing from OpenSSL 3
- if built with option `no-deprecated`, causing build errors:
- ```
- vtls/openssl.c:4097:3: error: call to undeclared function 'OpenSSL_add_all_
- algorithms'; ISO C99 and later do not support implicit function declaration
- s [-Wimplicit-function-declaration]
- vtls/openssl.c:4098:3: error: call to undeclared function 'OpenSSL_add_all_
- digests'; ISO C99 and later do not support implicit function declarations [
- -Wimplicit-function-declaration]
- ```
- Ref: https://ci.appveyor.com/project/curlorg/curl-for-win/builds/48587418?f
- ullLog=true#L7667
-
- Regression from b6e6d4ff8f253c8b8055bab9d4d6a10f9be109f3 #12030
- Bug: https://github.com/curl/curl/issues/12380#issuecomment-1822944669
- Reviewed-by: Alex Bozarth
-
- - vquic/curl_ngtcp2: fix using `SSL_get_peer_certificate` with
- `no-deprecated` quictls 3 builds.
- Do it by moving an existing solution for this from `vtls/openssl.c`
- to `vtls/openssl.h` and adjusting caller code.
- ```
- vquic/curl_ngtcp2.c:1950:19: error: implicit declaration of function 'SSL_g
- et_peer_certificate'; did you mean 'SSL_get1_peer_certificate'? [-Wimplicit
- -function-declaration]
- ```
- Ref: https://github.com/curl/curl/actions/runs/6960723097/job/18940818625#s
- tep:24:1178
-
- - curl_ntlm_core: fix `-Wunused-parameter`, `-Wunused-variable` and
- `-Wunused-function` when trying to build curl with NTLM enabled but
- without the necessary TLS backend (with DES) support.
-
- Closes #12384
-
-- curl.h: delete Symbian OS references
-
- curl deprecated Symbian OS in 3d64031fa7a80ac4ae3fd09a5939196268b92f81
- via #5989. Delete references to it from public headers, because there
- is no fresh release to use those headers with.
-
- Reviewed-by: Dan Fandrich
- Reviewed-by: Jay Satiro
- Closes #12378
-
-- windows: use built-in `_WIN32` macro to detect Windows
-
- Windows compilers define `_WIN32` automatically. Windows SDK headers
- or build env defines `WIN32`, or we have to take care of it. The
- agreement seems to be that `_WIN32` is the preferred practice here.
- Make the source code rely on that to detect we're building for Windows.
-
- Public `curl.h` was using `WIN32`, `__WIN32__` and `CURL_WIN32` for
- Windows detection, next to the official `_WIN32`. After this patch it
- only uses `_WIN32` for this. Also, make it stop defining `CURL_WIN32`.
-
- There is a slight chance these break compatibility with Windows
- compilers that fail to define `_WIN32`. I'm not aware of any obsolete
- or modern compiler affected, but in case there is one, one possible
- solution is to define this macro manually.
-
- grepping for `WIN32` remains useful to discover Windows-specific code.
-
- Also:
-
- - extend `checksrc` to ensure we're not using `WIN32` anymore.
-
- - apply minor formatting here and there.
-
- - delete unnecessary checks for `!MSDOS` when `_WIN32` is present.
-
- Co-authored-by: Jay Satiro
- Reviewed-by: Daniel Stenberg
-
- Closes #12376
-
-Stefan Eissing (22 Nov 2023)
-
-- url: ConnectionExists revisited
-
- - have common pattern of `if not match, continue`
- - revert pages long if()s to return early
- - move dead connection check to later since it may
- be relatively expensive
- - check multiuse also when NOT building with NGHTTP2
- - for MULTIUSE bundles, verify that the inspected
- connection indeed supports multiplexing when in use
- (bundles may contain a mix of connection, afaict)
-
- Closes #12373
-
-Daniel Stenberg (22 Nov 2023)
-
-- CURLMOPT_MAX_CONCURRENT_STREAMS: make sure the set value is within range
-
- ... or use the default value.
-
- Also clarify the documentation language somewhat.
-
- Closes #12382
-
-- urldata: make maxconnects a 32 bit value
-
- "2^32 idle connections ought to be enough for anybody"
-
- Closes #12375
-
-- FEATURES: update the URL phrasing
-
- The URL is length limited since a while back so "no limit" simply is not
- true anymore. Mention the URL RFC standard used instead.
-
- Closes #12383
-
-- wolfssh: remove redundant static prototypes
-
- vssh/wolfssh.c:346:18: error: redundant redeclaration of ‘wscp_recv’ [-We
- rror=redundant-decls]
-
- Closes #12381
-
-- setopt: remove superfluous use of ternary expressions
-
- Closes #12374
-
-- mime: store "form escape" as a single bit
-
- Closes #12374
-
-- setopt: check CURLOPT_TFTP_BLKSIZE range on set
-
- ... instead of later when the transfer is about to happen.
-
- Closes #12374
-
-Viktor Szakats (21 Nov 2023)
-
-- build: add more picky warnings and fix them
-
- Enable more picky compiler warnings. I've found these options in the
- nghttp3 project when implementing the CMake quick picky warning
- functionality for it [1].
-
- `-Wunused-macros` was too noisy to keep around, but fixed a few issues
- it revealed while testing.
-
- - autotools: reflect the more precisely-versioned clang warnings.
- Follow-up to 033f8e2a08eb1d3102f08c4d8c8e85470f8b460e #12324
- - autotools: sync between clang and gcc the way we set `no-multichar`.
- - autotools: avoid setting `-Wstrict-aliasing=3` twice.
- - autotools: disable `-Wmissing-noreturn` for MSYS gcc targets [2].
- It triggers in libtool-generated stub code.
-
- - lib/timeval: delete a redundant `!MSDOS` guard from a `WIN32` branch.
-
- - lib/curl_setup.h: delete duplicate declaration for `fileno`.
- Added in initial commit ae1912cb0d494b48d514d937826c9fe83ec96c4d
- (1999-12-29). This suggests this may not be needed anymore, but if
- it does, we may restore this for those specific (non-Windows) systems.
- - lib: delete unused macro `FTP_BUFFER_ALLOCSIZE` since
- c1d6fe2aaa5a26e49a69a4f2495b3cc7a24d9394.
- - lib: delete unused macro `isxdigit_ascii` since
- f65f750742068f579f4ee6d8539ed9d5f0afcb85.
- - lib/mqtt: delete unused macro `MQTT_HEADER_LEN`.
- - lib/multi: delete unused macro `SH_READ`/`SH_WRITE`.
- - lib/hostip: add `noreturn` function attribute via new `CURL_NORETURN`
- macro.
- - lib/mprintf: delete duplicate declaration for `Curl_dyn_vprintf`.
- - lib/rand: fix `-Wunreachable-code` and related fallouts [3].
- - lib/setopt: fix `-Wunreachable-code-break`.
- - lib/system_win32 and lib/timeval: fix double declarations for
- `Curl_freq` and `Curl_isVistaOrGreater` in CMake UNITY mode [4].
- - lib/warnless: fix double declarations in CMake UNITY mode [5].
- This was due to force-disabling the header guard of `warnless.h` to
- to reapply it to source code coming after `warnless.c` in UNITY
- builds. This reapplied declarations too, causing the warnings.
- Solved by adding a header guard for the lines that actually need
- to be reapplied.
- - lib/vauth/digest: fix `-Wunreachable-code-break` [6].
- - lib/vssh/libssh2: fix `-Wunreachable-code-break` and delete redundant
- block.
- - lib/vtls/sectransp: fix `-Wunreachable-code-break` [7].
- - lib/vtls/sectransp: suppress `-Wunreachable-code`.
- Detected in `else` branches of dynamic feature checks, with results
- known at compile-time, e.g.
- ```c
- if(SecCertificateCopySubjectSummary) /* -> true */
- ```
- Likely fixable as a separate micro-project, but given SecureTransport
- is deprecated anyway, let's just silence these locally.
- - src/tool_help: delete duplicate declaration for `helptext`.
- - src/tool_xattr: fix `-Wunreachable-code`.
- - tests: delete duplicate declaration for `unitfail` [8].
- - tests: delete duplicate declaration for `strncasecompare`.
- - tests/libtest: delete duplicate declaration for `gethostname`.
- Originally added in 687df5c8c39c370a59999b9afc0917d808d978b7
- (2010-08-02).
- Got complicated later: c49e9683b85ba9d12cbb6eebc4ab2c8dba68fbdc
- If there are still systems around with warnings, we may restore the
- prototype, but limited for those systems.
- - tests/lib2305: delete duplicate declaration for
- `libtest_debug_config`.
- - tests/h2-download: fix `-Wunreachable-code-break`.
-
- [1] https://github.com/ngtcp2/nghttp3/blob/a70edb08e954d690e8fb2c1df999b5a056
- f8bf9f/cmake/PickyWarningsC.cmake
- [2] https://ci.appveyor.com/project/curlorg/curl/builds/48553586/job/3qkgjaui
- qla5fj45?fullLog=true#L1675
- [3] https://github.com/curl/curl/actions/runs/6880886309/job/18716044703?pr=1
- 2331#step:7:72
- https://github.com/curl/curl/actions/runs/6883016087/job/18722707368?pr=1
- 2331#step:7:109
- [4] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrr
- iklpf1ut#L204
- [5] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrr
- iklpf1ut#L218
- [6] https://github.com/curl/curl/actions/runs/6880886309/job/18716042927?pr=1
- 2331#step:7:290
- [7] https://github.com/curl/curl/actions/runs/6891484996/job/18746659406?pr=1
- 2331#step:9:1193
- [8] https://github.com/curl/curl/actions/runs/6882803986/job/18722082562?pr=1
- 2331#step:33:1870
-
- Closes #12331
-
-Daniel Stenberg (21 Nov 2023)
-
-- transfer: avoid unreachable expression
-
- If curl_off_t and size_t have the same size (which is common on modern
- 64 bit systems), a condition cannot occur which Coverity pointed
- out. Avoid the warning by having the code conditionally only used if
- curl_off_t actually is larger.
-
- Follow-up to 1cd2f0072fa482e25baa2
-
- Closes #12370
-
-Stefan Eissing (21 Nov 2023)
-
-- transfer: readwrite improvements
-
- - changed header/chunk/handler->readwrite prototypes to accept `buf`,
- `blen` and a `pconsumed` pointer. They now get the buffer to work on
- and report back how many bytes they consumed
- - eliminated `k->str` in SingleRequest
- - improved excess data handling to properly calculate with any body data
- left in the headerb buffer
- - eliminated `k->badheader` enum to only be a bool
-
- Closes #12283
-
-Daniel Stenberg (21 Nov 2023)
-
-- RELEASE-NOTES: synced
-
-Jiří Hruška (21 Nov 2023)
-
-- transfer: avoid calling the read callback again after EOF
-
- Regression since 7f43f3dc5994d01b12 (7.84.0)
-
- Bug: https://curl.se/mail/lib-2023-11/0017.html
-
- Closes #12363
-
-Daniel Stenberg (21 Nov 2023)
-
-- doh: provide better return code for responses w/o addresses
-
- Previously it was wrongly returning CURLE_OUT_OF_MEMORY when the
- response did not contain any addresses. Now it more accurately returns
- CURLE_COULDNT_RESOLVE_HOST.
-
- Reported-by: lRoccoon on github
-
- Fixes #12365
- Closes #12366
-
-Stefan Eissing (21 Nov 2023)
-
-- HTTP/2, HTTP/3: handle detach of onoing transfers
-
- - refs #12356 where a UAF is reported when closing a connection
- with a stream whose easy handle was cleaned up already
- - handle DETACH events same as DONE events in h2/h3 filters
-
- Fixes #12356
- Reported-by: Paweł Wegner
- Closes #12364
-
-Viktor Szakats (20 Nov 2023)
-
-- autotools: stop setting `-std=gnu89` with `--enable-warnings`
-
- Do not alter the C standard when building with `--enable-warnings` when
- building with gcc.
-
- On one hand this alters warning results compared to a default build.
- On the other, it may produce different binaries, which is unexpected.
-
- Also fix new warnings that appeared after removing `-std=gnu89`:
-
- - include: fix public curl headers to use the correct printf mask for
- `CURL_FORMAT_CURL_OFF_T` and `CURL_FORMAT_CURL_OFF_TU` with mingw-w64
- and Visual Studio 2013 and newer. This fixes the printf mask warnings
- in examples and tests. E.g. [1]
-
- - conncache: fix printf format string [2].
-
- - http2: fix potential null pointer dereference [3].
- (seen on Slackware with gcc 11.)
-
- - libssh: fix printf format string in SFTP code [4].
- Also make MSVC builds compatible with old CRT versions.
-
- - libssh2: fix printf format string in SFTP code for MSVC.
- Applying the same fix as for libssh above.
-
- - unit1395: fix `argument is null` and related issues [5]:
- - stop calling `strcmp()` with NULL to avoid undefined behaviour.
- - fix checking results if some of them were NULL.
- - do not pass NULL to printf `%s`.
-
- - ci: keep a build job with `-std=gnu89` to continue testing for
- C89-compliance. We can apply this to other gcc jobs as needed.
- Ref: b23ce2cee7329bbf425f18b49973b7a5f23dfcb4 (2022-09-23) #9542
-
- [1] https://dev.azure.com/daniel0244/curl/_build/results?buildId=18581&view=l
- ogs&jobId=ccf9cc6d-2ef1-5cf2-2c09-30f0c14f923b
- [2] https://github.com/curl/curl/actions/runs/6896854263/job/18763831142?pr=1
- 2346#step:6:67
- [3] https://github.com/curl/curl/actions/runs/6896854253/job/18763839238?pr=1
- 2346#step:30:214
- [4] https://github.com/curl/curl/actions/runs/6896854253/job/18763838007?pr=1
- 2346#step:29:895
- [5] https://github.com/curl/curl/actions/runs/6896854253/job/18763836775?pr=1
- 2346#step:33:1689
-
- Closes #12346
-
-- autotools: fix/improve gcc and Apple clang version detection
-
- - Before this patch we expected `n.n` `-dumpversion` output, but Ubuntu
- may return `n-win32` (also with `-dumpfullversion`). Causing these
- errors and failing to enable picky warnings:
- ```
- ../configure: line 23845: test: : integer expression expected
- ```
- Ref: https://github.com/libssh2/libssh2/actions/runs/6263453828/job/1700789
- 3718#step:5:143
-
- Fix that by stripping any dash-suffix and handling a dotless (major-only)
- version number by assuming `.0` in that case.
-
- `9.3-posix`, `9.3-win32`, `6`, `9.3.0`, `11`, `11.2`, `11.2.0`
- Ref: https://github.com/mamedev/mame/pull/9767
-
- - fix Apple clang version detection for releases between
- 'Apple LLVM version 7.3.0' and 'Apple LLVM version 10.0.1' where the
- version was under-detected as 3.7 llvm/clang equivalent.
-
- - fix Apple clang version detection for 'Apple clang version 11.0.0'
- and newer where the Apple clang version was detected, instead of its
- llvm/clang equivalent.
-
- - display detected clang/gcc/icc compiler version.
-
- Via libssh2:
- - https://github.com/libssh2/libssh2/commit/00a3b88c51cdb407fbbb347a2e38c5c7d
- 89875ad
- https://github.com/libssh2/libssh2/pull/1187
- - https://github.com/libssh2/libssh2/commit/89ccc83c7da73e7ca3a112e3500081319
- 42b592e
- https://github.com/libssh2/libssh2/pull/1232
-
- Closes #12362
-
-- autotools: delete LCC compiler support bits
-
- Follow-up to fd7ef00f4305a2919e6950def1cf83d0110a4acd #12222
-
- Closes #12357
-
-- cmake: add test for `DISABLE` options, add `CURL_DISABLE_HEADERS_API`
-
- - tests: verify CMake `DISABLE` options.
-
- Make an exception for 2 CMake-only ones, and one more that's
- using a different naming scheme, also in autotools and source.
-
- - cmake: add support for `CURL_DISABLE_HEADERS_API`.
-
- Suggested-by: Daniel Stenberg
- Ref: https://github.com/curl/curl/pull/12345#pullrequestreview-1736238641
-
- Closes #12353
-
-Jacob Hoffman-Andrews (20 Nov 2023)
-
-- hyper: temporarily remove HTTP/2 support
-
- The current design of the Hyper integration requires rebuilding the
- Hyper clientconn for each request. However, building the clientconn
- requires resending the HTTP/2 connection preface, which is incorrect
- from a protocol perspective. That in turn causes servers to send GOAWAY
- frames, effectively degrading performance to "no connection reuse" in
- the best case. It may also be triggering some bugs where requests get
- dropped entirely and reconnects take too long.
-
- This doesn't rule out HTTP/2 support with Hyper, but it may take a
- redesign of the Hyper integration in order to make things work.
-
- Closes #12191
-
-Jay Satiro (20 Nov 2023)
-
-- schannel: fix unused variable warning
-
- Bug: https://github.com/curl/curl/pull/12349#issuecomment-1818000846
- Reported-by: Viktor Szakats
-
- Closes https://github.com/curl/curl/pull/12361
-
-Daniel Stenberg (19 Nov 2023)
-
-- url: find scheme with a "perfect hash"
-
- Instead of a loop to scan over the potentially 30+ scheme names, this
- uses a "perfect hash" table. This works fine because the set of schemes
- is known and cannot change in a build. The hash algorithm and table size
- is made to only make a single scheme index per table entry.
-
- The perfect hash is generated by a separate tool (scripts/schemetable.c)
-
- Closes #12347
-
-- scripts: add schemetable.c
-
- This tool generates a scheme-matching table.
-
- It iterates over a number of different initial and shift values in order
- to find the hash algorithm that needs the smallest possible table.
-
- The generated hash function, table and table size then needs to be used
- by the url.c:Curl_getn_scheme_handler() function.
-
-Stefan Eissing (19 Nov 2023)
-
-- vtls/vquic, keep peer name information together
-
- - add `struct ssl_peer` to keep hostname, dispname and sni
- for a filter
- - allocate `sni` for use in VTLS backend
- - eliminate `Curl_ssl_snihost()` and its use of the download buffer
- - use ssl_peer in SSL and QUIC filters
-
- Closes #12349
-
-Viktor Szakats (18 Nov 2023)
-
-- build: always revert `#pragma GCC diagnostic` after use
-
- Before this patch some source files were overriding gcc warning options,
- but without restoring them at the end of the file. In CMake UNITY builds
- these options spilled over to the remainder of the source code,
- effecitvely disabling them for a larger portion of the codebase than
- intended.
-
- `#pragma clang diagnostic` didn't have such issue in the codebase.
-
- Reviewed-by: Marcel Raad
- Closes #12352
-
-- tidy-up: casing typos, delete unused Windows version aliases
-
- - cmake: fix casing of `UnixSockets` to match the rest of the codebase.
-
- - curl-compilers.m4: fix casing in a comment.
-
- - setup-win32: delete unused Windows version constant aliases.
-
- Reviewed-by: Marcel Raad
- Closes #12351
-
-- keylog: disable if unused
-
- Fully disable keylog code if there is no TLS or QUIC subsystem using it.
-
- Closes #12350
-
-- cmake: add `CURL_DISABLE_BINDLOCAL` option
-
- To match similar autotools option.
-
- Default is `ON`.
-
- Reviewed-by: Daniel Stenberg
- Closes #12345
-
-- url: fix `-Wzero-length-array` with no protocols
-
- Fixes:
- ```
- ./lib/url.c:178:56: warning: use of an empty initializer is a C2x extension [
- -Wc2x-extensions]
- 178 | static const struct Curl_handler * const protocols[] = {
- | ^
- ./lib/url.c:178:56: warning: zero size arrays are an extension [-Wzero-length
- -array]
- ```
-
- Closes #12344
-
-- url: fix builds with `CURL_DISABLE_HTTP`
-
- Fixes:
- ```
- ./lib/url.c:456:35: error: no member named 'formp' in 'struct UrlState'
- 456 | Curl_mime_cleanpart(data->state.formp);
- | ~~~~~~~~~~~ ^
- ```
-
- Regression from 74b87a8af13a155c659227f5acfa78243a8b2aa6 #11682
-
- Closes #12343
-
-- http: fix `-Wunused-parameter` with no auth and no proxy
-
- ```
- lib/http.c:734:26: warning: unused parameter 'proxy' [-Wunused-parameter]
- bool proxy)
- ^
- ```
-
- Reviewed-by: Marcel Raad
- Closes #12338
-
-Daniel Stenberg (16 Nov 2023)
-
-- TODO: Some TLS options are not offered for HTTPS proxies
-
- Closes #12286
- Closes #12342
-
-- RELEASE-NOTES: synced
-
-- duphandle: make dupset() not return with pointers to old alloced data
-
- As the blob pointers are to be duplicated, the function must not return
- mid-function with lingering pointers to the old handle's allocated data,
- as that would lead to double-free in OOM situations.
-
- Make sure to clear all destination pointers first to avoid this risk.
-
- Closes #12337
-
-Viktor Szakats (16 Nov 2023)
-
-- http: fix `-Wunused-variable` compiler warning
-
- Fix compiler warnings in builds with disabled auths, NTLM and SPNEGO.
-
- E.g. with `CURL_DISABLE_BASIC_AUTH` + `CURL_DISABLE_BEARER_AUTH` +
- `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_NEGOTIATE_AUTH` +
- `CURL_DISABLE_NTLM` on non-Windows.
-
- ```
- ./curl/lib/http.c:737:12: warning: unused variable 'result' [-Wunused-variabl
- e]
- CURLcode result = CURLE_OK;
- ^
- ./curl/lib/http.c:995:18: warning: variable 'availp' set but not used [-Wunus
- ed-but-set-variable]
- unsigned long *availp;
- ^
- ./curl/lib/http.c:996:16: warning: variable 'authp' set but not used [-Wunuse
- d-but-set-variable]
- struct auth *authp;
- ^
- ```
-
- Regression from e92edfbef64448ef461117769881f3ed776dec4e #11490
-
- Fixes #12228
- Closes #12335
-
-Jay Satiro (16 Nov 2023)
-
-- tool: support bold headers in Windows
-
- - If virtual terminal processing is enabled in Windows then use ANSI
- escape codes Esc[1m and Esc[22m to turn bold on and off.
-
- Suggested-by: Gisle Vanem
-
- Ref: https://github.com/curl/curl/discussions/11770
-
- Closes https://github.com/curl/curl/pull/12321
-
-Viktor Szakats (15 Nov 2023)
-
-- build: fix libssh2 + `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_AWS`
-
- Builds with libssh2 + `-DCURL_DISABLE_DIGEST_AUTH=ON` +
- `-DCURL_DISABLE_AWS=ON` in combination with either Schannel on Windows,
- or `-DCURL_DISABLE_NTLM=ON` on other operating systems failed while
- compiling due to a missing HMAC declaration.
-
- The reason is that HMAC is required by `lib/sha256.c` which publishes
- `Curl_sha256it()` which is required by `lib/vssh/libssh2.c` when
- building for libssh2 v1.8.2 (2019-05-25) or older.
-
- Make sure to compile the HMAC bits for a successful build.
-
- Both HMAC and `Curl_sha256it()` rely on the same internals, so splitting
- them into separate sources isn't practical.
-
- Fixes:
- ```
- [...]
- In file included from ./curl/_x64-win-ucrt-cmake-llvm-bld/lib/CMakeFiles/libc
- url_object.dir/Unity/unity_0_c.c:310:
- ./curl/lib/sha256.c:527:42: error: array has incomplete element type 'const s
- truct HMAC_params'
- 527 | const struct HMAC_params Curl_HMAC_SHA256[] = {
- | ^
- ./curl/lib/curl_sha256.h:34:21: note: forward declaration of 'struct HMAC_par
- ams'
- [...]
- ```
-
- Regression from e92edfbef64448ef461117769881f3ed776dec4e #11490
-
- Fixes #12273
- Closes #12332
-
-Daniel Stenberg (15 Nov 2023)
-
-- duphandle: also free 'outcurl->cookies' in error path
-
- Fixes memory-leak when OOM mid-function
-
- Use plain free instead of safefree, since the entire struct is
- freed below.
-
- Remove some free calls that is already freed in Curl_freeset()
-
- Closes #12329
-
-Viktor Szakats (15 Nov 2023)
-
-- config-win32: set `HAVE_SNPRINTF` for mingw-w64
-
- It's available in all mingw-w64 releases. We already pre-fill this
- detection in CMake.
-
- Closes #12325
-
-- sasl: fix `-Wunused-function` compiler warning
-
- In builds with disabled auths.
-
- ```
- lib/curl_sasl.c:266:17: warning: unused function 'get_server_message' [-Wunus
- ed-function]
- static CURLcode get_server_message(struct SASL *sasl, struct Curl_easy *data,
- ^
- 1 warning generated.
- ```
- Ref: https://github.com/curl/trurl/actions/runs/6871732122/job/18689066151#st
- ep:3:3822
-
- Reviewed-by: Daniel Stenberg
- Closes #12326
-
-- build: picky warning updates
-
- - cmake: sync some picky gcc warnings with autotools.
- - cmake, autotools: add `-Wold-style-definition` for clang too.
- - cmake: more precise version info for old clang options.
- - cmake: use `IN LISTS` syntax in `foreach()`.
-
- Reviewed-by: Daniel Stenberg
- Reviewed-by: Marcel Raad
- Closes #12324
-
-Daniel Stenberg (15 Nov 2023)
-
-- urldata: move cookielist from UserDefined to UrlState
-
- 1. Because the value is not strictly set with a setopt option.
-
- 2. Because otherwise when duping a handle when all the set.* fields are
- first copied and an error happens (think out of memory mid-function),
- the function would easily free the list *before* it was deep-copied,
- which could lead to a double-free.
-
- Closes #12323
-
-Viktor Szakats (14 Nov 2023)
-
-- autotools: avoid passing `LDFLAGS` twice to libcurl
-
- autotools passes `LDFLAGS` automatically linker commands. curl's
- `lib/Makefile.am` customizes libcurl linker flags. In that
- customization, it added `LDFLAGS` to the custom flags. This resulted in
- passing `LDFLAGS` _twice_ to the `libtool` command.
-
- Most of the time this is benign, but some `LDFLAGS` options can break
- the build when passed twice. One such example is passing `.o` files,
- e.g. `crt*.o` files necessary when customizing the C runtime, e.g. for
- MUSL builds.
-
- Passing them twice resulted in duplicate symbol errors:
- ```
- libtool: link: clang-15 --target=aarch64-unknown-linux-musl [...] /usr/lib/a
- arch64-linux-musl/crt1.o [...] /usr/lib/aarch64-linux-musl/crt1.o [...]
- ld.lld-15: error: duplicate symbol: _start
- >>> defined at crt1.c
- >>> /usr/lib/aarch64-linux-musl/crt1.o:(.text+0x0)
- >>> defined at crt1.c
- >>> /usr/lib/aarch64-linux-musl/crt1.o:(.text+0x0)
- [...]
- clang: error: linker command failed with exit code 1 (use -v to see invocatio
- n)
- ```
-
- This behaviour came with commit 1a593191c2769a47b8c3e4d9715ec9f6dddf5e36
- (2013-07-23) as a fix for bug https://curl.haxx.se/bug/view.cgi?id=1217.
- The patch was a works-for-me hack that ended up merged in curl:
- https://sourceforge.net/p/curl/bugs/1217/#06ef
- With the root cause remaining unclear.
-
- Perhaps the SUNPro 12 linker was sensitive to `-L` `-l` order, requiring
- `-L` first? This would be unusual and suggests a bug in either the
- linker or in `libtool`.
-
- The curl build does pass the list of detected libs via its own
- `LIBCURL_LIBS` variable, which ends up before `LDFLAGS` on the `libtool`
- command line, but it's the job of `libtool` to ensure that even
- a peculiar linker gets the options in the expected order. Also because
- autotools passes `LDFLAGS` last, making it hardly possible to pass
- anything after it.
-
- Perhaps in the 10 years since this issue, this already got a fix
- upstream.
-
- This patch deletes `LDFLAGS` from our customized libcurl options,
- leaving a single copy of them as passed by autotools automatically.
-
- Reverts 1a593191c2769a47b8c3e4d9715ec9f6dddf5e36
- Closes #12310
-
-- autotools: accept linker flags via `CURL_LDFLAGS_{LIB,BIN}`
-
- To allow passing `LDFLAGS` specific to libcurl (`CURL_LDFLAGS_LIB`) and
- curl tool (`CURL_LDFLAGS_BIN`).
-
- This makes it possible to build libcurl and curl with a single
- invocation with lib- and tool-specific custom linker flags.
-
- Such flag can be enabling `.map` files, a `.def` file for libcurl DLL,
- controlling static/shared, incl. requesting a static curl tool (with
- `-static-libtool-libs`) while building both shared and static libcurl.
-
- curl-for-win uses the above and some more.
-
- These options are already supported in `Makefile.mk`. CMake has built-in
- variables for this.
-
- Closes #12312
-
-Jay Satiro (14 Nov 2023)
-
-- tool_cb_hdr: add an additional parsing check
-
- - Don't dereference the past-the-end element when parsing the server's
- Content-disposition header.
-
- As 'p' is advanced it can point to the past-the-end element and prior
- to this change 'p' could be dereferenced in that case.
-
- Technically the past-the-end element is not out of bounds because dynbuf
- (which manages the header line) automatically adds a null terminator to
- every buffer and that is not included in the buffer length passed to
- the header callback.
-
- Closes https://github.com/curl/curl/pull/12320
-
-Philip Heiduck (14 Nov 2023)
-
-- .cirrus.yml: freebsd 14
-
- ensure curl works on latest freebsd version
-
- Closes #12053
-
-Daniel Stenberg (13 Nov 2023)
-
-- easy: in duphandle, init the cookies for the new handle
-
- ... not the source handle.
-
- Closes #12318
-
-- duphandle: use strdup to clone *COPYPOSTFIELDS if size is not set
-
- Previously it would unconditionally use the size, which is set to -1
- when strlen is requested.
-
- Updated test 544 to verify.
-
- Closes #12317
-
-- RELEASE-NOTES: synced
-
-- curl_easy_duphandle.3: clarify how HSTS and alt-svc are duped
-
- Closes #12315
-
-- urldata: move hstslist from 'set' to 'state'
-
- To make it work properly with curl_easy_duphandle(). This, because
- duphandle duplicates the entire 'UserDefined' struct by plain copy while
- 'hstslist' is a linked curl_list of file names. This would lead to a
- double-free when the second of the two involved easy handles were
- closed.
-
- Closes #12315
-
-- test1900: verify duphandle with HSTS using multiple files
-
- Closes #12315
-
-Goro FUJI (13 Nov 2023)
-
-- http: allow longer HTTP/2 request method names
-
- - Increase the maximum request method name length from 11 to 23.
-
- For HTTP/1.1 and earlier there's not a specific limit in libcurl for
- method length except that it is limited by the initial HTTP request
- limit (DYN_HTTP_REQUEST). Prior to fc2f1e54 HTTP/2 was treated the same
- and there was no specific limit.
-
- According to Internet Assigned Numbers Authority (IANA) the longest
- registered method is UPDATEREDIRECTREF which is 17 characters.
-
- Also there are unregistered methods used by some companies that are
- longer than 11 characters.
-
- The limit was originally added by 61f52a97 but not used until fc2f1e54.
-
- Ref: https://www.iana.org/assignments/http-methods/http-methods.xhtml
-
- Closes https://github.com/curl/curl/pull/12311
-
-Jay Satiro (12 Nov 2023)
-
-- CURLOPT_CAINFO_BLOB.3: explain what CURL_BLOB_COPY does
-
- - Add an explanation of the CURL_BLOB_COPY flag to CURLOPT_CAINFO_BLOB
- and CURLOPT_PROXY_CAINFO_BLOB docs.
-
- All the other _BLOB option docs already have the same explanation.
-
- Closes https://github.com/curl/curl/pull/12277
-
-Viktor Szakats (11 Nov 2023)
-
-- tidy-up: dedupe Windows system libs in cmake
-
- Reviewed-by: Daniel Stenberg
- Closes #12307
-
-Junho Choi (11 Nov 2023)
-
-- ci: test with latest quiche release (0.19.0)
-
- Closes #12180
-
-- quiche: use quiche_conn_peer_transport_params()
-
- In recent quiche, transport parameter API is separated
- with quiche_conn_peer_transport_params().
- (https://github.com/cloudflare/quiche/pull/1575)
- It breaks with bulding with latest(post 0.18.0) quiche.
-
- Closes #12180
-
-Daniel Stenberg (11 Nov 2023)
-
-- Makefile: generate the VC 14.20 project files at dist-time
-
- Follow-up to 28287092cc5a6d6ef8 (#12282)
-
- Closes #12290
-
-Sam James (11 Nov 2023)
-
-- misc: fix -Walloc-size warnings
-
- GCC 14 introduces a new -Walloc-size included in -Wextra which gives:
-
- ```
- src/tool_operate.c: In function ‘add_per_transfer’:
- src/tool_operate.c:213:5: warning: allocation of insufficient size ‘1’ fo
- r type ‘struct per_transfer’ with size ‘480’ [-Walloc-size]
- 213 | p = calloc(sizeof(struct per_transfer), 1);
- | ^
- src/var.c: In function ‘addvariable’:
- src/var.c:361:5: warning: allocation of insufficient size ‘1’ for type
- struct var’ with size ‘32’ [-Walloc-size]
- 361 | p = calloc(sizeof(struct var), 1);
- | ^
- ```
-
- The calloc prototype is:
- ```
- void *calloc(size_t nmemb, size_t size);
- ```
-
- So, just swap the number of members and size arguments to match the
- prototype, as we're initialising 1 struct of size `sizeof(struct
- ...)`. GCC then sees we're not doing anything wrong.
-
- Closes #12292
-
-Mark Gaiser (11 Nov 2023)
-
-- IPFS: bugfixes
-
- - Fixed endianness bug in gateway file parsing
- - Use IPFS_PATH in tests where IPFS_DATA was used
- - Fixed typos from traling -> trailing
- - Fixed broken link in IPFS.md
-
- Follow-up to 859e88f6533f9e
-
- Reported-by: Michael Kaufmann
- Bug: https://github.com/curl/curl/pull/12152#issuecomment-1798214137
- Closes #12305
-
-Daniel Stenberg (11 Nov 2023)
-
-- VULN-DISCLOSURE-POLIC: remove broken link to hackerone
-
- It should ideally soon not be done from hackerone anyway
-
- Closes #12308
-
-Andrew Kurushin (11 Nov 2023)
-
-- schannel: add CA cache support for files and memory blobs
-
- - Support CA bundle and blob caching.
-
- Cache timeout is 24 hours or can be set via CURLOPT_CA_CACHE_TIMEOUT.
-
- Closes https://github.com/curl/curl/pull/12261
-
-Daniel Stenberg (10 Nov 2023)
-
-- RELEASE-NOTES: synced
-
-Charlie C (10 Nov 2023)
-
-- cmake: option to disable install & drop `curlu` target when unused
-
- This patch makes the following changes:
- - adds the option `CURL_DISABLE_INSTALL` - to disable 'install' targets.
- - Removes the target `curlu` when the option `BUILD_TESTING` is set to
- `OFF` - to prevent it from being loaded in Visual Studio.
-
- Closes #12287
-
-Kai Pastor (10 Nov 2023)
-
-- cmake: fix multiple include of CURL package
-
- Fixes errors on second `find_package(CURL)`. This is a frequent case
- with transitive dependencies:
- ```
- CMake Error at ...:
- add_library cannot create ALIAS target "CURL::libcurl" because another
- target with the same name already exists.
- ```
-
- Test to reproduce:
- ```cmake
- cmake_minimum_required(VERSION 3.27) # must be 3.18 or higher
-
- project(curl)
-
- set(CURL_DIR "example/lib/cmake/CURL/")
- find_package(CURL CONFIG REQUIRED)
- find_package(CURL CONFIG REQUIRED) # fails
-
- add_executable(main main.c)
- target_link_libraries(main CURL::libcurl)
- ```
-
- Ref: https://cmake.org/cmake/help/latest/release/3.18.html#other-changes
- Ref: https://cmake.org/cmake/help/v3.18/policy/CMP0107.html
- Ref: #12300
- Assisted-by: Harry Mallon
- Closes #11913
-
-Viktor Szakats (8 Nov 2023)
-
-- tidy-up: use `OPENSSL_VERSION_NUMBER`
-
- Uniformly use `OPENSSL_VERSION_NUMBER` to check for OpenSSL version.
- Before this patch some places used `OPENSSL_VERSION_MAJOR`.
-
- Also fix `lib/md4.c`, which included `opensslconf.h`, but that doesn't
- define any version number in these implementations: BoringSSL, AWS-LC,
- LibreSSL, wolfSSL. (Only in mainline OpenSSL/quictls). Switch that to
- `opensslv.h`. This wasn't causing a deeper problem because the code is
- looking for v3, which is only provided by OpenSSL/quictls as of now.
-
- According to https://github.com/openssl/openssl/issues/17517, the macro
- `OPENSSL_VERSION_NUMBER` is safe to use and not deprecated.
-
- Reviewed-by: Marcel Raad
- Closes #12298
-
-Daniel Stenberg (8 Nov 2023)
-
-- resolve.d: drop a multi use-sentence
-
- Since the `multi:` keyword adds that message.
-
- Reported-by: 積丹尼 Dan Jacobson
- Fixes https://github.com/curl/curl/discussions/12294
- Closes #12295
-
-- content_encoding: make Curl_all_content_encodings allocless
-
- - Fixes a memory leak pointed out by Coverity
- - Also found by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?
- id=63947
- - Avoids unncessary allocations
-
- Follow-up ad051e1cbec68b2456a22661b
-
- Closes #12289
-
-Michael Kaufmann (7 Nov 2023)
-
-- vtls: use ALPN "http/1.1" for HTTP/1.x, including HTTP/1.0
-
- Some servers don't support the ALPN protocol "http/1.0" (e.g. IIS 10),
- avoid it and use "http/1.1" instead.
-
- This reverts commit df856cb5c9 (#10183).
-
- Fixes #12259
- Closes #12285
-
-Daniel Stenberg (7 Nov 2023)
-
-- Makefile.am: drop vc10, vc11 and vc12 projects from dist
-
- They are end of life products. Support for generating them remain in the
- repo for a while but this change drops them from distribution.
-
- Closes #12288
-
-David Suter (7 Nov 2023)
-
-- projects: add VC14.20 project files
-
- Windows projects included VC14, VC14.10, VC14.30 but not VC14.20.
- OpenSSL and Wolf SSL scripts mention VC14.20 so I don't see a reason why
- this is missing. Updated the templates to produce a VC14.20 project.
- Project opens in Visual Studio 2019 as expected.
-
- Closes #12282
-
-Daniel Stenberg (7 Nov 2023)
-
-- curl: move IPFS code into src/tool_ipfs.[ch]
-
- - convert ensure_trailing into ensure_trailing_slash
- - strdup the URL string to own it proper
- - use shorter variable names
- - combine some expressions
- - simplify error handling in ipfs_gateway()
- - add MAX_GATEWAY_URL_LEN + proper bailout if maximum is reached
- - ipfs-gateway.d polish and simplification
- - shorten ipfs error message + make them "synthetic"
-
- Closes #12281
-
-Viktor Szakats (6 Nov 2023)
-
-- build: delete support bits for obsolete Windows compilers
-
- - Pelles C: Unclear status, failed to obtain a fresh copy a few months
- ago. Possible website is HTTP-only. ~10 years ago I left this compiler
- dealing with crashes and other issues with no response on the forum
- for years. It has seen some activity in curl back in 2021.
- - LCC: Last stable release in September 2002.
- - Salford C: Misses winsock2 support, possibly abandoned? Last mentioned
- in 2006.
- - Borland C++: We dropped Borland C++ support in 2018.
- - MS Visual C++ 6.0: Released in 1998. curl already requires VS 2010
- (or possibly 2008) as a minimum.
-
- Closes #12222
-
-- build: delete `HAVE_STDINT_H` and `HAVE_INTTYPES_H`
-
- We use `stdint.h` unconditionally in all places except one. These uses
- are imposed by external dependencies / features. nghttp2, quic, wolfSSL
- and `HAVE_MACH_ABSOLUTE_TIME` do require this C99 header. It means that
- any of these features make curl require a C99 compiler. (In case of
- MSVC, this means Visual Studio 2010 or newer.)
-
- This patch changes the single use of `stdint.h` guarded by
- `HAVE_STDINT_H` to use `stdint.h` unconditionally. Also stop using
- `inttypes.h` as an alternative there. `HAVE_INTTYPES_H` wasn't used
- anywhere else, allowing to delete this feature check as well.
-
- Closes #12275
-
-Daniel Stenberg (6 Nov 2023)
-
-- tool_operate: do not mix memory models
-
- Make sure 'inputpath' only points to memory allocated by libcurl so that
- curl_free works correctly.
-
- Pointed out by Coverity
-
- Follow-up to 859e88f6533f9e1f890
-
- Closes #12280
-
-Stefan Eissing (6 Nov 2023)
-
-- lib: client writer, part 2, accounting + logging
-
- This PR has these changes:
-
- Renaming of unencode_* to cwriter, e.g. client writers
- - documentation of sendf.h functions
- - move max decode stack checks back to content_encoding.c
- - define writer phase which was used as order before
- - introduce phases for monitoring inbetween decode phases
- - offering default implementations for init/write/close
-
- Add type paramter to client writer's do_write()
- - always pass all writes through the writer stack
- - writers who only care about BODY data will pass other writes unchanged
-
- add RAW and PROTOCOL client writers
- - RAW used for Curl_debug() logging of CURLINFO_DATA_IN
- - PROTOCOL used for updates to data->req.bytecount, max_filesize checks and
- Curl_pgrsSetDownloadCounter()
- - remove all updates of data->req.bytecount and calls to
- Curl_pgrsSetDownloadCounter() and Curl_debug() from other code
- - adjust test457 expected output to no longer see the excess write
-
- Closes #12184
-
-Daniel Stenberg (6 Nov 2023)
-
-- VULN-DISCLOSURE-POLICY: escape sequences are not a security flaw
-
- Closes #12278
-
-Viktor Szakats (6 Nov 2023)
-
-- rand: fix build error with autotools + LibreSSL
-
- autotools unexpectedly detects `arc4random` because it is also looking
- into dependency libs. One dependency, LibreSSL, happens to publish an
- `arc4random` function (via its shared lib before v3.7, also via static
- lib as of v3.8.2). When trying to use this function in `lib/rand.c`,
- its protoype is missing. To fix that, curl included a prototype, but
- that used a C99 type without including `stdint.h`, causing:
-
- ```
- ../../lib/rand.c:37:1: error: unknown type name 'uint32_t'
- 37 | uint32_t arc4random(void);
- | ^
- 1 error generated.
- ```
-
- This patch improves this by dropping the local prototype and instead
- limiting `arc4random` use for non-OpenSSL builds. OpenSSL builds provide
- their own random source anyway.
-
- The better fix would be to teach autotools to not link dependency libs
- while detecting `arc4random`.
-
- LibreSSL publishing a non-namespaced `arc4random` tracked here:
- https://github.com/libressl/portable/issues/928
-
- Regression from 755ddbe901cd0c921fbc3ac5b3775c0dc683bc73 #10672
-
- Reviewed-by: Daniel Stenberg
- Fixes #12257
- Closes #12274
-
-Daniel Stenberg (5 Nov 2023)
-
-- RELEASE-NOTES: synced
-
-- strdup: do Curl_strndup without strncpy
-
- To avoid (false positive) gcc-13 compiler warnings.
-
- Follow-up to 4855debd8a2c1cb
-
- Assisted-by: Jay Satiro
- Reported-by: Viktor Szakats
- Fixes #12258
-
-Enno Boland (5 Nov 2023)
-
-- HTTP: fix empty-body warning
-
- This change fixes a compiler warning with gcc-12.2.0 when
- `-DCURL_DISABLE_BEARER_AUTH=ON` is used.
-
- /home/tox/src/curl/lib/http.c: In function 'Curl_http_input_auth':
- /home/tox/src/curl/lib/http.c:1147:12: warning: suggest braces around emp
- ty body in an 'else' statement [-Wempty-body]
- 1147 | ;
- | ^
-
- Closes #12262
-
-Daniel Stenberg (5 Nov 2023)
-
-- openssl: identify the "quictls" backend correctly
-
- Since vanilla OpenSSL does not support the QUIC API I think it helps
- users to identify the correct OpenSSL fork in version output. The best
- (crude) way to do that right now seems to be to check if ngtcp2 support
- is enabled.
-
- Closes #12270
-
-Mark Gaiser (5 Nov 2023)
-
-- curl: improved IPFS and IPNS URL support
-
- Previously just ipfs://<cid> and ipns://<cid> was supported, which is
- too strict for some usecases.
-
- This patch allows paths and query arguments to be used too.
- Making this work according to normal http semantics:
-
- ipfs://<cid>/foo/bar?key=val
- ipns://<cid>/foo/bar?key=val
-
- The gateway url support is changed.
- It now only supports gateways in the form of:
-
- http://<gateway>/foo/bar
- http://<gateway>
-
- Query arguments here are explicitly not allowed and trigger an intended
- malformed url error.
-
- There also was a crash when IPFS_PATH was set with a non trailing
- forward slash. This has been fixed.
-
- Lastly, a load of test cases have been added to verify the above.
-
- Reported-by: Steven Allen
- Fixes #12148
- Closes #12152
-
-Harry Mallon (5 Nov 2023)
-
-- docs: KNOWN_BUGS cleanup
-
- * Remove other mention of hyper memory-leaks from `KNOWN_BUGS`.
- Should have been removed in 629723ecf22a8eae78d64cceec2f3bdae703ec95
-
- * Remove mention of aws-sigv4 sort query string from `KNOWN_BUGS`.
- Fixed in #11806
-
- * Remove mention of aws-sigv4 query empty value problems
-
- * Remove mention of aws-sigv4 missing amz-content-sha256
- Fixed in #9995
-
-- http_aws_sigv4: canonicalise valueless query params
-
- Fixes #8107
- Closes #12244
-
-Michael Kaufmann (4 Nov 2023)
-
-- docs: preserve the modification date when copying the prebuilt man page
-
- The previously built man page "curl.1" must be copied with the original
- modification date, otherwise the man page is never updated.
-
- This fixes a bug that has been introduced with commit 2568441cab.
-
- Reviewed-by: Dan Fandrich
- Reviewed-by: Daniel Stenberg
-
- Closes #12199
-
-Daniel Stenberg (4 Nov 2023)
-
-- docs: remove bold from some man page SYNOPSIS sections
-
- In the name of consistency
-
- Closes #12267
-
-- openssl: two multi pointer checks should probably rather be asserts
-
- ... so add the asserts now and consider removing the dynamic checks in a
- future.
-
- Ref: #12261
- Closes #12264
-
-boilingoden (4 Nov 2023)
-
-- docs: add supported version for the json write-out
-
- xref: https://curl.se/changes.html#7_70_0
-
- Closes #12266
|