From c36db68a5f58ec6c9135eff778b6e77c30e58088 Mon Sep 17 00:00:00 2001 From: dartraiden Date: Wed, 11 Sep 2024 21:49:43 +0300 Subject: libcurl: update to 8.10.0 --- libs/libcurl/docs/CHANGES | 11822 -------------------------------------- libs/libcurl/docs/RELEASE-NOTES | 563 ++ libs/libcurl/docs/THANKS | 30 +- 3 files changed, 592 insertions(+), 11823 deletions(-) delete mode 100644 libs/libcurl/docs/CHANGES create mode 100644 libs/libcurl/docs/RELEASE-NOTES (limited to 'libs/libcurl/docs') diff --git a/libs/libcurl/docs/CHANGES b/libs/libcurl/docs/CHANGES deleted file mode 100644 index 59c4a26dc0..0000000000 --- a/libs/libcurl/docs/CHANGES +++ /dev/null @@ -1,11822 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - Changelog - -Version 8.9.1 (31 Jul 2024) - -Daniel Stenberg (31 Jul 2024) - -- RELEASE-NOTES: synced - -- THANKS: add names from the 8.9.1 release notes - - Also remove duplicates - -Stefan Eissing (30 Jul 2024) - -- x509asn1: unittests and fixes for gtime2str - - Fix issues in GTime2str() and add unit test cases to verify correct - behaviour. - - Follow-up to 3c914bc6801 - - Closes #14316 - -Tal Regev (30 Jul 2024) - -- vtls: avoid forward declaration in MultiSSL builds - - The MSVC compiler cannot have forward declaration with const and static - variable, causing this error: - ``` - curl\lib\vtls\vtls.c(417,44): warning C4132: 'Curl_ssl_multi': const object s - hould be initialized - ``` - - Ref: #14276 - Closes #14305 - -Viktor Szakats (30 Jul 2024) - -- tidy-up: URL updates (one more) - - Follow-up to 767d5811b5c783b42cea999dd42ecf0453085d17 #14318 - -- tidy-up: URL updates - - Closes #14318 - -- cmake: drop `if(PKG_CONFIG_FOUND)` guard for `pkg_check_modules()` - - The oldest cmake supported by curl is v3.7.0, which already has such - guard (using `PKG_CONFIG_EXECUTABLE`) inside `pkg_check_modules()`. The - advantage of leaving that guard to CMake is that it will define/reset - all output variables, while the manual guard doesn't do this and also - leaves for example `NETTLE_FOUND` undefined. - - Delete the single use of this guard from the recently added `nettle` - detection, where I included it by accident. Then possibly re-introduce - it universally if we find it useful after more evaluation. - - Follow-up to 669ce42275635dc1f881dab3dfc9a55c9ab49b21 #14285 - Closes #14309 - -Daniel Stenberg (30 Jul 2024) - -- mailmap: dedupe an author showing up twice in shortlog -s - -Ivan Kuchin (30 Jul 2024) - -- misc: cleanup after removing years from copyright - - - remove leftover copyright years from few test files - - fix email in copyright lines - - consistent format of copyright lines - - Closes #14312 - -Alex Snast (30 Jul 2024) - -- wolfssl: avoid calling get_cached_x509_store if store is uncachable - - There's no need for get_cached_x509_store call if the return value won't - be used for caching anyway. - - Closes #14306 - -Daniel Stenberg (30 Jul 2024) - -- contrithanks.sh: use -F with -v to match lines as strings - - Makes names involving [brackets] work. - -Viktor Szakats (30 Jul 2024) - -- GHA/non-native: bump FreeBSD/arm64 python modules - - FreeBSD seems to upgrade their Python separately for arm64 - and Intel. Today, arm64 caught up with the Intel packages. - Update our CI to reflect it. - - Closes #14310 - -dependabot[bot] (30 Jul 2024) - -- GHA: bump github/codeql-action and msys2/setup-msys2 - - - bump github/codeql-action from 3.25.13 to 3.25.15 - - Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3. - 25.13 to 3.25.15. - - [Release notes](https://github.com/github/codeql-action/releases) - - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - - [Commits](https://github.com/github/codeql-action/compare/2d790406f505036ef - 40ecba973cc774a50395aac...afb54ba388a7dca6ecae48f608c4ff05ff4cc77a) - - --- - updated-dependencies: - - dependency-name: github/codeql-action - dependency-type: direct:production - update-type: version-update:semver-patch - ... - - Signed-off-by: dependabot[bot] - Closes #14300 - - - bump msys2/setup-msys2 from 2.23.0 to 2.24.0 - - Bumps [msys2/setup-msys2](https://github.com/msys2/setup-msys2) from 2.23.0 t - o 2.24.0. - - [Release notes](https://github.com/msys2/setup-msys2/releases) - - [Changelog](https://github.com/msys2/setup-msys2/blob/main/CHANGELOG.md) - - [Commits](https://github.com/msys2/setup-msys2/compare/d0e80f58dffbc64f6a3a - 1f43527d469b4fc7b6c8...5df0ca6cbf14efcd08f8d5bd5e049a3cc8e07fd2) - - --- - updated-dependencies: - - dependency-name: msys2/setup-msys2 - dependency-type: direct:production - update-type: version-update:semver-minor - ... - - Signed-off-by: dependabot[bot] - Closes #14301 - -Daniel Stenberg (30 Jul 2024) - -- x509asn1: clean up GTime2str - - Co-authored-by: Stefan Eissing - Reported-by: Dov Murik - - Closes #14307 - -- tool_operate: more defensive socket code - - - use 'struct sockaddr' to getsockname() and its sa_family member - - - use 'curl_socklen_t' instead of 'socklen_t' - - - check for AF_INET6 to exist instead assuming it does - - Should be generally more portable. - - Reported-by: Harry Sintonen - Closes #14304 - -Viktor Szakats (29 Jul 2024) - -- configure: limit `__builtin_available` test to Darwin - - This feature test always fails on non-Apple systems. (For Apple targets - it's supported by llvm and Apple clang.) - - Syncs behaviour with CMake. - - Follow-up to cfd6f43d6ca7e57670b422bab7bbf10221a2cf3e #14127 - Cherry-picked from #14097 - Closes #14196 - -Daniel Stenberg (29 Jul 2024) - -- RELEASE-NOTES: synced - -- CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching - - and add a few more see-also - - Closes #14302 - -Viktor Szakats (29 Jul 2024) - -- cmake: detect `libssh` via `pkg-config` - - Also: - - fix broken libssh `pkg-config` behaviour on old Linux. - (when found, `LIBSSH_LINK_LIBRARIES` remains undefined.) - - - delete manual libssh config from Old Linux CI job, - it's no longer necessary. - - Closes #14199 - -- GHA/non-native: improve, migrate x86_64 FreeBSD with tests from Cirrus CI - - - run tests via `make test-ci` instead of `make check` with autotools. - - add `x86_64` job for FreeBSD, with tests. - It matches the existing Cirrus CI job, with these differences: - - finishes 3x faster (thanks to parallel tests enabled). - - librtmp is not enabled because it's slated for removal by FreeBSD. - (already past the removal deadline, thought the package still - installs.) - - DICT and TELNET servers fail to start. Couldn't figure out why. - It means skipping test 1450 and 1452. - - it runs more tests, e.g. websockets and ip6-localhost. - - no `pkg update -f`. - - it misses the `CRYPTOGRAPHY_DONT_BUILD_RUST=1`, `pkg delete curl`, - `chmod 777`, `sudo -u nobody` and `sysctl net.inet.tcp.blackhole` - tricks. The latter is the default in these runners, the others did - not affect results. - - set `-j0` for tests in the NetBSD job. Flaky otherwise. - - Closes #14244 - -- cmake: detect `nettle` when building with GnuTLS - - `nettle` is a direct dependency of curl, when building with GnuTLS. - Add a new `Find` module to detect it. - - Also: - - GHA/macos: drop `nettle` hack no longer necessary. - - add `nettle` to `libcurl.pc`. - - also add `nettle` to `libcurl.pc` in autotools builds. - - Follow-up to 781242ffa44a9f9b95b6da5ac5a1bf6372ec6257 #11967 - Closes #14285 - -- macos: fix Apple SDK bug workaround for non-macOS targets - - Turns out that MAC != OSX, despite what these names otherwise mean and - what's suggested by source code comments. "MAC" in fact means Darwin - (aka Apple), not macOS. "OSX" means macOS. - - GitHub bumped the macos-14 runner default to Xcode 15.4, hitting the - llvm@15 incompatibility bug by default. Meaning the previous workaround - for the SDK bug is necessary. - - This patch extend the workaround to not apply to mobile OS variants. - - Follow-up to ff784af461175584c73e7e2b65af00b1a5a6f67f #14159 - Reported-by: Sergey - Confirmed-by: Marcel Raad - Fixes #14269 - Closes #14275 - -Stefan Eissing (29 Jul 2024) - -- wolfssl: CA store share fix - - When sharing the x509 store in wolfSSL, always use an explicitly - constructed one, as the SSLCTX might have "only" an internal one which - is not obeying reference count lifetimes. - - Fixes #14278 - Reported-by: Alex Snast - Closes #14279 - -Randall S. Becker (29 Jul 2024) - -- curl: support __ss_family use on NonStop platforms - - The definition of sockaddr_storage incorrectly specifies the ss_family - field as __ss_family. This fix conditionally allows builds to succeed on - all NonStop platforms. - - Signed-off-by: Randall S. Becker - - Closes #14273 - -Daniel Stenberg (29 Jul 2024) - -- test993: list 1000 messages over POP3 - - Attempt to verify issue #14201 - - Closes #14297 - -Stefan Eissing (29 Jul 2024) - -- connect: fix connection shutdown for event based processing - - connections being shutdown would register sockets for events, but then - never remove these sockets again. Nor would the shutdown effectively - been performed. - - - If a socket event involves a transfer, check if that is the - connection cache internal handle and run its multi_perform() - instead (the internal handle is used for all shutdowns). - - When a timer triggers for a transfer, check also if it is - about the connection cache internal handle. - - During processing shutdowns in the connection cache, assess - the shutdown timeouts. Register a Curl_expire() of the lowest - value for the cache's internal handle. - - Reported-by: Gordon Parke - Fixes #14280 - Closes #14296 - -Daniel Stenberg (29 Jul 2024) - -- tests: provide FTP directory contents in the test file - - Instead of providing a fixed single synthetic response in the test - server itself. To allow us to better use *different* directory listings - in different test cases. In this change, most listings remain the same - as before. - - The wildcard match tests still use synthetic responses but we should fix - that as well. - - Updated numerous test cases to use this. - - Closes #14295 - -- ftpserver.pl: make POP3 LIST serve content from the test file - - instead of a fixed list in the test server. - - Adjust test 853 accordingly. - - Closes #14293 - -- TODO: thread-safe sharing - -- CURLSHOPT_SHARE.md: mention sessions/cookies as not thread-safe - - Sharing of these between threads are apparently also not done safely. - - Ref: #14290 - Reported-by: Aki Sakurai - Closes #14292 - -- RELEASE-NOTES: synced - -Patrick Monnerat (28 Jul 2024) - -- os400: build cli manual. - - Use PASE perl to run manual generation scripts. - - As PASE perl is not aware of all possible input file encoding, convert - all files to UTF-8 upon build start (this might be lengthy). - - OS/400 terminal emulation may only offer 76 columns, thus a new -c - parameter has been added to the managen program, defining the allowed - width. - - If perl is not available, omit generation and disable online manual. - - Closes #14289 - -Daniel Stenberg (27 Jul 2024) - -- example/multi-uv: remove the use of globals - - - shows how to pass on local variables (better) - - - start the transfers nicer (with curl_multi_socket_action) - - - consistent and helpful function naming - to better show what functions - and callbacks that are used for what - - - build warning-free with gcc -W -Wall -pedantic - - Closes #14287 - -Viktor Szakats (27 Jul 2024) - -- runtests: fold timing details with GHA, sync `-r` tflags - - - move timing details into a foldable group when run in GitHub Actions. - Spec: - https://docs.github.com/en/actions/using-workflows/workflow-commands-for-gi - thub-actions#grouping-log-lines - - - enable `-r` (run time stats) option in autotools' `test-ci` target, - syncing it with cmake. - - Closes #14284 - -- GHA/windows: increase timeout for vcpkg build step [ci skip] - - Examples: - https://github.com/curl/curl/actions/runs/10102112253/job/27937088909?pr=1427 - 4 - https://github.com/curl/curl/actions/runs/10102112253/job/27937082353?pr=1427 - 4 - https://github.com/curl/curl/actions/runs/10102112253/job/27937088478?pr=1427 - 4 - -- GHA/macos: update comment about default Xcode on macos-14 runner [ci skip] - - New default since: - https://github.com/actions/runner-images/blob/releases/macos-14-arm64/2024072 - 2/images/macos/macos-14-arm64-Readme.md - -Patrick Monnerat (27 Jul 2024) - -- os400: workaround an IBM ASCII run-time library bug - - IBM-provided ASCII function puts() does not output an expected trailing - newline: emulate the correct behavior using other functions. - - Closes #14281 - -Stefan Eissing (27 Jul 2024) - -- transfer: speed limiting fix for 32bit systems - - When checking if a speed limit on receives applies, compare the receive - sizes using the large int type to prevent an overflow on systems where - size_t is 32bit. - - Fixes #14272 - Reported-by: Mamoru Tasaka - Closes #14277 - -Anthony Hu (26 Jul 2024) - -- wolfSSL: allow wolfSSL's implementation of kyber to be used - - Closes #14268 - -Daniel Stenberg (26 Jul 2024) - -- lib: survive some NULL input args - - The input string pointer to: - - curl_escape - curl_easy_escape - curl_unescape - curl_easy_unescape - - The running_handles pointer to: - - curl_multi_perform - curl_multi_socket_action - curl_multi_socket_all - curl_multi_socket - - Reported-by: icy17 on github - Fixes #14247 - Closes #14262 - -- RELEASE-PROCEDURE.md: restore next release date - - Pointed-out-by: extrimexxx on github - Bug: https://github.com/curl/curl/pull/14267#issuecomment-2247062235 - -- RELEASE-NOTES: synced - - bumped to 8.9.1 - -- RELEASE-PROCEDURE.md: remove the initial build step - - Because it is no longer needed to be done by a person as the dmaketgz - script does it by itself. - - Removed two past release dates, added two new future ones - - Closes #14267 - -Version 8.9.0 (24 Jul 2024) - -Daniel Stenberg (24 Jul 2024) - -- RELEASE-NOTES: synced - -- THANKS: updates from the 8.9.0 release - -- curl_easy_escape.md: move historic details to HISTORY - - Closes #14261 - -- docs/libcurl: add to cleanup docs that their inputs go invalid - - Reported-by: icy17 on github - Fixes #14248 - Closes #14258 - -dependabot[bot] (23 Jul 2024) - -- GHA: bump github/codeql-action from 3.25.11 to 3.25.13 - - Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3. - 25.11 to 3.25.13. - - [Release notes](https://github.com/github/codeql-action/releases) - - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - - [Commits](https://github.com/github/codeql-action/compare/b611370bb5703a7ef - b587f9d136a52ea24c5c38c...2d790406f505036ef40ecba973cc774a50395aac) - - --- - updated-dependencies: - - dependency-name: github/codeql-action - dependency-type: direct:production - update-type: version-update:semver-patch - ... - - Signed-off-by: dependabot[bot] - Closes #14255 - -Stefan Eissing (23 Jul 2024) - -- conncache: connection shutdown, multi_socket handling - - - implement the socket hash user/reader/writer processing also - for connections that are being shut down by the connection cache. - - split out handling of current vs. last pollset socket event handling - into a function available in other code parts - - add `shutdown_poll` pollset to `connectdata` struct so that changes - in the pollset can be recorded during shutdown. (The internal handle - cannot keep it since it might be used for many connections) - - Reported-by: calvin2021y on github - Fixes #14252 - Closes #14257 - -Daniel Stenberg (22 Jul 2024) - -- tool_cb_prg: output "flying saucers" with leading carriage return - - Because that is how the progress-bar is output, so when the progress-bar - has been shown at least once and the information is reset, like for a - redirect, there might be a moment where the size goes from known to - unknown and then the flying saucerts are shown after a brief display of - the progress-bar. - - It could previously cause accidental character leftovers on the right - side of the bar when using a narrow display. - - Reported-by: Chris Webb - Fixes #14213 - Closes #14246 - -- lib: Curl_posttransfer => multi_posttransfer - - Moved from transfer.c to multi.c as it was only used within multi.c - - Made a void, as it returned a fixed return code nothing checked. - - Closes #14240 - -- CURLOPT_SSL_VERIFYHOST.md: refresh - - Move mentions of old behavior to the HISTORY section to make it easier - to read about modern behavior. - - Added a MATCHING section. - - Closes #14241 - -- multi: do a final progress update on connect failure - - To fix timing metric etc - - Co-authored-by: Justin Maggard - Fixes #14204 - Closes #14239 - -Orgad Shaneh (19 Jul 2024) - -- md4: fix compilation with OpenSSL 1.x with md4 disabled - - If OpenSSL 1.x is used, and it is configured with md4 disabled, - OPENSSL_NO_MD4 is defined in opensslconf.h, but this header was not - included before checking for this define. - - Later in md4.c, openssl/md4.h is included, and it includes that header - indirectly, leading to inconsistency within md4.c. - - Since the md4.h branch was taken, wincrypt.h (or others) is not - included, and later below the USE_WIN32_CRYPTO branch is taken, but the - types are not defined. - - Closes #14218 - -martinevsky (19 Jul 2024) - -- ftp: remove redundant null pointer check in loop condition - - Closes #14234 - -Justin Maggard (19 Jul 2024) - -- mbedtls: check version before getting tls version - - mbedtls_ssl_get_version_number() was added in mbedtls 3.2.0. Check for - that version before using it. - - Closes #14228 - -martinevsky (19 Jul 2024) - -- urlapi: remove unused definition of HOST_BAD - - Closes #14235 - -Daniel Stenberg (19 Jul 2024) - -- curldown: fixups - - - make DEFAULT sections less repetitive - - - make historic mentions use HISTORY - - - generate the protocols section on `# %PROTOCOLS%` instead of guessing - where to put it - - - generate the availability section on `# %AVAILABILITY%` instead of - guessing where to put it - - - make the protocols section more verbose - - Closes #14227 - -Tal Regev (19 Jul 2024) - -- GHA/windows: enable libssh in !ssl MSVC job - - Closes #14232 - -- GHA/windows: enable libidn2 in !ssl MSVC job - - Closes #14200 - -Viktor Szakats (19 Jul 2024) - -- GHA/macos: improve, fix gcc/llvm, add new test matrix - - This PR began as an attempt to drop GCC support, after repeated reports - on fallouts when trying to use it on macOS. - - Then it transformed into a 3-week project turning up the issues causing - the fallouts, ending up including llvm and all available Xcode / macOS - SDK, macOS runner image, build tools and compiler vendors and versions. - Accumulating 400 sub-commits. - - I developed and tested all fixes under this PR, then merged them as - separate patches. - - This PR retained CI jobs updates, extensively reworking and extending - them: [1] - - At first it seemed GCC and the Apple SDK is "naturally" growing more - incompatible, as Apple added further non-standard features to their - headers. This is partly true, but reality is more complicated. - - Besides some issues local to curl, there were bugs in Apple SDK - headers, Homebrew GCC builds, feature missing in the old llvm version - pre-installed on GitHub CI runner images, and subtle incompatibilities - between GCC and llvm/clang when handling language extensions. - - Resulting compiler errors seldom pointed to a useful direction, and - internet search was silent about these issues too. Thus, I had to peel - them off layer by layer, using trial and error, and by recognizing - patterns of failures accross 150-200 builds combinations. Exposing - configure logs, and curl_config.h in the CI logs helped too. - - 1. GCC header compatibility layer ("hack" as GCC calls it) - - The toughest issue is GCC's built-in compatibility layer: - https://github.com/gcc-mirror/gcc/tree/master/fixincludes - - This patch layer is further patched by a "Darwin compatibility" project - applied on top by Homebrew GCC via: - https://github.com/iains/gcc-12-branch - https://github.com/iains/gcc-13-branch - https://github.com/iains/gcc-14-branch - - The hack layer is designed in a way that breaks more builds than it - fixes, esp. in context of GHA runners. The idea is to build GCC - specifically for the SDK for the target macOS version. The problem with - this approach is that the Xcode + SDK installed on the local/CI machine - often does not match with the SDK used on while building GCC on - Homebrew's build machines. In these cases the GCC compatibility layer - turns into an "uncompatibility" layer and consistently breaks builds. - curl cannot offer a fix for this, because the solution (I found) is to - patch the toolchain on the local machine. I implemented this for our CI - builds and curl-for-win. In other case the user must do this patching - manually, or choose a compatible GCC + Xcode/SDK combination. - - An upstream fix doesn't seem trivial either, because the issue is - ingrained in the compatibility layer's design. Offering an `-fapplesdk` - (or recognizing `-target`) option and/or fixing them within the compiler - would seem like a more robust option, and also how mainline llvm solves - this. - - Here's a table summarizing the GCC + SDK combinations and curl build - failures: [2] - - More info: https://github.com/curl/curl/issues/10356#issuecomment-2222734103 - - db135f8d7207b20d531e7e2100a49f3e16bdcfab #14119 macos: add workaround for gcc - , non-c-ares, IPv6, compile error - Ref: https://github.com/curl/curl-for-win/commit/e2db3c475f5981352e6e6a79854a - 255805b28deb - Ref: https://github.com/curl/curl-for-win/commit/f5c58d7fef78e972be33ca2355dc - b42ba56622a6 - - 2. Homebrew GCC's `availability` extension - - A recent minor Homebrew GCC upgrade caused major breakage. The "Darwin - compatibility" patch applied to GCC implemented the `availability` - compiler attribute in GCC. Apple SDK detected this and enabled using - them, but as it turns out GCC accepts compiler attributes with slightly - different rules than llvm/clang, and how the Apple SDK uses them, - breaking builds. - - Affected Homebrew GCC versions are: 12.4.0, 13.3.0 and 14.1.0. - - Possibly tracked here: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796 - More info: https://github.com/llvm/llvm-project/issues/81767 - - Commit implementing the `availability` macro: - gcc-12: https://github.com/iains/gcc-12-branch/commit/fd5530b7cb0012bf4faeddd - 45e13054a1dfa6783 - gcc-13: https://github.com/iains/gcc-13-branch/commit/cb7e4eca68cfc4763474e2e - b0935a844458842a8 - gcc-14: https://github.com/iains/gcc-14-branch/commit/ff62a108865a6403f501738 - 0d7018250c1d3306f - - That applied to Homebrew GCC (12.4.0): - https://github.com/Homebrew/homebrew-core/commit/b904223d9893f62bec2a8f7483bf - 5992747fc6c7#diff-89dd0b4176eca7fcc24b591943509bf8a8d6ea904d71e5dfcd6b78fed62 - fc574R44-R48 - - Ref: #13700 - More info: https://github.com/curl/curl/pull/14091#issuecomment-2222703468 - - e91fcbac7d86292858718a0bfebad57978761af4 #14155 macos: undo `availability` ma - cro enabled by Homebrew gcc - - 3. Proprietary Apple SDK macros - - Apple SDK expects certain macros predefined by the compiler. Missing - them may causes odd issues. Mainline llvm is keeping up with Apple - clang, but it needs a fresh version, while the one installed on GitHub - runners is old (v15). I patched these in `lib/curl_setup.h`. - - baa3270846b2a7307cbd0dd5c02c4e5f00e388dd #14134 build: fix llvm 16 or older + - Xcode 15 or newer, and gcc - - 4. Apple SDK header bug - - Without certain predefined macros, SDK headers can take a codepath where - it mis-defines its own `TARGET_OS_OSX` macro, which make it break its - own headers later. I patched it in `lib/curl_setup.h`. - - ff784af461175584c73e7e2b65af00b1a5a6f67f #14159 build: fix llvm 17 and older - + macOS SDK 14.4 and newer - - 5. `TargetConditionals.h` requires `sys/types.h` - - Fixed in curl. It caused feature-detection failurs with autotools, and - could break builds in certain configurations. - - e1f6192939c9c5ab2310b60bedf4c07d635193f6 #14130 configure: fix `SystemConfigu - ration` detection - - 6. Differences between autotools and CMake compiler options - - Fixed it by syncing compiler warning options. - - 59cadacfcc1d39472245979cdbd614c7a9af6f0d #14128 build: sync warning options b - etween autotools, cmake & compilers - - 7. Differences between autotools and CMake dependency detection - - Fixed it by improving detection of libidn2, with some more fixes - pending for the next feature window. - - f43adc2c4978f7f82a359e89186e58a31d17b0ad #14137 cmake: detect `libidn2` also - via `pkg-config` - Ref: #14136 cmake: detect `nghttp2` via `pkg-config`, enable by default - - 8. libidn2 detection bug with CMake - - Fixed the root cause and also the trigger in the CI config. - - 764fbabf6ed4c1d36c0ab2033ac8df52d9923cd7 #14175 cmake: fix builds with detect - ed libidn2 lib but undetected header - - 9. Suppressed compiler warnings inside Apple-specific curl code - - Fixed these warnings, which allowed to stop silencing them. - - b05dc7eb3592305de9fa85640767f3dd2a8d4c93 #14122 sectransp: fix `HAVE_BUILTIN_ - AVAILABLE` checks to not emit warnings - 5fa534b0dacdc120aaab0766047e0ecac37be4b3 #14162 sectransp: fix clang compiler - warnings, stop silencing them - - 10. CMake mis-detecting a CA bundle path on macOS - - d2ef6255f4a040397d2f40ab7cbf65a203201cd9 #14182 cmake: sync CA bundle/path de - tection with autotools - - 11. Failure to build tests with LibreSSL or wolfSSL with CMake - - Fixed by dropping unnecessary includes, makign test builds dependent - on dependency headers. - - 3765d75ce47b66289f946382b649d0e99389dc77 #14172 cmake: fix building `unit1600 - ` due to missing `ssl/openssl.h` - - 12. curl tests with CMake - - curl's CMake was missing bits for running the C preprocessor accurately. - It made tests 1119 and 1167 fail. I implemented the missing bits. - - efc2c5184d008fe2e5910fd03263e1ab0331d4e6 #14124 tests: include current direct - ory when running test Perl commands - c09db8b51b88ee6ad55bd637dcb4b47678e30906 #14129 cmake: create `configurehelp. - pm` like autotools does - 67cc1e3400b77536a3ca529c986247e1ef985e6e #14125 test1119: adapt for `.md` inp - ut - - 13. GCC missing `__builtin_available()` support - - curl source code assumes this is available to enable certain codepaths. - It's also intermixed with monotonic timer support. - - 14. Monotonic timer support with GCC - - Detected by GCC, while it probably shouldn't be. llvm/clang detects it - depending on target OS version. I've been playing with this, but so far - without a conclusion or fix. - - 15. Runtime/test failures with GCC - - I couldn't find the reason for most of this. A bunch of RTSP tests fail - with GCC. SecureTransport + HTTP/2 is failing a bunch of tests. With - OpenSSL it fails two of those. SecureTransport builds also fail one DoH - test. - - 16. Runtime/test failure in llvm/clang - - AppleIDN support received a fix with two more remaining. - - fd0250869f7837e4a48d7e6f54cc0801ad3820e8 #14179 #14176 IDN: fix ß with Apple - IDN - - 17. Other issues found and fixed while working on this: - - 2c15aa5765900d4351e733671a1c8c3785beee1a GHA/macos: delete misplaced ` - CFLAGS`, drop redundant CMake option - 80fb7c0bef209735ab352bf4afa31193a7bc65f1 #14126 configure: limit `SystemConfi - guration` test to non-c-ares, IPv6 builds - cfd6f43d6ca7e57670b422bab7bbf10221a2cf3e #14127 build: tidy up `__builtin_ava - ilable` feature checks (Apple) - bae555359979016999a9425a2d489f219a78abdd #14174 runtests: show name and keywo - rds for failed tests in summary - 09cdf7e5315711dea4ce7dcf5d99a4d41e7f658b #14178 cmake: delete unused `HAVE_LI - BSSH2`, `HAVE_LIBSOCKET` macros - d3595c74fab829f07ef44da1b7fc2f5668767020 #14186 configure: CA bundle/path det - ection fixes - 58772b0e082eda333e0a5fc8fb0bc7f17a3cd99c #14187 runtests: set `SOURCE_DATE_EP - OCH` to fix failing around midnight - 18f1cd7a77c4beecfd977d43f55634eb593ac99e #14183 tests: sync feature names wit - h `curl -V` - 4c22d97be786ed801e050da6872dd3143d6d0a59 #14181 build: use `#error` instead o - f invalid syntax - - Pending merges: - - - #14185 runtests: fold test details for GitHub CI runs - - #14197 cmake: grab-bag of tidy-ups - - #14196 configure: limit `__builtin_available` test to Darwin - - Summary: - - In general GCC doesn't seem to be a good fit with curl and macOS for - now. These "lucky" combinations (GitHub Actions runner) will build out - of the box now: macos-14 + Xcode 15.0.1 + gcc-11, gcc-12, gcc-14. The - rest builds with the ugly workaround in place, but all this still leaves - some runtime issues. - - More info and links in the commit messages and source code. - - [1]: This PR: - - add info about target OS version requirements per feature, with OS - names and release years. - - stop using `-Wno-deprecated-declarations` to suppress warnings. - - use `LDFLAGS=-w` to suppress 'object file was built for newer macOS - version than being linked' warnings. - (there were tens of thousands of them in some jobs) - - allow overriding Xcode version in all jobs. - - improve job names. - - abbreviate CMake as CM, autotools as AM for more compact job names. - - shorten job names by using `!` instead of `no-` and `non-`. - - bump parellel tests to 10 (from 5). - - drop using `--enable-maintainer-mode` `./configure` option. - - add gcc-12 no-ssl, autotools job with tests, ignore failing test - results. (It's not yet clear why gcc-12 builds have different runtime - results than clang/llvm ones.) - - add comments with OS names and release years next to version numbers, - e.g. 10.15 # Catalina (2019) - - fix broken gcc-12 SecureTransport build. - - show compiler, Xcode, SDK, gcc hack SDK versions, Homebrew - preinstalled packages and C compiler predefined macros for each job. - Useful for debugging all the strange problems these builds might have. - - merge brew bundle and install steps. - - move step names to the top. - - dump configure log for both cmake and autotools also for successful - builds. Useful for debugging. - - dump curl_config.h in short (sorted #defines) and full form. - - add support for the mainline llvm compiler. - - set sysroot for gcc and llvm. - - add timeout for cmake jobs. - - add new job matrix: combinations - It supports building all possible compiler, runner image, Xcode/SDK - combinations, with cmake and autotools, target OS versions and with or - without SecureTransport. It's quick. GHA limits the maximum number of - matrix jobs at 256. - I used this as a test-rig to fix the macOS build fallouts with gcc and - llvm. - I settled with 16 jobs, trying to maximize fallout coverage. - - implement hack to make Homebrew gcc work with all available SDKs. - - add handy mini-table about Xcode / SDK versions, OS names, years for - each GHA images, with the defaults. - - add tests for cmake jobs. - - make cmake config hack to link GnuTLS less intrusive. - - stop ignoring test 1452, seems fine now. - - fix to enable libpsl in autotools builds. - - enable libpsl in cmake builds. - - add an llvm job with tests (both autotools and cmake). - - delete similar macOS jobs from Circle CI. GHA is now arm64 too. - - [2]: Homebrew GCC vs GHA runner images vs curl builds: - ``` - macOS Xcode gcc gcc SDK hacks Xcode SDK SDK major Build - Compile - (*def) (Homebrew) (CommandLineTools) versions - error - -------- -------- ---------- ------------------ ---------- --------- ----- - --------------------- - macos-12 13.1 GCC 11.4.0 MacOSX12 MacOSX12.0 - macos-12 13.2.1 GCC 11.4.0 MacOSX12 MacOSX12.1 - macos-12 13.3.1 GCC 11.4.0 MacOSX12 MacOSX12.3 - macos-12 13.4.1 GCC 11.4.0 MacOSX12 MacOSX12.3 - macos-12 14.0.1 GCC 11.4.0 MacOSX12 MacOSX12.3 - macos-12 14.1 GCC 11.4.0 MacOSX12 MacOSX13.0 MISMATCH FAIL - /Applications/Xcode_14.1.app/Contents/Developer/Platforms/MacOSX.platform/De - veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be - fore 'extern' - macos-12 *14.2 GCC 11.4.0 MacOSX12 MacOSX13.1 MISMATCH FAIL - /Applications/Xcode_14.2.app/Contents/Developer/Platforms/MacOSX.platform/De - veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be - fore 'extern' - macos-13 14.1 GCC 11.4.0 MacOSX13 MacOSX13.0 - macos-13 14.2 GCC 11.4.0 MacOSX13 MacOSX13.1 - macos-13 14.3.1 GCC 11.4.0 MacOSX13 MacOSX13.3 - macos-13 *15.0.1 GCC 11.4.0 MacOSX13 MacOSX14.0 MISMATCH FAIL - /Applications/Xcode_15.0.1.app/Contents/Developer/Platforms/MacOSX.platform/ - Developer/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown - type name 'dispatch_queue_t' - macos-13 15.1 GCC 11.4.0 MacOSX13 MacOSX14.2 MISMATCH FAIL - /Applications/Xcode_15.1.app/Contents/Developer/Platforms/MacOSX.platform/De - veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown ty - pe name 'dispatch_queue_t' - macos-13 15.2 GCC 11.4.0 MacOSX13 MacOSX14.2 MISMATCH FAIL - /Applications/Xcode_15.2.app/Contents/Developer/Platforms/MacOSX.platform/De - veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown ty - pe name 'dispatch_queue_t' - macos-14 14.3.1 GCC 11.4.0 MacOSX14 MacOSX13.3 MISMATCH FAIL - /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor - e data types in declaration specifiers - macos-14 *15.0.1 GCC 11.4.0 MacOSX14 MacOSX14.0 - macos-14 15.1 GCC 11.4.0 MacOSX14 MacOSX14.2 - macos-14 15.2 GCC 11.4.0 MacOSX14 MacOSX14.2 - macos-14 15.3 GCC 11.4.0 MacOSX14 MacOSX14.4 - macos-14 15.4 GCC 11.4.0 MacOSX14 MacOSX14.5 - macos-14 16.0 GCC 11.4.0 MacOSX14 MacOSX15.0 MISMATCH FAIL - /opt/homebrew/Cellar/gcc@11/11.4.0/lib/gcc/11/gcc/aarch64-apple-darwin23/11/ - include-fixed/stdio.h:83:8: error: unknown type name 'FILE' - macos-12 13.1 GCC 12.4.0 MacOSX12 MacOSX12.0 - macos-12 13.2.1 GCC 12.4.0 MacOSX12 MacOSX12.1 - macos-12 13.3.1 GCC 12.4.0 MacOSX12 MacOSX12.3 - macos-12 13.4.1 GCC 12.4.0 MacOSX12 MacOSX12.3 - macos-12 14.0.1 GCC 12.4.0 MacOSX12 MacOSX12.3 - macos-12 14.1 GCC 12.4.0 MacOSX12 MacOSX13.0 MISMATCH FAIL - /Applications/Xcode_14.1.app/Contents/Developer/Platforms/MacOSX.platform/De - veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be - fore 'extern' - macos-12 *14.2 GCC 12.4.0 MacOSX12 MacOSX13.1 MISMATCH FAIL - /Applications/Xcode_14.2.app/Contents/Developer/Platforms/MacOSX.platform/De - veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be - fore 'extern' - macos-13 14.1 GCC 12.4.0 MacOSX13 MacOSX13.0 - macos-13 14.2 GCC 12.4.0 MacOSX13 MacOSX13.1 - macos-13 14.3.1 GCC 12.4.0 MacOSX13 MacOSX13.3 - macos-13 *15.0.1 GCC 12.4.0 MacOSX13 MacOSX14.0 MISMATCH FAIL - /Applications/Xcode_15.0.1.app/Contents/Developer/Platforms/MacOSX.platform/ - Developer/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown - type name 'dispatch_queue_t' - macos-13 15.1 GCC 12.4.0 MacOSX13 MacOSX14.2 MISMATCH FAIL - /Applications/Xcode_15.1.app/Contents/Developer/Platforms/MacOSX.platform/De - veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown ty - pe name 'dispatch_queue_t' - macos-13 15.2 GCC 12.4.0 MacOSX13 MacOSX14.2 MISMATCH FAIL - /Applications/Xcode_15.2.app/Contents/Developer/Platforms/MacOSX.platform/De - veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown ty - pe name 'dispatch_queue_t' - macos-14 14.3.1 GCC 12.4.0 MacOSX14 MacOSX13.3 MISMATCH - macos-14 *15.0.1 GCC 12.4.0 MacOSX14 MacOSX14.0 - macos-14 15.1 GCC 12.4.0 MacOSX14 MacOSX14.2 - macos-14 15.2 GCC 12.4.0 MacOSX14 MacOSX14.2 - macos-14 15.3 GCC 12.4.0 MacOSX14 MacOSX14.4 - macos-14 15.4 GCC 12.4.0 MacOSX14 MacOSX14.5 - macos-14 16.0 GCC 12.4.0 MacOSX14 MacOSX15.0 MISMATCH FAIL - /opt/homebrew/Cellar/gcc@12/12.4.0/lib/gcc/12/gcc/aarch64-apple-darwin23/12/ - include-fixed/stdio.h:83:8: error: unknown type name 'FILE' - macos-12 13.1 GCC 13.3.0 MacOSX12 MacOSX12.0 - macos-12 13.2.1 GCC 13.3.0 MacOSX12 MacOSX12.1 - macos-12 13.3.1 GCC 13.3.0 MacOSX12 MacOSX12.3 - macos-12 13.4.1 GCC 13.3.0 MacOSX12 MacOSX12.3 - macos-12 14.0.1 GCC 13.3.0 MacOSX12 MacOSX12.3 - macos-12 14.1 GCC 13.3.0 MacOSX12 MacOSX13.0 MISMATCH FAIL - /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor - e data types in declaration specifiers - macos-12 *14.2 GCC 13.3.0 MacOSX12 MacOSX13.1 MISMATCH FAIL - /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor - e data types in declaration specifiers - macos-13 14.1 GCC 13.3.0 MacOSX13 MacOSX13.0 - macos-13 14.2 GCC 13.3.0 MacOSX13 MacOSX13.1 - macos-13 14.3.1 GCC 13.3.0 MacOSX13 MacOSX13.3 - macos-13 *15.0.1 GCC 13.3.0 MacOSX13 MacOSX14.0 MISMATCH FAIL - /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor - e data types in declaration specifiers - macos-13 15.1 GCC 13.3.0 MacOSX13 MacOSX14.2 MISMATCH FAIL - /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor - e data types in declaration specifiers - macos-13 15.2 GCC 13.3.0 MacOSX13 MacOSX14.2 MISMATCH FAIL - /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor - e data types in declaration specifiers - macos-14 14.3.1 GCC 13.3.0 MacOSX14 MacOSX13.3 MISMATCH FAIL - /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor - e data types in declaration specifiers - macos-14 *15.0.1 GCC 13.3.0 MacOSX14 MacOSX14.0 FAIL - /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor - e data types in declaration specifiers - macos-14 15.1 GCC 13.3.0 MacOSX14 MacOSX14.2 FAIL - /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor - e data types in declaration specifiers - macos-14 15.2 GCC 13.3.0 MacOSX14 MacOSX14.2 FAIL - /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor - e data types in declaration specifiers - macos-14 15.3 GCC 13.3.0 MacOSX14 MacOSX14.4 - macos-14 15.4 GCC 13.3.0 MacOSX14 MacOSX14.5 - macos-14 16.0 GCC 13.3.0 MacOSX14 MacOSX15.0 MISMATCH FAIL - /opt/homebrew/Cellar/gcc@13/13.3.0/lib/gcc/13/gcc/aarch64-apple-darwin23/13/ - include-fixed/stdio.h:83:8: error: unknown type name 'FILE' - macos-12 13.1 GCC 14.1.0 MacOSX12 MacOSX12.0 - macos-12 13.2.1 GCC 14.1.0 MacOSX12 MacOSX12.1 - macos-12 13.3.1 GCC 14.1.0 MacOSX12 MacOSX12.3 - macos-12 13.4.1 GCC 14.1.0 MacOSX12 MacOSX12.3 - macos-12 14.0.1 GCC 14.1.0 MacOSX12 MacOSX12.3 - macos-12 14.1 GCC 14.1.0 MacOSX12 MacOSX13.0 MISMATCH FAIL - /Applications/Xcode_14.1.app/Contents/Developer/Platforms/MacOSX.platform/De - veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be - fore 'extern' - macos-12 *14.2 GCC 14.1.0 MacOSX12 MacOSX13.1 MISMATCH FAIL - /Applications/Xcode_14.2.app/Contents/Developer/Platforms/MacOSX.platform/De - veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be - fore 'extern' - macos-13 14.1 GCC 14.1.0 MacOSX13 MacOSX13.0 - macos-13 14.2 GCC 14.1.0 MacOSX13 MacOSX13.1 - macos-13 14.3.1 GCC 14.1.0 MacOSX13 MacOSX13.3 - macos-13 *15.0.1 GCC 14.1.0 MacOSX13 MacOSX14.0 MISMATCH FAIL - /Applications/Xcode_15.0.1.app/Contents/Developer/Platforms/MacOSX.platform/ - Developer/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:70:1: error: type defa - ults to 'int' in declaration of 'DISPATCH_DECL_FACTORY_CLASS_SWIFT' [-Wimplic - it-int] - macos-13 15.1 GCC 14.1.0 MacOSX13 MacOSX14.2 MISMATCH FAIL - /Applications/Xcode_15.1.app/Contents/Developer/Platforms/MacOSX.platform/De - veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:70:1: error: type defaul - ts to 'int' in declaration of 'DISPATCH_DECL_FACTORY_CLASS_SWIFT' [-Wimplicit - -int] - macos-13 15.2 GCC 14.1.0 MacOSX13 MacOSX14.2 MISMATCH FAIL - /Applications/Xcode_15.2.app/Contents/Developer/Platforms/MacOSX.platform/De - veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:70:1: error: type defaul - ts to 'int' in declaration of 'DISPATCH_DECL_FACTORY_CLASS_SWIFT' [-Wimplicit - -int] - macos-14 14.3.1 GCC 14.1.0 MacOSX14 MacOSX13.3 MISMATCH - macos-14 *15.0.1 GCC 14.1.0 MacOSX14 MacOSX14.0 - macos-14 15.1 GCC 14.1.0 MacOSX14 MacOSX14.2 - macos-14 15.2 GCC 14.1.0 MacOSX14 MacOSX14.2 - macos-14 15.3 GCC 14.1.0 MacOSX14 MacOSX14.4 - macos-14 15.4 GCC 14.1.0 MacOSX14 MacOSX14.5 - macos-14 16.0 GCC 14.1.0 MacOSX14 MacOSX15.0 MISMATCH FAIL - /opt/homebrew/Cellar/gcc/14.1.0_1/lib/gcc/current/gcc/aarch64-apple-darwin23 - /14/include-fixed/stdio.h:83:8: error: unknown type name 'FILE' - ``` - Source: https://github.com/curl/curl/actions/runs/9883956647/job/27299564218 - - This commit fixes earlier commit - 1e75edd372868048c9f805ac4ca6d2cb5a88ff5a, reverted in - 41a7e0dcc9681afd91e066411bcee4f369c23366, where I cut the commit - message in half by accident. The patch itself is identical. - - Closes #14097 - -- Revert "GHA/macos: improve, fix gcc/llvm, add new test matrix" - - This reverts commit 1e75edd372868048c9f805ac4ca6d2cb5a88ff5a. - - Due to some parts of the commit message missing (my bad.) - -Daniel Stenberg (19 Jul 2024) - -- Revert "lib: send eos flag" - - This reverts commit be93299f10ef0b2bf7fe5c82140120073831867a. - -Viktor Szakats (19 Jul 2024) - -- GHA/windows: use default shell CI feature - - It makes repeating a line in each step unnecessary. - - Closes #14206 - -- GHA/macos: improve, fix gcc/llvm, add new test matrix - - This PR began as an attempt to drop GCC support, after repeated reports - on fallouts when trying to use it on macOS. - - Then it transformed into a 3-week project turning up the issues causing - the fallouts, ending up including llvm and all available Xcode / macOS - SDK, macOS runner image, build tools and compiler vendors and versions. - Accumulating 400 sub-commits. - - I developed and tested all fixes under this PR, then merged them as - separate patches. - - This PR retained CI jobs updates, extensively reworking and extending - them: [1] - - At first it seemed GCC and the Apple SDK is "naturally" growing more - incompatible, as Apple added further non-standard features to their - headers. This is partly true, but reality is more complicated. - - Besides some issues local to curl, there were bugs in Apple SDK - headers, Homebrew GCC builds, feature missing in the old llvm version - pre-installed on GitHub CI runner images, and subtle incompatibilities - between GCC and llvm/clang when handling language extensions. - - Resulting compiler errors seldom pointed to a useful direction, and - internet search was silent about these issues too. Thus, I had to peel - them off layer by layer, using trial and error, and by recognizing - patterns of failures accross 150-200 builds combinations. Exposing - configure logs, and curl_config.h in the CI logs helped too. - - 1. GCC header compatibility layer ("hack" as GCC calls it) - - The toughest issue is GCC's built-in compatibility layer: - https://github.com/gcc-mirror/gcc/tree/master/fixincludes - - This patch layer is further patched by a "Darwin compatibility" project - applied on top by Homebrew GCC via: - https://github.com/iains/gcc-12-branch - https://github.com/iains/gcc-13-branch - https://github.com/iains/gcc-14-branch - - The hack layer is designed in a way that breaks more builds than it - fixes, esp. in context of GHA runners. The idea is to build GCC - specifically for the SDK for the target macOS version. The problem with - this approach is that the Xcode + SDK installed on the local/CI machine - often does not match with the SDK used on while building GCC on - Homebrew's build machines. In these cases the GCC compatibility layer - turns into an "uncompatibility" layer and consistently breaks builds. - curl cannot offer a fix for this, because the solution (I found) is to - patch the toolchain on the local machine. I implemented this for our CI - builds and curl-for-win. In other case the user must do this patching - manually, or choose a compatible GCC + Xcode/SDK combination. - - An upstream fix doesn't seem trivial either, because the issue is - ingrained in the compatibility layer's design. Offering an `-fapplesdk` - (or recognizing `-target`) option and/or fixing them within the compiler - would seem like a more robust option, and also how mainline llvm solves - this. - - Here's a table summarizing the GCC + SDK combinations and curl build - failures: [2] - - More info: https://github.com/curl/curl/issues/10356#issuecomment-2222734103 - - db135f8d7207b20d531e7e2100a49f3e16bdcfab #14119 macos: add workaround for gcc - , non-c-ares, IPv6, compile error - Ref: https://github.com/curl/curl-for-win/commit/e2db3c475f5981352e6e6a79854a - 255805b28deb - Ref: https://github.com/curl/curl-for-win/commit/f5c58d7fef78e972be33ca2355dc - b42ba56622a6 - - 2. Homebrew GCC's `availability` extension - - A recent minor Homebrew GCC upgrade caused major breakage. The "Darwin - compatibility" patch applied to GCC implemented the `availability` - compiler attribute in GCC. Apple SDK detected this and enabled using - them, but as it turns out GCC accepts compiler attributes with slightly - different rules than llvm/clang, and how the Apple SDK uses them, - breaking builds. - - Affected Homebrew GCC versions are: 12.4.0, 13.3.0 and 14.1.0. - - Possibly tracked here: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796 - More info: https://github.com/llvm/llvm-project/issues/81767 - - Commit implementing the `availability` macro: - gcc-12: https://github.com/iains/gcc-12-branch/commit/fd5530b7cb0012bf4faeddd - 45e13054a1dfa6783 - gcc-13: https://github.com/iains/gcc-13-branch/commit/cb7e4eca68cfc4763474e2e - b0935a844458842a8 - gcc-14: https://github.com/iains/gcc-14-branch/commit/ff62a108865a6403f501738 - 0d7018250c1d3306f - - That applied to Homebrew GCC (12.4.0): - https://github.com/Homebrew/homebrew-core/commit/b904223d9893f62bec2a8f7483bf - 5992747fc6c7#diff-89dd0b4176eca7fcc24b591943509bf8a8d6ea904d71e5dfcd6b78fed62 - fc574R44-R48 - - Ref: #13700 - More info: https://github.com/curl/curl/pull/14091#issuecomment-2222703468 - - e91fcbac7d86292858718a0bfebad57978761af4 #14155 macos: undo `availability` ma - cro enabled by Homebrew gcc - - 3. Proprietary Apple SDK macros - - Apple SDK expects certain macros predefined by the compiler. Missing - them may causes odd issues. Mainline llvm is keeping up with Apple - clang, but it needs a fresh version, while the one installed on GitHub - runners is old (v15). I patched these in `lib/curl_setup.h`. - - baa3270846b2a7307cbd0dd5c02c4e5f00e388dd #14134 build: fix llvm 16 or older + - Xcode 15 or newer, and gcc - - 4. Apple SDK header bug - - Without certain predefined macros, SDK headers can take a codepath where - it mis-defines its own `TARGET_OS_OSX` macro, which make it break its - own headers later. I patched it in `lib/curl_setup.h`. - - ff784af461175584c73e7e2b65af00b1a5a6f67f #14159 build: fix llvm 17 and older - + macOS SDK 14.4 and newer - - 5. `TargetConditionals.h` requires `sys/types.h` - - Fixed in curl. It caused feature-detection failurs with autotools, and - could break builds in certain configurations. - - e1f6192939c9c5ab2310b60bedf4c07d635193f6 #14130 configure: fix `SystemConfigu - ration` detection - - 6. Differences between autotools and CMake compiler options - - Fixed it by syncing compiler warning options. - - 59cadacfcc1d39472245979cdbd614c7a9af6f0d #14128 build: sync warning options b - etween autotools, cmake & compilers - - 7. Differences between autotools and CMake dependency detection - - Fixed it by improving detection of libidn2, with some more fixes - pending for the next feature window. - - f43adc2c4978f7f82a359e89186e58a31d17b0ad #14137 cmake: detect `libidn2` also - via `pkg-config` - Ref: #14136 cmake: detect `nghttp2` via `pkg-config`, enable by default - - 8. libidn2 detection bug with CMake - - Fixed the root cause and also the trigger in the CI config. - - 764fbabf6ed4c1d36c0ab2033ac8df52d9923cd7 #14175 cmake: fix builds with detect - ed libidn2 lib but undetected header - - 9. Suppressed compiler warnings inside Apple-specific curl code - - Fixed these warnings, which allowed to stop silencing them. - - b05dc7eb3592305de9fa85640767f3dd2a8d4c93 #14122 sectransp: fix `HAVE_BUILTIN_ - AVAILABLE` checks to not emit warnings - 5fa534b0dacdc120aaab0766047e0ecac37be4b3 #14162 sectransp: fix clang compiler - warnings, stop silencing them - - 10. CMake mis-detecting a CA bundle path on macOS - - d2ef6255f4a040397d2f40ab7cbf65a203201cd9 #14182 cmake: sync CA bundle/path de - tection with autotools - - 11. Failure to build tests with LibreSSL or wolfSSL with CMake - - Fixed by dropping unnecessary includes, makign test builds dependent - on dependency headers. - - 3765d75ce47b66289f946382b649d0e99389dc77 #14172 cmake: fix building `unit1600 - ` due to missing `ssl/openssl.h` - - 12. curl tests with CMake - - curl's CMake was missing bits for running the C preprocessor accurately. - It made tests 1119 and 1167 fail. I implemented the missing bits. - - efc2c5184d008fe2e5910fd03263e1ab0331d4e6 #14124 tests: include current direct - ory when running test Perl commands - c09db8b51b88ee6ad55bd637dcb4b47678e30906 #14129 cmake: create `configurehelp. - pm` like autotools does - 67cc1e3400b77536a3ca529c986247e1ef985e6e #14125 test1119: adapt for `.md` inp - ut - - 13. GCC missing `__builtin_available()` support - - curl source code assumes this is available to enable certain codepaths. - It's also intermixed with monotonic timer support. - - 14. Monotonic timer support with GCC - - Detected by GCC, while it probably shouldn't be. llvm/clang detects it - depending on target OS version. I've been playing with this, but so far - without a conclusion or fix. - - 15. Runtime/test failures with GCC - - I couldn't find the reason for most of this. A bunch of RTSP tests fail - with GCC. SecureTransport + HTTP/2 is failing a bunch of tests. With - OpenSSL it fails two of those. SecureTransport builds also fail one DoH - test. - - 16. Runtime/test failure in llvm/clang - - AppleIDN support received a fix with two more remaining. - - fd0250869f7837e4a48d7e6f54cc0801ad3820e8 #14179 #14176 IDN: fix ß with Apple - IDN - - 17. Other issues found and fixed while working on this: - - 2c15aa5765900d4351e733671a1c8c3785beee1a GHA/macos: delete misplaced ` - CFLAGS`, drop redundant CMake option - 80fb7c0bef209735ab352bf4afa31193a7bc65f1 #14126 configure: limit `SystemConfi - guration` test to non-c-ares, IPv6 builds - cfd6f43d6ca7e57670b422bab7bbf10221a2cf3e #14127 build: tidy up `__builtin_ava - ilable` feature checks (Apple) - bae555359979016999a9425a2d489f219a78abdd #14174 runtests: show name and keywo - rds for failed tests in summary - 09cdf7e5315711dea4ce7dcf5d99a4d41e7f658b #14178 cmake: delete unused `HAVE_LI - BSSH2`, `HAVE_LIBSOCKET` macros - d3595c74fab829f07ef44da1b7fc2f5668767020 #14186 configure: CA bundle/path det - ection fixes - 58772b0e082eda333e0a5fc8fb0bc7f17a3cd99c #14187 runtests: set `SOURCE_DATE_EP - OCH` to fix failing around midnight - 18f1cd7a77c4beecfd977d43f55634eb593ac99e #14183 tests: sync feature names wit - h `curl -V` - 4c22d97be786ed801e050da6872dd3143d6d0a59 #14181 build: use `#error` instead o - f invalid syntax - - Pending merge: - -Daniel Stenberg (19 Jul 2024) - -- RELEASE-NOTES: synced - -Stefan Eissing (18 Jul 2024) - -- lib: send eos flag - - Adds a `bool eos` flag to send methods to indicate that the data is the - last chunk the invovled transfer wants to send to the server. - - This will help protocol filters like HTTP/2 and 3 to forward the - stream's EOF flag and also allow to EAGAIN such calls when buffers are - not yet fully flushed. - - Closes #14220 - -Bhanu Prakash (18 Jul 2024) - -- mbedtls: correct the error message for cert blob parsing failure - - Closes #14224 - -Daniel Stenberg (18 Jul 2024) - -- curldown: make 'added-in:' a mandatory header field - - - generate AVAILABILITY manpage sections automatically - for consistent - wording - - - allows us to double-check against other documumentation (symbols-in-version - s - etc) - - - enables proper automation/scripting based on this data - - - lots of them were wrong or missing in the manpages - - - several of them repeated (sometimes mismatching) backend support info - - Add test 1488 to verify "added-in" version numbers against - symbols-in-versions. - - Closes #14217 - -Stefan Eissing (18 Jul 2024) - -- doh: fix cleanup - - When removing an easy handle that had DoH sub-easy handles going, those - were not removed from the multi handle. Their memory was reclaimed on - curl_easy_cleanup() of the owning handle, but multi still had them in - their list. - - Add `Curl_doh_close()` and `Curl_doh_cleanup()` as common point for - handling the DoH resource management. Use the `multi` present in the doh - handles (if so), for removal, as the `data->multi` might already have - been NULLed at this time. - - Reported-by: 罗朝辉 - Fixes #14207 - Closes #14212 - -Daniel Stenberg (18 Jul 2024) - -- tests/scripts: call it 'manpage' (single word) - - Mostly in comments - - Closes #14216 - -Alex Snast (18 Jul 2024) - -- http/3: resume upload on ack if we have more data to send - - Currently we're waiting for sendbuf_len_in_flight to hit zero before - resuming upload which means we're blocking and waiting for _all_ acks to - arrive before sending more data. This causes significant delays especially - when ack delay is used on the server side. - - The fix addresses several issues in h3 over ngtcp2: - - On ack we now call nghttp3_conn_resume_stream() when we have more - data to send. - - upload_left was incorrectly computed on CF_CTRL_DATA_DONE_SEND as - we need to subtract the ammount of data we have in flight. - - Remove upload_blocked_len as we Curl_bufq_write call will do the - right thing when called from cf_ngtcp2_send. - - Fixes #14198 - Closes #14209 - -Daniel Stenberg (18 Jul 2024) - -- idn: make macidn fail before trying conversion if name too long - - - double the max name length to 512 bytes - - Closes #14215 - -z2_ (18 Jul 2024) - -- idn: tweak buffer use when converting with macidn - - Closes #14215 - -Orgad Shaneh (18 Jul 2024) - -- lib: add failure reason on bind errors - - Closes #14221 - -Stefan Eissing (18 Jul 2024) - -- pytests: scorecard upload tests - - - add upload tests to scorecard, invoke with - > python3 tests/http/scorecard.py -u h1|h2|h3 - - add a reverse proxy setup from Caddy to httpd for - upload tests since Caddy does not have other PUT/POST handling - - add caddy tests in test_08 for POST/PUT - - increase read buffer in mod_curltest for larger reads - - Closes #14208 - -Viktor Szakats (18 Jul 2024) - -- runtests: fix newline glitch in FAIL details - - Follow-up to bae555359979016999a9425a2d489f219a78abdd #14174 - -- runtests: show name and keywords for failed tests in summary - - Useful to see what the numbers listed in the `TESTFAIL:` and `IGNORED:` - lines mean. Also list test keywords to help catching failure patterns. - - Example: - ``` - FAIL 1034: 'HTTP over proxy with malformatted IDN host name' HTTP, HTTP GET, - HTTP proxy, IDN, FAILURE, config file - FAIL 1035: 'HTTP over proxy with too long IDN host name' HTTP, HTTP GET, HTTP - proxy, IDN, FAILURE - - TESTFAIL: These test cases failed: 1034 1035 - ``` - - Closes #14174 - -Tal Regev (16 Jul 2024) - -- GHA/windows: add MSVC wolfSSL job with test - - Fix the file of wolfssl.c because of this warning/error: - ``` - curl\lib\vtls\wolfssl.c(1017,42): error C2220: the following warning is treat - ed as an error [curl\bld\lib\libcurl_object.vcxproj] - curl\lib\vtls\wolfssl.c(1017,42): warning C4267: 'function': conversion from - 'size_t' to 'unsigned long', possible loss of data [curl\bld\lib\libcurl_obje - ct.vcxproj] - ``` - - `size_t` in MSVC is different. Change it to `unsigned long` because - `wolfSSL_ERR_error_string_n` last argument is defined as - `unsigned long`. - - Closes #14193 - -Viktor Szakats (16 Jul 2024) - -- cmake: delete unused `HAVE_LIBSSH2`, `HAVE_LIBSOCKET` macros - - - `HAVE_LIBSSH2`: unused in source. Not defined in CMake. - - - `HAVE_LIBSOCKET`: unused in source. Used internally in CMake. - - autotools sets them implicitly, so add them to the flag comparison - ignore-list. - - Closes #14178 - -- cmake: create `configurehelp.pm` like autotools does - - Required by tests 1119 and 1167 to run a C preprocessor. - - Tested OK: https://github.com/curl/curl/actions/runs/9915343826 - - Besides Apple, it also supports any gcc and clang builds, and MSVC. - For other platforms, it defaults to `cpp` (like autotools). - - Follow-up to efc2c5184d008fe2e5910fd03263e1ab0331d4e6 #14124 - Cherry-picked from #14097 - Closes #14129 - -- cmake: sync CA bundle/path detection with autotools - - - skip the entire CA logic if no selected TLS backend support CA - certs/bundles. - Follow-up to 082bb41311a832ae1b83bb8fe1dfdefcf4e68ea5 #2545 - - - sync bundle path detection logic with `./configure`. - - - fix to not auto-detect CA bundle/path on Windows. - - - fix to reflect that BearSSL has CA bundle support. - - - show the detected bundle path (as with the cert bundle). - - - tidy up CMake syntax, fix typos in comments. - - Closes #14182 - -- configure: CA bundle/path detection fixes - - - fix to not auto-detect CA bundle/path on Windows. - - - two checks missed BearSSL, but they were only run for supported - TLS backends anyway. Delete these redundant checks. - - - fix typos in a comment nearby. - - Follow-up to 082bb41311a832ae1b83bb8fe1dfdefcf4e68ea5 #2545 - Closes #14186 - -- runtests: set `SOURCE_DATE_EPOCH` to fix failing around midnight - - To make sure that `managen` called by test 1706 uses the same date as - the test expects in the `%DATE` macro. - - Before this patch when tests started running before UTC midnight and - reached test 1706 after, these dates were different and the test failed. - - Follow-up to 0e73b69b3dd6d174226c60406d3c4266754d70f8 - Fixes #14173 - Closes #14187 - -- GHA/windows: verify 1448 2046 2047 in IDN Unicode jobs - - These IDN tests pass with Unicode and fail without. - - Follow-up to cb22cfca69bded45bf7f9c72c8e6764990490f11 #14077 - Closes #14188 - -- tests: sync feature names with `curl -V` - - Some feature names used in tests had minor differences compared to - the well-known ones from `curl -V`. This patch syncs them to make test - results easier to grok. - - Closes #14183 - -Stefan Eissing (15 Jul 2024) - -- sendf: fix CRLF conversion of input - - When CRLF line end conversion was enabled (--crlf), input after the last - newline in the upload buffer was not sent, if the buffer contained a - newline. - - Reported-by: vuonganh1993 on github - Fixes #14165 - Closes #14169 - -- test2600: disable on win32 - - - disbable this test on WIN32 platforms. It uses the file describtor '1' - as valid socket without events. Not portable. - - reduce trace output somewhat on other runs - - Fixes #14177 - Reported-by: Viktor Szakats - Closes #14191 - -- smtp: for starttls, do full upgrade - - - make sure the TLS handshake after a successful STARTTLS command is - fully done before further sending/receiving on the connection. - - Reported-by: tomy2105 on github - Fixes #14166 - Closes #14190 - -Daniel Stenberg (14 Jul 2024) - -- RELEASE-NOTES: synced - -Viktor Szakats (14 Jul 2024) - -- build: use `#error` instead of invalid syntax - - It reduces configure log noise. - - Follow-up to 20c1b2d75ee38189ffa75d21ed04108e1e0630ae #13287 - Closes #14181 - -Daniel Stenberg (14 Jul 2024) - -- libcurl-docs: make option lists alpha-sorted - - The man pages for curl_easy_getinfo, curl_easy_setopt and - curl_multi_setopt now feature the lists of options alphabetically - sorted. Test 1139 verify that they are. - - The curl_multi_setopt page also got brief explanations of the listed - options. - - Closes #14156 - -Christian Schmitz (14 Jul 2024) - -- IDN: fix ß with AppleIDN - - Add flags UIDNA_NONTRANSITIONAL_TO_ASCII and - UIDNA_NONTRANSITIONAL_TO_UNICODE to encode ß correctly. - - It fixes test 165. - - Reported-by: Viktor Szakats - Bug: #14176 - Closes #14179 - -Viktor Szakats (14 Jul 2024) - -- cmake: fix builds with detected libidn2 lib but undetected header - - It caused IDN to appear in `curl-config`, `libidn2` referenced from - `libcurl.pc`, fail to fallback to `pkg-config` detection. But libidn2 - not actually used. - - It came up in macOS CI builds after enabling cmake build tests. It - remained hidden for a while due to setting `-DUSE_APPLE_IDN=ON`. - - (The half-detection of Homebrew libidn2 was the result of configuring - with `-DCMAKE_EXE_LINKER_FLAGS=-L$(brew --prefix)/lib`, to fix - linking GnuTLS that needs the `nettle` lib from the brew prefix.) - - ``` - FAIL 1014: [Compare curl --version with curl-config --features] curl-config - ``` - Ref: https://github.com/curl/curl/actions/runs/9919357748/job/27405080722 - - Cherry-picked from #14097 - Closes #14175 - -- cmake: fix building `unit1600` due to missing `ssl/openssl.h` - - In specific builds configs, cmake failed to build test `unit1600`, - due missing an OpenSSL (or wolfSSL) header. - - The test code relies on `lib/curl_ntlm_core.h`, which in turn included - TLS library headers. But, dependency header directories are not setup - in cmake for tests, because they should not normally be needed. - - The issue was hidden in most builds because TLS headers are usually - found under the system prefix. One counterexample is macOS + Homebrew - LibreSSL builds, where OpenSSL is purposefully unlinked from there to - avoid a mixup with LibreSSL that resides under its own prefix. It was - also hidden in autotools, possibly because it sets up header directories - globally, tests included. - - The actual bug however is that `lib/curl_ntlm_core.h` should not include - TLS headers. None of its internal users need it, and `curl_ntlm_core.c` - included them already directly. - - Fix it by deleting the TLS header includes from this internal header. - - Fixes: - ``` - In file included from curl/tests/unit/unit1600.c:27: - curl/lib/curl_ntlm_core.h:32:12: fatal error: 'openssl/ssl.h' file not found - # include - ^~~~~~~~~~~~~~~ - ``` - Ref: https://github.com/curl/curl/actions/runs/9912684737/job/27388041520#ste - p:12:1694 - - Follow-up to 48eb71ade41d4b37f416b643063cab846ac027a2 #10322 - Cherry-picked from #14097 - Closes #14172 - -- sectransp: fix clang compiler warnings, stop silencing them - - Fix `-Wpointer-bool-conversion` warnings with the method suggested by - both Apple clang and mainline llvm. This was already tried and dropped - in #1705 (in year 2017), but the issue reported there no longer - replicates. - - Verified with Apple clang 14, llvm 15, llvm 18 and gcc 11, 14 that the - generated objects are bit by bit identical before and after this patch. - - Also: - - stop silencing `-Wtautological-pointer-compare`. This warning don't - seem to be appearing anymore (with or without this patch), at least - with the tested compilers and SDKs (clang 13.1.6-16.0.0beta, llvm 15, - 18, gcc 11, 14) and minimum macOS target of 10.8. Older targets fail - to build curl with SecureTransport. - - - silence `-Wunreachable-code` for clang only. Previously I applied it - also to GCC, by mistake. - Ref: https://github.com/curl/curl/pull/12331/commits/8d7172d20a48ebc6c1b1d9 - 4a76e2c5fb19dd9bfa - - Apple clang `-Wpointer-bool-conversion`: - ``` - curl/lib/vtls/sectransp.c:1103:6: error: address of function 'SSLCreateContex - t' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] - if(SSLCreateContext) { /* use the newer API if available */ - ~~ ^~~~~~~~~~~~~~~~ - curl/lib/vtls/sectransp.c:1103:6: note: prefix with the address-of operator t - o silence this warning - if(SSLCreateContext) { /* use the newer API if available */ - ^ - & - ``` - Ref: https://github.com/curl/curl/actions/runs/9819538439/job/27113201384#ste - p:8:382 - - llvm `-Wpointer-bool-conversion`: - ``` - curl/lib/vtls/sectransp.c:2663:8: error: address of function 'SSLCreateContex - t' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] - if(SSLCreateContext) - ~~ ^~~~~~~~~~~~~~~~ - curl/lib/vtls/sectransp.c:2663:8: note: prefix with the address-of operator t - o silence this warning - if(SSLCreateContext) - ^ - & - ``` - Ref: https://github.com/curl/curl/actions/runs/9819538439/job/27113200291#ste - p:8:417 - - gcc still needs `-Waddress` suppressed to avoid these: - ``` - curl/lib/vtls/n/sectransp.c: In function 'getsubject': - curl/lib/vtls/n/sectransp.c:379:6: warning: the address of 'SecCertificateCop - yLongDescription' will always evaluate as 'true' [-Waddress] - 379 | if(&SecCertificateCopyLongDescription) - | ^ - [...] - ``` - - Follow-up to 59cadacfcc1d39472245979cdbd614c7a9af6f0d #14128 - Follow-up to af271ce9b9717ba289417e9cbb7f278c2a12f959 #1722 - Follow-up to 2b7ce3f56dfede107113c6de7d0ca457109d3eda #1706 - Cherry-picked from #14097 - Closes #14162 - -- CI/circleci: config tidy-ups, bump up test parallelism - - - bump parallel test for Linux jobs. - Credit-to: Dan Fandrich - Cherry-picked from #11510 - - bump parallel test for macOS jobs. - - drop no longer necessary `-Wno-vla` option. - - fold long lines. - - drop `--enable-maintainer-mode` `./configure` option. - - replace a hard-coded prefix with `brew --prefix`. - - update documentation link. - - move `--enable-debug` in front. - - tidy up quotes. - - Closes #14171 - -- GHA/windows: re-add gsasl to MSVC jobs - - Now that the package reached the CI runner image. - - Follow-up to f99c08dba40307c07341013ff5f71fa8e3464ffc #14090 - Follow-up to e26cbe20cbedbea0ca743dd33880517309315cb2 #13979 - - Closes #14170 - -- tidy-up: adjust casing of project names - - Mostly TLS/SSH project name. - - Closes #14160 - -Daniel Stenberg (12 Jul 2024) - -- ISSUE_TEMPLATE/docs: correct the field identifiers - -Stephen Farrell (12 Jul 2024) - -- doh: fix leak and zero-length HTTPS RR crash - - This PR fixes a leak and a crash that can happen when curl encounters - bad HTTPS RR values in DNS. We're starting to do better testing of that - kind of thing and e.g. have published bad HTTPS RR values at - dodgy.test.defo.ie. - - Closes #14151 - -Daniel Stenberg (12 Jul 2024) - -- curl_global_init.md: polish the thread-safe wording - - Since this has been thread-safe for two years now, few users actually - are hurt by the previous unsafe ways. - - Closes #14158 - -Viktor Szakats (12 Jul 2024) - -- GHA: FreeBSD 14.1, actions bump - - - bump FreeBSD to 14.1 - - - update cross-platform-actions/action action to v0.25.0 - - Closes #14157 - Closes #14164 - -- build: fix llvm 17 and older + macOS SDK 14.4 and newer - - Fixup faulty target macro initialization in macOS SDK since v14.4 (as of - 15.0 beta). The SDK target detection in `TargetConditionals.h` correctly - detects macOS, but fails to set the macro's old name `TARGET_OS_OSX`, - then continues to set it to a default value of 0. Other parts of the SDK - still rely on the old name, and with this inconsistency our builds fail - due to missing declarations. It happens when using mainline llvm older - than v18. Later versions fixed it by predefining these target macros, - avoiding the faulty dynamic detection. gcc is not affected (for now) - because it lacks the necessary dynamic detection features, so the SDK - falls back to a codepath that sets both the old and new macro to 1. - - Also move the `TargetConditionals.h` include to the top of to make sure - including it also for c-ares builds, combined with SecureTransport or - other curl features that may call use an Apple SDK. - - Before this patch, affected build combinations (e.g. in GHA runners, - llvm@15 + Xcode 15.3, 15.4, 16.0 with their default SDKs + - SecureTransport) fail with: - ``` - error: use of undeclared identifier 'noErr' - or 'SecCertificateCopyLongDescription' - or 'SecItemImportExportKeyParameters' - or 'SecExternalFormat' - or 'SecExternalItemType' - or 'SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION' - ``` - - Example: - ``` - curl/lib/vtls/sectransp.c:311:18: error: use of undeclared identifier 'noErr' - OSStatus rtn = noErr; - ^ - curl/lib/vtls/sectransp.c:379:7: error: use of undeclared identifier 'SecCert - ificateCopyLongDescription' - if(&SecCertificateCopyLongDescription) - ^ - curl/lib/vtls/sectransp.c:381:7: error: call to undeclared function 'SecCerti - ficateCopyLongDescription'; ISO C99 and later do not support implicit functio - n declarations [-Werror,-Wimplicit-function-declaration] - SecCertificateCopyLongDescription(NULL, cert, NULL); - ^ - curl/lib/vtls/sectransp.c:380:25: error: incompatible integer to pointer conv - ersion assigning to 'CFStringRef' (aka 'const struct __CFString *') from 'int - ' [-Wint-conversion] - server_cert_summary = - ^ - [...] - ``` - Ref: https://github.com/curl/curl/actions/runs/9893867519/job/27330135969#ste - p:10:22 - - llvm v18 patches implementing the predefined macros: - https://github.com/llvm/llvm-project/pull/74676 - https://github.com/llvm/llvm-project/commit/6e1f19168bca7e3bd4eefda50ba03eac8 - 441dbbf - https://github.com/llvm/llvm-project/pull/82833 - https://github.com/llvm/llvm-project/commit/e5ed7b6e2fd368b722b6359556cd01258 - 81e7638 - - Cherry-picked from #14097 - Closes #14159 - -- macos: undo `availability` macro enabled by Homebrew gcc - - Homebrew gcc builds starting with 12.4.0, 13.3.0 and 14.1.0 enabled - the `availability` attribute. - - This broke builds because the way the Apple SDK uses attributes (when - available) are incompatible with how gcc accepts them. Causing these - errors: - ``` - error: attributes should be specified before the declarator in a function d - efinition - error: expected ',' or '}' before - ``` - - Upstream commits implementing the `availability` macro: - gcc-12: https://github.com/iains/gcc-12-branch/commit/fd5530b7cb0012bf4faeddd - 45e13054a1dfa6783 - gcc-13: https://github.com/iains/gcc-13-branch/commit/cb7e4eca68cfc4763474e2e - b0935a844458842a8 - gcc-14: https://github.com/iains/gcc-14-branch/commit/ff62a108865a6403f501738 - 0d7018250c1d3306f - - The project above is a Darwin gcc compatibility pack, that is applied - to Homebrew gcc builds. - - This patch works by redefining the `availability` macro to an invalid - value, making `__has_attribute(availability)` checks fail, stopping - Apple SDK from inserting the incompatible attributes. - - It also replaces the previous, local workaround for `lib/macos.c`. - - Example with gcc 12.4.0 with macOS SDK 14.0 (Xcode 15.0.1): - ``` - In file included from /MacOSX14.0.sdk/System/Library/Frameworks/ - CoreFoundation.framework/Headers/CoreFoundation.h:54, - from /MacOSX14.0.sdk/System/Library/Frameworks/ - SystemConfiguration.framework/Headers/SCDynamicStoreCopySpecific.h:30, - from /Users/runner/work/curl/curl/lib/macos.c:33, - from /Users/runner/work/curl/curl/build/lib/CMakeFiles/libcu - rl_shared.dir/Unity/unity_0_c.c:244: - /MacOSX14.0.sdk/System/Library/Frameworks/CoreFoundation.framewo - rk/Headers/CFUserNotification.h:126:1: error: attributes should be specified - before the declarator in a function definition - 126 | CF_INLINE CFOptionFlags CFUserNotificationCheckBoxChecked(CFIndex i) - API_AVAILABLE(macos(10.0)) API_UNAVAILABLE(ios, watchos, tvos) {return ((CFOp - tionFlags)(1UL << (8 + i)));} - | ^~~~~~~~~ - ``` - Ref: https://github.com/curl/curl/actions/runs/9787982387/job/27025351601?pr= - 14096#step:7:18 - - The gcc vs. llvm/clang incompatibility possibly tracked here upstream: - https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796 - More info: - https://github.com/llvm/llvm-project/issues/81767 - https://github.com/gcc-mirror/gcc/commit/8433baadec88e5f31fa141b6d78094e912 - 56079d - https://discourse.llvm.org/t/changing-attribute-ast-printing-location-for-g - cc-compatibility/73215 - https://reviews.llvm.org/D159362 - - Follow-up to db135f8d7207b20d531e7e2100a49f3e16bdcfab #14119 - Ref: https://github.com/curl/curl/pull/14091#issuecomment-2222703468 - Fixes #13700 - Cherry-picked from #14097 - Closes #14155 - -Daniel Stenberg (11 Jul 2024) - -- ISSUE_TEMPLATE/docs: add a separate GitHub issue template for documentation - - As such problems don't really fit the code related template - - Closes #14161 - -Dan Fandrich (11 Jul 2024) - -- DISTROS: add AlmaLinux package source link - -Viktor Szakats (11 Jul 2024) - -- GHA/windows: ignore FTP test results for old-mingw-w64 [ci skip] - - Missed from previous commit. They are flaky here as well. - - Follow-up to 0b81eccd22fb915aa6b679c0fd23a8a89332dc9e - -Daniel Stenberg (11 Jul 2024) - -- libcurl-easy.md: now *more* than 300 options - - it previously said "almost 300". - - Also cleaned up the language somewhat. - - Closes #14153 - -Martin Peck (10 Jul 2024) - -- MANUAL.md: wrap two example urls that overrun styling - - Closes #14149 - -renovate[bot] (10 Jul 2024) - -- GHA: update wolfSSL and mod_h2 - - - wolfSSL/wolfssl to v5.7.2 - - icing/mod_h2 to v2.0.29 - - Closes #14131 - Closes #14148 - -Dominik Piątkowski (10 Jul 2024) - -- docs: start markdown headers with capital letter where applicable - - Closes #14115 - -CMD (10 Jul 2024) - -- hostip: skip error check for infallible function call - - Closes #14147 - -Daniel Stenberg (10 Jul 2024) - -- cf-socket: remove two "useless" assignments - - 'nread' is already -1, no need to assign it again - - Pointed out by CodeSonar - - Closes #14145 - -Viktor Szakats (10 Jul 2024) - -- cmake: detect `libidn2` also via `pkg-config` - - Also: - - GHA/non-native: install `pkg-config` to detect libidn2 with cmake - on NetBSD and FreeBSD. - - GHA/non-native: tidy-up `curl --version` command if here. - - Cherry-picked from #14097 - Closes #14137 - -- build: fix llvm 16 or older + Xcode 15 or newer, and gcc - - Xcode v15 (2023) or newer requires the built-in macro - `__ENVIRONMENT_OS_VERSION_MIN_REQUIRED__`. This macro is missing from - mainline llvm versions released earlier. llvm v17 introduced it here: - https://github.com/llvm/llvm-project/commit/c8e2dd8c6f490b68e41fe663b44535a8a - 21dfeab - - This patch defines the missing macro when the necessary conditions - align, by using the value via the macro's old name. - - The issue affected SecureTransport builds: The SecureTransport code, - `lib/md4.c` and `lib/md5.c`. - - Existing gcc versions (as of v14) also don't define this macro, so apply - the patch to it as well. Even though gcc is incompatible in other ways, - so this isn't fixing an actual curl build case that I could find yet. - - GHA macOS runner images have llvm v15 pre-installed, which broke builds - when building with an affected Xcode: - ``` - curl/lib/md4.c:80:14: error: '__ENVIRONMENT_OS_VERSION_MIN_REQUIRED__' is not - defined, evaluates to 0 [-Werror,-Wundef] - (__MAC_OS_X_VERSION_MIN_REQUIRED < 101500)) || \ - ^ - /Applications/Xcode_15.1.app/Contents/Developer/Platforms/MacOSX.platform/Dev - eloper/SDKs/MacOSX14.2.sdk/usr/include/AvailabilityInternal.h:40:53: note: ex - panded from macro '__MAC_OS_X_VERSION_MIN_REQUIRED' - #define __MAC_OS_X_VERSION_MIN_REQUIRED __ENVIRONMENT_OS_VERSION_ - MIN_REQUIRED__ - ^ - In file included from curl/build/lib/CMakeFiles/libcurl_shared.dir/Unity/unit - y_0_c.c:250: - curl/lib/md5.c:75:14: error: '__ENVIRONMENT_OS_VERSION_MIN_REQUIRED__' is not - defined, evaluates to 0 [-Werror,-Wundef] - (__MAC_OS_X_VERSION_MIN_REQUIRED < 101500)) || \ - ^ - /Applications/Xcode_15.1.app/Contents/Developer/Platforms/MacOSX.platform/Dev - eloper/SDKs/MacOSX14.2.sdk/usr/include/AvailabilityInternal.h:40:53: note: ex - panded from macro '__MAC_OS_X_VERSION_MIN_REQUIRED' - #define __MAC_OS_X_VERSION_MIN_REQUIRED __ENVIRONMENT_OS_VERSION_ - MIN_REQUIRED__ - ^ - 2 errors generated. - ``` - Ref: https://github.com/curl/curl/actions/runs/9811974634/job/27095218578#ste - p:4:20 - - Cherry-picked from #14097 - Closes #14134 - -- build: tidy up `__builtin_available` feature checks (Apple) - - - sync detection snippet between autotools and cmake - It wasn't causing issues, but it's useful to avoid unnecessary - differences while debugging. - - - cmake: limit check to `APPLE`. - - Ref: b05dc7eb3592305de9fa85640767f3dd2a8d4c93 #14122 - Cherry-picked from #14097 - Closes #14127 - -- configure: limit `SystemConfiguration` test to non-c-ares, IPv6 builds - - The framework this check detects is necessary for the function - `SCDynamicStoreCopyProxies()` used in `lib/macos.c`. Non-c-ares, - IPv6-enabled builds touch this codepath. - - Limit the feature check for builds that actually need it. - - It brings this in sync with CMake which already worked this way. - - Cherry-picked from #14097 - Closes #14126 - -- configure: fix `SystemConfiguration` detection - - Before this patch, `SystemConfiguration` detection failed due to this - error when compiling the detection snippet: - ``` - /Applications/Xcode_15.3.app/Contents/Developer/Platforms/MacOSX.platform/Dev - eloper/SDKs/MacOSX.sdk/usr/include/TargetConditionals.h:140:50: error: missin - g binary operator before token "(" - 140 | #if !defined(__has_extension) || !__has_extension(define_target_os_ma - cros) - | ^ - ``` - Ref: https://github.com/curl/curl/actions/runs/9821817534/job/27117929218#ste - p:6:1079 - - It occured with gcc-11 when combined with macOS SDK 14.4 and 14.5 - (default SDKs in Xcode 15.3 and 15.4 respectively). It did not happen - with earlier releases. - - Despite the failure in `./configure`, `lib/macos.c` compiled with - Apple's `TargetConditionals.h` just fine. - - Turns out that including the `sys/types.h` header before the SDK - header fixes the error and makes the detection snippet compile. - - Cherry-picked from #14097 - Closes #14130 - -- build: sync warning options between autotools, cmake & compilers - - - cmake: enable Apple-specific `-Werror=partial-availability` to match - autotools. - - - autotools: enable `-pedantic-errors` with llvm/clang to match gcc and - CMake. - - - autotools: enable `-Werror-implicit-function-declaration` for - llvm/clang to match gcc. - - - cmake: enable `-Werror-implicit-function-declaration` to match - autotools. - - - move `-Wpointer-bool-conversion` from autotools to the local file - (`sectransp.c`) it was meant to apply. This way it applies to all - build methods. - - - autotoos: show `CURL_CFLAG_EXTRAS` in the `./configure` summary. - (it may contain `-Werror` and/or `-pedentic-errors`.) - - Cherry-picked from #14097 - Closes #14128 - -- CI: simplify running curl with DLLs - - - update `PATH` instead of copying DLLs around. - - drop redundant `export` from `export PATH`. - - delete ending pathseps. - - Closes #14143 - -Alex Snast (9 Jul 2024) - -- wolfssl: use larger error buffer when formatting errors - - Currently we're using WOLFSSL_MAX_ERROR_SZ to define the error buffer - size, this value is user defined which means it can be overwritten with - -DWOLFSSL_MAX_ERROR_SZ=512 when building wolfssl and this overwrite is - not exported to the users of wolfssl. - - Instead of relying on WOLFSSL_MAX_ERROR_SZ we'll just use a 256 bytes - error buffer and use wolfSSL_ERR_error_string_n to fill it thus dropping - the dependency on WOLFSSL_MAX_ERROR_SZ altogether. - - Closes #14114 - -Viktor Szakats (9 Jul 2024) - -- CI: bump FreeBSD Python packages - - Closes #14141 - -- GHA/curl-for-win: don't run if only another CI was changed - - Closes #14142 - -Daniel Stenberg (9 Jul 2024) - -- RELEASE-NOTES: synced - -Stefan Eissing (9 Jul 2024) - -- vtls: replace addsessionid with set_sessionid - - - deduplicate the code in many tls backends that check - for an existing id and delete it before adding the new one - - rename ssl_primary_config's `sessionid` bool to `cache_session` - - Closes #14121 - -Daniel Stenberg (9 Jul 2024) - -- test1175: scan libcurl-errors.md, not the generated .3 version - - Closes #14133 - -- test1139: scan .md files instead of .3 ones - - As they are the canonical sources. - - It still uses the curl.1 for command line option info. - - Closes #14132 - -Stefan Eissing (9 Jul 2024) - -- cf-socket: remove obsolete recvbuf - - - recvbuf was never enabled, remove all its code - - remove `fdsave`ing the socket as that is not longer needed - - Closes #14138 - -Viktor Szakats (9 Jul 2024) - -- test1119: adapt for `.md` input - - Replace logic dealing with `.3` files to handle the Markdown syntax. - - Follow-up to eefcc1bda4bccd800f5a56a0fe17a2f44a96e88b #12730 - Cherry-picked from #14097 - Closes #14125 - -- tests: include current directory when running test Perl commands - - Necessary to find generated files in the out-of-tree build directory. - E.g. `tests/configurehelp.pm`, for tests 1119 and 1167. - - Before this patch macOS autotools builds were failing these two tests - due to falling back to the default preprocessor (`cpp`) instead of - the actual one configured. Then `cpp` failing to compile Apple SDK - headers referenced by curl headers. - - Cherry-picked from #14097 - Closes #14124 - -- configure: sort feature list, lowercase protocols, use backticks - - - sort features case-insensitively to match `curl -V` and cmake. - `sort -f` is POSIX, but check if it's available anyway. - - - make protocols lowercase to match `curl -V` and cmake. - - - replace two outlier `$()` with backticks. - - Closes #14117 - -Yedaya Katsman (8 Jul 2024) - -- variable.md: make example use expand - - I used double quotes since it seemed required for powershell, so this - example works in both (ba)sh and powershell as well as cmd.exe. - - Closes #14118 - -Andy Reitz (8 Jul 2024) - -- GIT-INFO.md: remove version requirements - - Keep them in docs/INTERNALS.md - - Bump lowest perl to 5.8 - - Closes #14112 - -Viktor Szakats (8 Jul 2024) - -- sectransp: fix `HAVE_BUILTIN_AVAILABLE` checks to not emit warnings - - `HAVE_BUILTIN_AVAILABLE` is a curl macro set via autotools and cmake. - Like other `HAVE_`s it signals availability if defined. - - SecureTransport code was specifically looking for the value 1, which - triggered compiler warnings when the feature was not present. - - Replace the existing workaround of locally suppressing the compiler - warning with using `defined()`. - - autotools: - ``` - 767 | #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILAB - LE == 1 - | ^~~~~~~~~~~~~~~~~~ - ~~~~ - ../../lib/vtls/sectransp.c: In function 'sectransp_connect_step1': - ../../lib/vtls/sectransp.c:1140:52: error: "HAVE_BUILTIN_AVAILABLE" is not de - fined, evaluates to 0 [-Werror=undef] - 1140 | #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAIL - ABLE == 1 - | ^~~~~~~~~~~~~~~~~~ - ~~~~ - ../../lib/vtls/sectransp.c:1240:52: error: "HAVE_BUILTIN_AVAILABLE" is not de - fined, evaluates to 0 [-Werror=undef] - 1240 | #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAIL - ABLE == 1 - | ^~~~~~~~~~~~~~~~~~ - ~~~~ - ../../lib/vtls/sectransp.c: In function 'sectransp_connect_step2': - ``` - Ref: https://github.com/curl/curl/actions/runs/9815428701/job/27104448045#ste - p:6:499 - - cmake gcc: - ``` - 1140 | #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAIL - ABLE == 1 - | ^~~~~~~~~~~~~~~~~~ - ~~~~ - /Users/runner/work/curl/curl/lib/vtls/sectransp.c:1240:52: error: "HAVE_BUILT - IN_AVAILABLE" is not defined, evaluates to 0 [-Werror=undef] - 1240 | #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAIL - ABLE == 1 - | ^~~~~~~~~~~~~~~~~~ - ~~~~ - /Users/runner/work/curl/curl/lib/vtls/sectransp.c: In function 'sectransp_con - nect_step2': - /Users/runner/work/curl/curl/lib/vtls/sectransp.c:2231:51: error: "HAVE_BUILT - IN_AVAILABLE" is not defined, evaluates to 0 [-Werror=undef] - 2231 | #if(CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILA - BLE == 1 - | ^~~~~~~~~~~~~~~~~~~ - ~~~ - ``` - Ref: https://github.com/curl/curl/actions/runs/9815428701/job/27104445425#ste - p:8:355 - - Cherry-picked from #14097 - Closes #14122 - -- examples: suppress deprecation warnings locally - - Simplify making clean builds by silencing deprecation warnings inside - the example code where these may occur. - - Drop related build tweaks/comments from GHA jobs. - - Example warning: - ``` - curl/docs/examples/postit2-formadd.c:65:16: error: 'CURLFORM_COPYNAME' is dep - recated: since 7.56.0. Use curl_mime_name() [-Werror=deprecated-declarations] - 65 | CURLFORM_COPYNAME, "sendfile", - | ^~~~~~~~~~~~~~~~~ - ``` - Ref: https://github.com/curl/curl/actions/runs/9841099503/job/27166970904#ste - p:10:829 - - Closes #14123 - -- GHA/macos: bump parallel tests to -j5 - - Credit-to: Dan Fandrich - Cherry-picked from #11510 #14097 - -- GHA/windows: usability improvements - - - move `curl --version` into separate step. - - - move configure log to separate step. Run on success, too. - - - add step with `curl_config.h` dump (full and brief/sorted). - - - make `autoreconf` a separate step. - - - add each job configuration a short name. - - - shorten job names. - Dedupe/drop redundant info, introduce abbreviations: - AM = autotools, CM = CMake, U = Unicode, R = Release, not -> `!`, etc. - Instead of mentioning `debug`, mentioned when it's not. - - - simplify `PATH` forming for MSVC jobs. - It's sufficient to add the release binary directory of vcpkg, the debug one - is redundant. - Follow-up to e26cbe20cbedbea0ca743dd33880517309315cb2 #13979 - - - other minor tidy-ups. - - Closes #14116 - -- GHA/macos: delete misplaced `CFLAGS`, drop redundant CMake option - - With macOS there is a long-term struggle with deprecation warnings. - In curl they occur with LDAP, SecureTransport and in docs/examples. - - There are three ways to fix them: - - by CFLAGS `-Wno-deprecated-declarations` as a workaround. - - by CFLAGS `-mmacosx-version-min` set to a version where the the - feature was not deprecated. - - by CMake option `-DCMAKE_OSX_DEPLOYMENT_TARGET=`. - - In GHA CMake jobs, all three were used, and `-mmacosx-version-min` was - set in a bogus way. Delete that bogus option, and delete the lone, - redundant CMake option too. - - In a future commit I might replace the suppression option to properly - setting the target OS. - - Follow-up to dfdd978f7c60224dffe2aac25b436dc0a5cd0186 #13491 - Cherry-picked from #14097 - -- macos: add workaround for gcc, non-c-ares, IPv6, compile error - - Apple macOS SDK 13.0 and later are increasingly incompatible with gcc, - which started causing CI errors with the 20240701.9 revision of the - `macos-latest` (= `macos-14-arm64`) runner image. - - This error is happening inside an Apple SDK header. We use the header - for calling a function in a resolver-related hack, in non-c-ares, IPv6 - builds. You can avoid the problem by using c-ares or disabling IPv6 - (or using clang, llvm, or a compatible gcc + SDK combination). - - This patch fixes affected builds by declaring the ncessary framework - function manually, and not including the problematic header. - - This workaround is ugly, doesn't cover all combinations, and fragile. - - Other options are to disable this resolver-related hack for GCC, or to - replace it with a solution that doesn't rely on Apple SDK. - - If you are aware of a stable fix or workaround, let us know. - - gcc 12.4.0 + macOS SDK 14.0 (Xcode 15.0.1) error example: - ``` - In file included from /Applications/Xcode.app/Contents/Developer/Platforms/Ma - cOSX.platform/Developer/SDKs/MacOSX14.0.sdk/System/Library/Frameworks/CoreFou - ndation.framework/Headers/CoreFoundation.h:54, - from /Applications/Xcode.app/Contents/Developer/Platforms/Ma - cOSX.platform/Developer/SDKs/MacOSX14.0.sdk/System/Library/Frameworks/SystemC - onfiguration.framework/Headers/SCDynamicStoreCopySpecific.h:30, - from /Users/runner/work/curl/curl/lib/macos.c:33, - from /Users/runner/work/curl/curl/build/lib/CMakeFiles/libcu - rl_shared.dir/Unity/unity_0_c.c:244: - /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Develope - r/SDKs/MacOSX14.0.sdk/System/Library/Frameworks/CoreFoundation.framework/Head - ers/CFUserNotification.h:126:1: error: attributes should be specified before - the declarator in a function definition - 126 | CF_INLINE CFOptionFlags CFUserNotificationCheckBoxChecked(CFIndex i) - API_AVAILABLE(macos(10.0)) API_UNAVAILABLE(ios, watchos, tvos) {return ((CFOp - tionFlags)(1UL << (8 + i)));} - | ^~~~~~~~~ - /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Develope - r/SDKs/MacOSX14.0.sdk/System/Library/Frameworks/CoreFoundation.framework/Head - ers/CFUserNotification.h:127:1: error: attributes should be specified before - the declarator in a function definition - 127 | CF_INLINE CFOptionFlags CFUserNotificationSecureTextField(CFIndex i) - API_AVAILABLE(macos(10.0)) API_UNAVAILABLE(ios, watchos, tvos) {return ((CFOp - tionFlags)(1UL << (16 + i)));} - | ^~~~~~~~~ - /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Develope - r/SDKs/MacOSX14.0.sdk/System/Library/Frameworks/CoreFoundation.framework/Head - ers/CFUserNotification.h:128:1: error: attributes should be specified before - the declarator in a function definition - 128 | CF_INLINE CFOptionFlags CFUserNotificationPopUpSelection(CFIndex n) A - PI_AVAILABLE(macos(10.0)) API_UNAVAILABLE(ios, watchos, tvos) {return ((CFOpt - ionFlags)(n << 24));} - | ^~~~~~~~~ - ``` - Ref: https://github.com/curl/curl/actions/runs/9787982387/job/27025351601?pr= - 14096#step:7:18 - - The exact conditions are fuzzy. Oddly enough gcc 12.3.0 and the SDK - same as above are _compatible_: - https://github.com/curl/curl/actions/runs/9791701214/job/27036037162 - - Also notice that similar errors can also happen in SecureTransport - builds, due to the SDK headers required. - - Ref: https://github.com/curl/curl/pull/14097#issuecomment-2208639046 - Ref: https://github.com/curl/curl/pull/14091#issuecomment-2205870854 - Cherry-picked from #14097 - Closes #14119 - -- cmake: feature casing fix and tidy-ups - - - fix casing of a feature (`Unicode`) in the feature list. - - sort TLS backends case-insensitively. - - sync feature/protocol list heading with `curl -V` and autotools. - - Closes #14120 - -- GHA: ignore FTP test result in Windows jobs - - They are flaky. - - E.g.: - - old-mingw-w64 7.3.0: 2001, 2039, 2083 - - msvc: 1501, 593 (multiple) - - Ref: https://github.com/curl/curl/pull/13599#issuecomment-2119372376 - Cherry-picked from #14116 - -- GHA: improve vcpkg cache, add BoringSSL ECH and LibreSSL MSVC jobs - - - cache on a per-package basis. - Replace manual caching with a built-in solution. It shares cached - package builds between jobs, e.g. libssh2 only builds once - per platform (instead of once per job). Individual packages are built - as needed (not the whole per-job tree). It also fixes the duplicate - cache entry issues. - Ref: https://learn.microsoft.com/en-us/vcpkg/consume/binary-caching-github- - actions-cache - Follow-up to e26cbe20cbedbea0ca743dd33880517309315cb2 #13979 - Follow-up to cb22cfca69bded45bf7f9c72c8e6764990490f11 #14077 - - - add BoringSSL job with ECH enabled. The first such job in the curl CI. - - - add LibreSSL job. - - - use vcpkg pre-installed on the runner image, instead of rolling our - own. This is quicker, simpler and more robust. - Follow-up to e26cbe20cbedbea0ca743dd33880517309315cb2 #13979 - - - show pre-installed vcpkg and ports version. - - - drop `gsasl` dependency till it reaches the pre-installed vcpkg ports. - - - re-add `find .` to see the binaries generated. - - - simplify setting up `PATH`. - - - exclude failing tests for any job enabling WinIDN. - - - drop collecting and uploading log archives. We already dump CMake - logs, and our build doesn't use Ninja. Rest of files weren't generated - by the curl build. We don't aim to debug vcpkg package builds. - - Closes #14090 - -Tal Regev (7 Jul 2024) - -- GHA: add MSVC UWP job, expand jobs with more options - - - add new dependencies: brotli, libpsl (requires libicu2) and gsasl. - - - enable WinIDN in a job. Exclude failing tests. - - - add UWP job and fix the build logic to support it. - - - increase timeouts to build the new dependencies. - - Assisted-by: Viktor Szakats - Closes #14077 - -Dan Fandrich (6 Jul 2024) - -- tests: fix sshd UserKnownHostsFile path for MinGW/Cygwin - - This is the same thing as the previous commit fd194f46 but on the next - line. - - Follow-up to 70d2fca2 - - Ref: #10818 - -- tests: fix sshd IdentityFile path for MinGW/Cygwin - - This was missed during some refactoring more than a year ago and is - causing a warning "Use of uninitialized value $path in pattern match". - - Follow-up to 70d2fca2 - - Ref: #10818 - Closes #14113 - -Viktor Szakats (7 Jul 2024) - -- build: add Debug, TrackMemory, ECH to feature list - - Also: - - - remove stray `ECH` and `HTTPSRR` from cmake protocol list. - - - stop excluding `Debug` and `TrackMemory` in `test1013.pl`. - - - configure: delete `CURL_CHECK_CURLDEBUG` check. - Ref: 065047dc62cba3efde597fa5420d112fc2f4c500 - This check was effectively doing nothing, except disabling - `--enable-curldebug` in `curl-config` for - Cygwin/MSYS/cegcc/OS2/AIX targets with c-ares enabled. - - Closes #14096 - -Dan Fandrich (5 Jul 2024) - -- CI: bump the libc6 on the linux-old build - - This contains some security fixes for nscd. - -Viktor Szakats (6 Jul 2024) - -- reuse: fix typo in comment - - Follow-up to 9104bad82004d908e1fe66a425f8ca78f975045d #14107 - -Dan Fandrich (5 Jul 2024) - -- CI: Fix typo in comment - -- curl: follow-up to fix categories in --help - - The commit 6483813b was missing changes necessitated by 2abfc75 that - causes a crash. Also, use ARRAYSIZE() for cleaner code. - - Follow-up to 6483813b - - Ref #14055 - -- curl: list categories in --help - - This eliminates the need to run an extra help subcommand to get the - possible categories, reducing the friction in getting relevant help. The - help wording was also slightly tweaked for grammatical accuracy. - - Closes #14055 - -Daniel Stenberg (5 Jul 2024) - -- RELEASE-NOTES: synced - -renovate[bot] (5 Jul 2024) - -- GHA: update actions/upload-artifact and actions/download-artifact - - update actions/upload-artifact digest to 0b2256b - update actions/download-artifact digest to fa0a91b - - Closes #14111 - Closes #14110 - -Max Mehl (5 Jul 2024) - -- reuse: switch to REUSE 3.2 and REUSE.toml - - - remove scripts/copyright.pl - - Closes #14107 - -Yedaya Katsman (5 Jul 2024) - -- curl: move more options to deprecated category - - --no-npn, --sslv2, --sslv3 - - Closes #14109 - -Stefan Eissing (5 Jul 2024) - -- multi: pollset assertion only when IP connected - - Give warning for an empty pollset only when the connection has at least - IP connectivity. There are cases where the connect in QUIC makes another - attempt on a timeout and no socket will be available during that. - - Closes #14108 - -Daniel Stenberg (5 Jul 2024) - -- cmdline-opts: category cleanup - - Option cleanups: - - --get is not upload - --form* are post - - added several options into ldap, smtp, imap and pop3 - - shortened the category descriptions in the list - - category curl fixes: - - --create-dirs removed from 'curl' - --ftp-create-dirs removed from 'curl' - --netrc moved to 'auth' from 'curl' - --netrc-file moved to 'auth' from 'curl' - --netrc-optional moved to 'auth' from 'curl' - --no-buffer moved to 'output' from 'curl' - --no-clobber removed from 'curl' - --output removed from 'curl' - --output-dir removed from 'curl' - --remove-on-error removed from 'curl' - - Add a "global" category: - - - Made all "global" options set this category - - Add a "deprecated" category: - - - Moved the deprecated options to it (maybe they should not be in any - category long term) - - Add a 'timeout' category - - - Put a number of appropriate options in it - - Add an 'ldap' category - - - Put the LDAP related option in there - - Remove categories "ECH" and "ipfs" - - - They should not be categories. Had only one single option each. - - Remove category "misc" - - - It should not be a category as it is impossible to know when to browse - it. - - --use-ascii moved to ftp and output - --xattr moved to output - --service-name moved to auth - - Managen fixes: - - - errors if an option is given a category name that is not already setup - for in code - - - verifies that options set `scope: global` also is put in category - `global´ - - Closes #14101 - -Stefan Eissing (5 Jul 2024) - -- GHA: configure OpenSSL's libdir as 'lib' only - - Also mention in HTTP3.md - - OpenSSL has a bug that messes the config `--libdir=path` to become the - wrong path in its pkgconfig files. If we just pass `--libdir=lib` it - should avoid this. - - Ref: #14099 - See also: https://github.com/openssl/openssl/issues/23569 - - Closes #14102 - -Daniel Stenberg (5 Jul 2024) - -- tool_operate: simplify return code handling from url_proto() - - The additional checks were superfluous as it would only ever return - error if one of those protocols were set. Also: a returned error - *should* mean get out of there, without having to check more conditions. - - Closes #14104 - -- tool_operate: check for --disable case *sensitively* - - curl command line options are specified with the correct casing or they - don't match - - Closes #14103 - -Stefan Eissing (4 Jul 2024) - -- transfer: avoid polling socket every transfer loop - - Improve download performance, minimal effort. - - Do not poll the socket for pending data every transfer loop iteration. - This gives 10-20% performance gains on large HTTP/1.1 downloads (on my - machine). - - Closes #14098 - -Viktor Szakats (4 Jul 2024) - -- tests: delete `CharConv` remains - - Closes #14100 - -- GHA: bump macOS CMake job parallelism to 4 (nproc+1) [ci skip] - - To match autotools ones and the rest of workflows. - - Follow-up to 464282ddfb214917be3d143c035f178f3b77f209 #13807 - -Yedaya Katsman (4 Jul 2024) - -- help: add flags to output and ssh categories - - - Add --output, --remove-on-error, --output-dir and --created-dirs to - the output help category - - - Add --hostpubmd5, --hostpubsha256, --insecure (-k), and --pubkey to - the ssh help category - - Closes #14076 - -Stefan Eissing (4 Jul 2024) - -- TODO: remove item about 'SSL_peak' - - GnuTLS todo item about using an equivalent of `SSL_peak()`, which - nicely escaped the word checks, is no longer relevant. - - We do not use `SSL_peek()` anymore since connection filters were - introduced. - - Closes #14091 - -renovate[bot] (4 Jul 2024) - -- GHA: update dependency gnutls/gnutls to v3.8.6 - - Closes #14094 - -- GHA: update fsfe/reuse-action action to v4 - - Closes #14095 - -Viktor Szakats (3 Jul 2024) - -- GHA: Windows job exclusions tweaks - - - disable SMTP tests in MSYS2/mingw-w64 and MSVC jobs. - On the suspicion of sometimes hanging: - https://github.com/curl/curl/actions/runs/9346162475/job/25720437944?pr=138 - 55#step:14:2838 - https://github.com/curl/curl/actions/runs/9758011305/job/26931678639?pr=140 - 84#step:14:2834 - https://github.com/curl/curl/actions/runs/9774468536/job/26982805294#step:1 - 1:4731 - - - run TFTP, MQTT, WebSockets tests in MSYS2/msys jobs again. - - - switch hanging old-mingw-w64 7.3.0 job to Release (from Debug). - Guessing here, 9.5.0 is more solid, and one difference is - Debug/Release mode. Let's match 7.3.0 with that and see how it changes - hangs and flakiness. - The other difference is Unicode ON in 7.3.0. Flaky 6.3.0 was also - Debug, with Unicode OFF: - 217878bade884202ee5fb2e80186c5fd130392e8 #13566. - (Unicode unlikely to play a role here IMO.) - If 7.3.0 keeps hanging / remains flaky I'll consider disabling its - test runs. - - - opt-out from vcpkg telemetry. - - Ref: https://github.com/curl/curl/pull/13599#issuecomment-2119372376 - Closes #14085 - -renovate[bot] (3 Jul 2024) - -- Dockerfile: update debian:bookworm-slim to 39868a6 - - Closes #14083 - -Daniel Stenberg (3 Jul 2024) - -- FEATURES.md: refresh - - - added lots of missing stuff - - rearranged a little - - remove all footnotes - - Closes #14086 - -- RELEASE-NOTES: synced - -- curl_easy_perform.md: call it network transfer, not file transfer - -Viktor Szakats (2 Jul 2024) - -- winbuild: MS-DOS batch tidy-ups - - - prefer `.bat` extension over `.cmd` for MS-DOS batch, which also - avoids confusion with OS/400 `.cmd` files. - - cleanup `echo` quotes, drop them consistently. - - delete empty output line from one of the error branches. - - prefer lowercase commands like the rest of MS-DOS batches. - - delete a contraction. - - drop backticks from error message. - - use `nmake.exe` consistently. - - use equal/not-equal operator style consistently. - - inline a single-line `if` branch. - - delete exceptions and rules dealing with Windows `.cmd` extension. - - Closes #14084 - -Stefan Eissing (2 Jul 2024) - -- multi: fix pollset during RESOLVING phase - - - add a DEBUGASSERT for when a transfer's pollset should not be empty. - - move write unpausing from transfer loop into curl_easy_pause. This - make sure that the url_updatesocket() finds the correct state when - updating socket events. - - fix HTTP/2 proxy during connect phase to set sockets correctly - - fix test2600 to simulate a socket set - - move write unpausing from transfer loop into curl_easy_pause. This - make sure that the url_updatesocket() finds the correct state when - updating socket events. - - waiting for the resolver to deliver might not involve any sockets to - wait for. Do not generate a warning. - - Fixes #14047 - Closes #14074 - -Daniel Stenberg (2 Jul 2024) - -- cmdline-opts: shorten six help texts - - o --location-trusted - o --next - o --parallel-immmediate - o --pinnedpubkey - o --proxy-pass - o --proxy-ssl-allow-beast - - Closes #14075 - -- managen: fix removing backticks from subtitles - - It erroneously removed them from the wrong variable. - - Closes #14081 - -Viktor Szakats (2 Jul 2024) - -- cmake: show protocols, then features - - To match the order used by `curl -V` and `./configure`. - - Closes #14082 - -- cmdline-docs: fix `--proxy-ca-native` example + tidy-ups - - Also: - - fix an indentation. - - fix capitalized option in comment. - - Closes #14078 - -- cmake: sync protocol/feature list with `curl -V` output - - - sort features case-insensitively. - Requires CMake v3.13.0. - Follow-up to 0f26abeef1dd1d1a02f8e12dbc3d51e73e9d2e9c #14063 - - - convert protocol list to lowercase. - But leave it uppercase in `curl-config`. - - Closes #14066 - -- GHA/badwords.yml: fixup indent for yamllint [ci skip] - -renovate[bot] (1 Jul 2024) - -- GHA: update dependency awslabs/aws-lc to v1.31.0 - - Closes #14080 - -Daniel Stenberg (1 Jul 2024) - -- GHA/badwords.yml: check source code wording - - Closes #14073 - -- code: language cleanup in comments - - Based on the standards and guidelines we use for our documentation. - - - expand contractions (they're => they are etc) - - host name = > hostname - - file name => filename - - user name = username - - man page => manpage - - run-time => runtime - - set-up => setup - - back-end => backend - - a HTTP => an HTTP - - Two spaces after a period => one space after period - - Closes #14073 - -Yedaya Katsman (1 Jul 2024) - -- docs: add RELEASE-TOOLS.md.dist to .gitignore - - Closes #14079 - -Viktor Szakats (1 Jul 2024) - -- libcurl.pc: add more `Requires.private`/`Requires` dependencies - - - add `libmsh3` reference from cmake and autotools. - - - add `mit-krb5-gssapi` reference from cmake. - - It leaves GSS not set from autotools. The handling of heimdal in cmake - is fuzzy, that's probably missing too. - - Follow-up to f057de5a1a950a90d1920021db152a4b695f1a8a #13911 - Closes #14072 - -- cmake: improve wolfSSL detection - - - support detecting wolfSSL via pkg-config (like autotools.) - - - detect wolfSSL version. - - - detect `HAVE_WOLFSSL_DES_ECB_ENCRYPT`. - (needs e.g. `--enable-curl` when building wolfSSL) - - - detect `HAVE_WOLFSSL_FULL_BIO` and enable HTTPS-proxy feature. - (needs e.g. `--enable-opensslall` when building wolfSSL) - - - fix to show `HTTPS-proxy` in cmake feature list. - Ref: 55807e6c056f27846d70cec70ee6ac3f0e5b3bbe #9962 - - - fix to show `NTLM` in cmake feature list. - - - fix to show `smb` and `smbs` in cmake protocol list. - - - add wolfSSL CMake job to GHA (for macOS). - - - fix mqtt and wolfSSL symbol clash. - ``` - ./curl/lib/mqtt.c: In function 'mqtt_doing': - ./curl/lib/mqtt.c:746:17: error: declaration of 'byte' shadows a global dec - laration [-Werror=shadow] - 746 | unsigned char byte; - | ^~~~ - /opt/homebrew/Cellar/wolfssl/5.7.0_1/include/wolfssl/wolfcrypt/types.h:85:3 - 6: note: shadowed declaration is here - 85 | typedef unsigned char byte; - | ^~~~ - ``` - - - format `FindWolfSSL.cmake` closer to neighbours. - - Closes #14064 - -Daniel Stenberg (1 Jul 2024) - -- curl_url_set: elaborate on scheme guessing - - Explain a little more and refer to the CURLU_NO_GUESS_SCHEME flag - for getting scheme or URL. - - Closes #14071 - -- docs: misc language polish - - - CURLINFO_FILETIME*: improve language - - add '32bit' and '64bit' as bad words, use 32-bit and 64-bit - - mksymbolsmanpage.pl: avoid "will" - - Closes #14070 - -- curl_easy_escape: elaborate a little on encoding a URL - - Closes #14069 - -Viktor Szakats (1 Jul 2024) - -- cmake: fix feature and protocol lists for SecureTransport - - NTLM was missing from the features list, and SMB/SMBS from - the protocols list in SecureTransport builds. - - Follow-up to 76a9c3c4be10b3d4d379d5b23ca76806bbae536a #3619 - - Reported-by: Tal Regev - Bug: https://github.com/curl/curl/pull/13963#issuecomment-2178791390 - Closes #14065 - -Daniel Stenberg (1 Jul 2024) - -- curl_str[n]equal.md: tidy up text to make them stand-alone - - Previously this was one single manpage for two functions but as they are - two separate ones since a while back, they should each clearly document - their single specific functions. - - Follow-up to eefcc1bda4bc - - Closes #14068 - -- RELEASE-NOTES: synced - -Tal Regev (30 Jun 2024) - -- GHA: use vcpkg to install packages for MSVC jobs - - - enable new dependencies for existing jobs. - - - add cache for vcpkg packages. - - - tidy-up CMake options and environment for vcpkg. - - Closes #13979 - -Daniel Stenberg (30 Jun 2024) - -- curl_mprintf.md: add missing comma - -- CURLOPT_TLSAUTH_PASSWORD/USERNAME.md: language fixups - - - relies *on* TLS SRP - - *for* the specific TLS backends - - Closes #14061 - -- docs/libcurl: polish the single-line descriptions - - - use imperative form - - use lowercase - - no period - - unify some phrases - - fix curl_multi_socket and curl_multi_socket_all to keep their own - descriptions - - Closes #14062 - -Viktor Szakats (30 Jun 2024) - -- cmake: alpha-sort feature list - - Like autotools does. - - Closes #14063 - -renovate[bot] (29 Jun 2024) - -- GHA: update github/codeql-action digest to b611370 - - Closes #14058 - -Tatsuhiro Tsujikawa (29 Jun 2024) - -- vquic: fix UDP_GRO struct cmsghdr data type - - The data type for UDP_GRO in struct cmsghdr is int. Limit the usage of - UDP_GRO to linux only because it is not portable. - - Closes #14056 - -Sertonix (29 Jun 2024) - -- mk-ca-bundle.pl: delay 'curl -V' execution until it is needed - - Avoid an `Can't exec "curl"` message when curl is not actually needed. - - Closes #14060 - -Daniel Stenberg (29 Jun 2024) - -- src/Makefile.am: remove SUBDIRS assignment - - It was once used to continue into ../docs but is just leftovers now. - - Closes #14054 - -z2_ (28 Jun 2024) - -- x509asn1: remove superfluous free() - -Stefan Eissing (28 Jun 2024) - -- ngtcp2+quictls: fix cert-status use - - - add test for --cert-status on all http versions - - Reported-by: Dexter Gerig - Fixes #14049 - Closes #14050 - -Daniel Stenberg (28 Jun 2024) - -- RELEASE-PROCEDURE.md: update release date - -- managen: insert final .fi for files ending with a quote - - When an individual file ended with a quote (typically an example), the - render function would return without ending the quote correctly with a - ".fi" (fill in) in the manpage output. - - This made the additional text provided below to render wrongly. - - Closes #14048 - -Junho Choi (28 Jun 2024) - -- quic: update to quiche 0.22.0 - - quiche 0.22.0 will set SONAME in libquiche.so (libquiche.so.0) for - linux/BSDs. Install a symlink with SONAME. - - Closes #14030 - Closes #14046 - -Daniel Stenberg (28 Jun 2024) - -- managen: introduce "Multi: per-URL" - - For -O, -o and -T that are used once per specified URL. - - Closes #14045 - -- quiche: fix operand of ‘?:’ changes signedness - - ... from ‘int’ to ‘curl_uint64_t’ - - Closes #14041 - -- GHA: add --enable-werror to the quiche job - - Closes #14041 - -- KNOWN_BUGS: three new bugs - - These have lingered in the issue tracker for a long time without action. - We don't expect any fixes in the near term either. Move them to the - KNOWN_BUGS document. - - Closes #12177 - Closes #12171 - Closes #13350 - - Closes #14042 - -Viktor Szakats (27 Jun 2024) - -- CI: add whitespace checker - - Fix issues detected. - - Also: - - - One of the `.vc` files used LF EOLs, while the other didn't. - Make that one also use LF EOLs, as this is apparently supported by - `nmake`. - - - Drop `.dsw` and `.btn` types from `.gitattributes`. - The repository doesn't use them. - - - Sync section order with the rest of files in - `tests/certs/EdelCurlRoot-ca.prm`. - - - Indent/align `.prm` and `.pem` files. - - - Delete dummy `[something]` section from `.prm` and `.pem` files. - - Mental note: - MSVC `.sln` files seem to accept spaces for indentation and also support - LF line-endings. I cannot test this and I don't know what's more - convenient when updating them, so left them as-is, with specific - exclusions. - - Closes #14031 - -- CI: fix typo in job name - - Closes #14040 - -Stefan Eissing (27 Jun 2024) - -- tests/httpd: adjust ReadBufferSize for better performance - - - list httpd and caddy versions in scorecard run - - Closes #14039 - -Daniel Stenberg (27 Jun 2024) - -- runtests: fix %VERNUM - - It needs to be set to the leading digits and dots only, so that the - `-[date]` suffix strings are not included, as those used in the daily - snapshots. - - Fixes #14035 - Reported-by: Marcel Raad - Closes #14036 - -Philip Heiduck (27 Jun 2024) - -- CI/synopsis.yml: run on `.md` files - - Reported-by: Viktor Szakats - Fixes #14032 - Closes #14037 - -Daniel Stenberg (27 Jun 2024) - -- verify-synopsis.pl: work with .md files - - Ref: #14037 - Closes #14038 - -- conncache: done always evaluates to false - - Follow-up to c9b95c0bb30f88bf00e1ac - - Spotted by CodeSonar - - Reviewed-by: Stefan Eissing - Closes #14034 - -- lib: add a few DEBUGASSERT(data) to aid code analyzers - - ... where 'data' is assumed to always work. - - Closes #14033 - -- RELEASE-NOTES: synced - -Viktor Szakats (26 Jun 2024) - -- tidy-up: use `/usr/bin/env perl` shebang - - Most Perl scripts already used it. Sync up the few outliers. - - Closes #14029 - -Stefan Eissing (26 Jun 2024) - -- quic: openssl quic, cmake and doc version update to 3.3.0 - - Closes #14028 - -- http/3: add shutdown support - - - openssl-quic shutdown handling - - ngtcp2 shutdown handling - - quiche shutdown handling - - add test_19_06 for verfication - - Reported-by: Dexter Gerig - Closes #14027 - Fixes #14022 - -Daniel Stenberg (26 Jun 2024) - -- tests: verify managen - - 1705: verifies the manpage output - - 1706: verifies the ascii output - - Closes #14025 - -- runtests: support %DATE for YYYY-MM-DD of right now - -- runtests: support %VERNUM - - For the plain version number of the built curl without -DEV etc. Only - digits and dots. - -- managen: only output .RE for manpage output - - For ascii they are just rubbish. - - Closes #14025 - -Tatsuhiro Tsujikawa (26 Jun 2024) - -- quic: enable UDP GRO - - Closes #14012 - -Stefan Eissing (26 Jun 2024) - -- quic: require at least OpenSSL 3.3 for QUIC - - - when checking for QUIC support in OpenSSL, also check - for it being at least 3.3.0 - - remove workarounds for features buggy or missing in 3.2 - - Closes #14026 - -Daniel Stenberg (26 Jun 2024) - -- FILEFORMAT.md: mentioned for "client" - - They can be used to create more files. - - Closes #14024 - -Marcel Raad (26 Jun 2024) - -- system_win32: add missing curl.h include - - It's required for `CURLcode`. - - Closes https://github.com/curl/curl/pull/14019 - -Daniel Stenberg (26 Jun 2024) - -- TODO: specify which response codes that make -f/--fail return error - - Suggestion from the user survey 2024 - - Closes #14020 - -Stefan Eissing (26 Jun 2024) - -- lib: graceful connection shutdown - - When libcurl discards a connection there are two phases this may go - through: "shutdown" and "closing". If a connection is aborted, the - shutdown phase is skipped and it is closed right away. - - The connection filters attached to the connection implement the phases - in their `do_shutdown()` and `do_close()` callbacks. Filters carry now a - `shutdown` flags next to `connected` to keep track of the shutdown - operation. - - Filters are shut down from top to bottom. If a filter is not connected, - its shutdown is skipped. Notable filters that *do* something during - shutdown are HTTP/2 and TLS. HTTP/2 sends the GOAWAY frame. TLS sends - its close notify and expects to receive a close notify from the server. - - As sends and receives may EAGAIN on the network, a shutdown is often not - successful right away and needs to poll the connection's socket(s). To - facilitate this, such connections are placed on a new shutdown list - inside the connection cache. - - Since managing this list requires the cooperation of a multi handle, - only the connection cache belonging to a multi handle is used. If a - connection was in another cache when being discarded, it is removed - there and added to the multi's cache. If no multi handle is available at - that time, the connection is shutdown and closed in a one-time, - best-effort attempt. - - When a multi handle is destroyed, all connection still on the shutdown - list are discarded with a final shutdown attempt and close. In curl - debug builds, the environment variable `CURL_GRACEFUL_SHUTDOWN` can be - set to make this graceful with a timeout in milliseconds given by the - variable. - - The shutdown list is limited to the max number of connections configured - for a multi cache. Set via CURLMOPT_MAX_TOTAL_CONNECTIONS. When the - limit is reached, the oldest connection on the shutdown list is - discarded. - - - In multi_wait() and multi_waitfds(), collect all connection caches - involved (each transfer might carry its own) into a temporary list. - Let each connection cache on the list contribute sockets and - POLLIN/OUT events it's connections are waiting for. - - - in multi_perform() collect the connection caches the same way and let - them peform their maintenance. This will make another non-blocking - attempt to shutdown all connections on its shutdown list. - - - for event based multis (multi->socket_cb set), add the sockets and - their poll events via the callback. When `multi_socket()` is invoked - for a socket not known by an active transfer, forward this to the - multi's cache for processing. On closing a connection, remove its - socket(s) via the callback. - - TLS connection filters MUST NOT send close nofity messages in their - `do_close()` implementation. The reason is that a TLS close notify - signals a success. When a connection is aborted and skips its shutdown - phase, the server needs to see a missing close notify to detect - something has gone wrong. - - A graceful shutdown of FTP's data connection is performed implicitly - before regarding the upload/download as complete and continuing on the - control connection. For FTP without TLS, there is just the socket close - happening. But with TLS, the sent/received close notify signals that the - transfer is complete and healthy. Servers like `vsftpd` verify that and - reject uploads without a TLS close notify. - - - added test_19_* for shutdown related tests - - test_19_01 and test_19_02 test for TCP RST packets - which happen without a graceful shutdown and should - no longer appear otherwise. - - add test_19_03 for handling shutdowns by the server - - add test_19_04 for handling shutdowns by curl - - add test_19_05 for event based shutdowny by server - - add test_30_06/07 and test_31_06/07 for shutdown checks - on FTP up- and downloads. - - Closes #13976 - -Daniel Stenberg (25 Jun 2024) - -- managen: fix blank line detection - - Follow-up to d14a53eea7b87 which ruined the output somewhat. - - Closes #14017 - -- managen: output tabs for each 8 leading spaces - - This replacing of eight leading spaces into tabs was already done for - the embedded uncompressed version in tool_hugehelp.c so it does not save - anything there. But the gzip compressed version ends up almost 2K - smaller. - - The output in a terminal should be identical. - - Before using TABs: - - curl.txt 282492 bytes - curl.txt.gz 73261 bytes - - With this change applied: - - curl.txt 249382 bytes - curl.txt.gz 71470 bytes - - Closes #14016 - -- managen: error on trailing blank lines in input files - - Ref: #14014 - Closes #14015 - -Viktor Szakats (25 Jun 2024) - -- tidy-up: more whitespace - - Closes #14014 - -Stefan Eissing (25 Jun 2024) - -- multi: multi_getsock(), check correct socket - - - in phase CONNECTING/TUNNELING/PROTOCONNECT, retrieve - the socket from the connection filters and do not rely - on `conn->sockfd` being already set by the transfer. - - this applies to the default behaviour, a protocol handler - may override this via its callbacks. - - add a warning message in multi_getsock() when the transfer - is expected to have something in its pollset, but instead - it is empty. - - Reported-by: saurabhsingh-dev on github - Fixes #13998 - Closes #14011 - -Daniel Stenberg (25 Jun 2024) - -- managen: fix each options footer to end with newline - - A previous change sometimes made a command line option's description not - end with a newline immediately before the next command line. - - Also widened the lines to wrap on column 79 instead of 78. - - Closes #14010 - -Alex Snast (25 Jun 2024) - -- wolfssl: assume key_file equal to clientcert in the absence of key_file - - When user sets CURLOPT_SSLCERT but leaves CURLOPT_SSLKEY unset assume - the path passed in CURLOPT_SSLCERT holds the ssl key which is what we do - in openssl implementation. - - Fixes #14007 - Closes #14008 - -Viktor Szakats (24 Jun 2024) - -- autotools: fix pkg-config names (zstd, ngtcp2*) - - Also verified that all names now match up with CMake. - - Follow-up to f057de5a1a950a90d1920021db152a4b695f1a8a #13911 - Follow-up to eeab0ea7aa19af61af881e8a0bf9ff1f2e28ef79 #13994 - Reported-by: 李四 - Fixes #14005 - Closes #14006 - -- tidy-up: whitespace [ci skip] - -Daniel Stenberg (24 Jun 2024) - -- cmdline-docs: "added in" cleanups - - - markup fixes - - remove some mentions of < 7.60.0 changes - - Closes #14003 - -- RELEASE-NOTES: synced - -- managen: "added in" fixes - - - up the limit: remove all mentions of 7.60 or earlier from manpage - 7.60 is 6 years old now. - - warn on "broken" added in lines, as they avoid detection - - fixup added in markup in a few curldown files - - Closes #14002 - -Matt Jolly (24 Jun 2024) - -- configure: fix pkg-config library name 'libnghttp3' - - Closes #13994 - -Daniel Stenberg (24 Jun 2024) - -- managen: cleanups to generate nicer-looking output - - - output "see also" last - - when there are multiple mutex items, use commas between all of them - except the last. - - call them mututally exclusive WITH not TO other options. - - remove trailing space from added in, add newline prefix - - smoother language for requires - - Closes #14001 - -- configure: require a QUIC library if nghttp3 is used - - Instead of just silently disabling HTTP/3. - - Reported-by: Matt Jolly - Fixes #13995 - Closes #13999 - -- docs/cmdline-opts: remove two superfluous "Added in" mentions - - The key "added in" phrase for the option itself is added automatically. - - Closes #14000 - -- cookie-jar.md: see also --junk-session-cookies - - Closes #13996 - -- runtests: support crlf="yes" for the section - -- TODO: -h option - - Support "curl -h --insecure" etc to output the manpage section for the - --insecure command line option in the terminal. Should be possible to - work with either long or short versions of command line options. - - Closes #13990 - -- trace-ascii.md: mention "%" for stderr - - Closes #13991 - -- connect-to.md: expand with examples - - - add referer from the resolve section to connect-to if user wants - wildcard for the port number - - Closes #13989 - -- TODO: connect to multiple IPs in parallel - - Closes #13986 - -- dump-header.md: mention minus for stdout - - Closes #13985 - -- CURLOPT_RESOLVE.md: mention hostname can be wildcard ('*') - - Closes #13983 - -Andy Pan (22 Jun 2024) - -- cf-socket: optimize curlx_nonblock() and check its return error - - Reviewed-by: Stefan Eissing - Closes #13942 - -z2_ (22 Jun 2024) - -- x509asn1: prevent NULL dereference - - Closes #13978 - -Daniel Stenberg (19 Jun 2024) - -- unit2604: use 'unitfail' instead of 'error' variable - - Since the framework is already returning that variable by default. - Avoids a warning for unreachable code. - - Reported-by: Tal Regev - Fixes #13967 - Closes #13973 - -- KNOWN_BUGS: TFTP tests fail on OpenBSD - - Closes #13623 - Closes #13975 - -- VULN-DISCLOSURE-POLICY: NULL dereferences and crashes - - If a malicious server can trigger a NULL dereference in curl or - otherwise cause curl to crash (and nothing worse), chances are big that - we do not consider that a security problem. - - Closes #13974 - -- RELEASE-NOTES: synced - -Sergey Markelov (19 Jun 2024) - -- mbedtls: support CURLOPT_CERTINFO - - Closes #13113 - -Daniel Stenberg (19 Jun 2024) - -- x509asn1: ASN1tostr() should fail when 'constructed' is set - - This is a regression from my refactor in 623c3a8fa0bdb (#12808) - - Follow-up to 623c3a8fa0bdb2751f14b37417 - - Closes #13972 - -- x509asn1: remove two static variables - - cnOID and sanOID were not used outside of the OID table anyway - - Closes #13971 - -brian m. carlson (18 Jun 2024) - -- TODO: TLS channel binding - - Closes #13483 - -Tal Regev (17 Jun 2024) - -- cmake: add CURL_USE_GSASL option with detection + CI test - - Reviewed-by: Viktor Szakats - Closes #13948 - -Daniel Stenberg (16 Jun 2024) - -- x509asn1: make Curl_extract_certinfo store error message - - To help us all better understand where the error actually comes from. - - Ref: #13958 - Closes #13959 - -Viktor Szakats (15 Jun 2024) - -- appveyor: dump build logs on failure in VS2008 jobs - - This seems to be the only way to see what actual toolchain commands were - run, and with what arguments. - - Without `dos2unix`, `cat` output comes out empty. - - Closes #13957 - -- cmake: fix quotes when appending multiple options (SecureTransport) - - Copied from a vcpkg distro patch: - https://github.com/microsoft/vcpkg/blob/02745e0f4749d1f51d2025824209408f5a6c3 - 614/ports/curl/dependencies.patch#L43C38-L44 - - Ref: https://github.com/microsoft/vcpkg/pull/38847 - Ref: https://github.com/microsoft/vcpkg/commit/795f2f137e6cf6d985fcc927bffcaf - 9c0a96e4ac - Ref: https://github.com/microsoft/vcpkg/pull/38847/commits/36f0c917de5319e953 - 61451fc0aef0698b264874#diff-ab5c23e5dc5df412539cc93e24b37abbc588e1918236f8abc - 019d676b270c85fR39 (sub-commit) - - Authored-by: Kai Pastor - Closes #13953 - -Daniel Stenberg (15 Jun 2024) - -- CURLOPT_NETRC.md: clarify what it does on Windows - - Closes #13956 - -- KNOWN_BUGS: "HTTP/2 + TLS spends a lot of time in recv" - - Closes #13416 - Closes #13955 - -- RELEASE-NOTES: synced - -Yedaya Katsman (14 Jun 2024) - -- examples: add missing binaries to .gitignore - - They were showing as changed when built. Add them sorted alphabetically, - while also moving a few more entries to sorted order. - - Closes #13952 - -- docs: reference non deprecated libcurl options - - There are a places where man pages reference deprecated CURLOPT options, - where it doesn't make sense, replace them with the reccomended - replacement option. - - also remove reference to the removed mesalink TLS backend - - Closes #13951 - -Daniel Stenberg (14 Jun 2024) - -- gnutls: pass in SNI name, not hostname when checking cert - - The function we use is called 'gnutls_x509_crt_check_hostname()' but if - we pass in the hostname with a trailing dot, the check fails. If we pass - in the SNI name, which cannot have a trailing dot, it succeeds for - https://pyropus.ca./ - - I consider this as a flaw in GnuTLS and have submitted this issue - upstream: - - https://gitlab.com/gnutls/gnutls/-/issues/1548 - - In order to work with old and existing GnuTLS versions, we still need - this change no matter how they view the issue or might change it in the - future. - - Fixes #13428 - Reported-by: Ryan Carsten Schmidt - Closes #13949 - -- BINDINGS: update java link to one that exists - - The previous java binding seems to have vanished. Link to one that still - exists. - - Bug: https://github.com/curl/everything-curl/issues/456 - Reported-by: Jiang Wenjian - Closes #13950 - -renovate[bot] (14 Jun 2024) - -- GHA: update pinned actions - - - github/codeql-action digest to 23acc5c - - actions/checkout digest to 692973e - - rojopolis/spellcheck-github-actions digest to d354a4d - - Closes #13935 - Closes #13945 - Closes #13946 - -Jay Satiro (14 Jun 2024) - -- tool_cb_hdr: allow etag and content-disposition for 3xx reply - - - Parse etag and content-disposition headers for 3xx replies. - - For example, a server may send a content-disposition filename header - with a redirect reply (3xx) but not with the final response (2xx). - Without this change curl would ignore the server's specified filename - and continue to use the filename extracted from the user-specified URL. - - Prior to this change, 75d79a4 had limited etag and content-disposition - to 2xx replies only. - - Tests-by: Daniel Stenberg - - Reported-by: Morgan Willcock - Fixes https://github.com/curl/curl/issues/13302 - Closes #13484 - -Daniel Stenberg (13 Jun 2024) - -- transfer: set CSELECT_IN if there is data pending - - When aborting the transfer loop early, like when there is rate limiting - in effect, there might be buffered data already read off the socket so - the socket might not signal reability. Therefore we must set the - CSELECT_IN manually if data_pending_() suggests there might be more data - to get. This is particularly noticeable with SSH when the underlying - library has drained the socket and holds pending data in its buffer. - - Reported-by: alervd on github - Fixes #13695 - Closes #13943 - -Viktor Szakats (13 Jun 2024) - -- cmake: enable SOVERSION for Cygwin and `CMAKE_DLL_NAME_WITH_SOVERSION` - - - enable SOVERSION when `CMAKE_DLL_NAME_WITH_SOVERSION=ON` is set. - Ref: https://cmake.org/cmake/help/v3.27/variable/CMAKE_DLL_NAME_WITH_SOVERS - ION.html - Use: https://github.com/search?q=-DCMAKE_DLL_NAME_WITH_SOVERSION&type=code - - - enable SOVERSION for Cygwin builds by default. - - Ref: #13936 - Ref: #13944 - Closes #13898 - -- cmake: allow SOVERSION override with `CURL_LIBCURL_SOVERSION` - - Allow overriding SOVERSION with the new CMake option: - `CURL_LIBCURL_SOVERSION=ON/OFF` - - For certain target platforms the shared libcurl library filename - contains the SOVERSION. This new option allows to enable/disable - this behavior manually. If set, it takes precedence over the default - setting. - - Ref: #13898 - Closes #13944 - -renovate[bot] (13 Jun 2024) - -- Dockerfile: update debian:bookworm-slim to 84d83b2 - - Closes #13934 - -Daniel Stenberg (13 Jun 2024) - -- configure: use AC_MSG_WARN for TLS/experimental warning texts - - - no longer warns for mbedtls - - warns for each item on individual lines - - no longer shows irrelevant TLS libraries when multiple are selected - - removes ech repetition - - Closes #13941 - -- GHA: detect and warn for more English contractions - - As we try to avoid them in curl documentation - - Closes #13940 - -Stefan Eissing (13 Jun 2024) - -- transfer: do not use EXPIRE_NOW while blocked - - - When a transfer sets `data->state.select_bits`, it is - scheduled for rerun with EXPIRE_NOW. If such a transfer - is blocked (due to PAUSE, for example), this will lead to - a busy loop. - - multi.c: check for transfer block - - sendf.*: add Curl_xfer_is_blocked() - - sendf.*: add client reader `is_paused()` callback - - implement is_paused()` callback where needed - - Closes #13908 - -renovate[bot] (13 Jun 2024) - -- ci: update dependency ngtcp2/ngtcp2 to v1.6.0 - - Closes #13939 - -- ci: update ngtcp2/nghttp3 to v1.4.0 - - Closes #13938 - -Viktor Szakats (13 Jun 2024) - -- cmake: stop setting SOVERSION for the static lib target - - Also move the logic closer to its use and related tidy-ups. - - Cherry-picked from #13898 - Closes #13936 - -Patrick Monnerat (13 Jun 2024) - -- os400: make it compilable again - - A newly introduced use of getsockname() in the cli tool makes it require - the ascii wrapper module, which is not available outside of the library: - as the tool only uses the address family field (binary), disable - wrappers outside of libcurl. - - Fix setsockopt() parameter type mismatch using a (void *) cast. - - Sync ILE/RPG binding. - - Closes #13930 - -Viktor Szakats (13 Jun 2024) - -- libcurl.pc: add `Requires.private`, `Requires` for static linking - - - cmake: populate for dependencies. - - autotools: populate for dependencies. - (including mbedtls, though the script does not detect - mbedtls through pkgconfig. mbedtls 3.6.0 now supports it.) - - Skip dealing with gssapi in this patch. - - Fixes #864 - Closes #13911 - -- cmake: bring `curl-config.cmake` closer to `FindCURL` - - Set `CURL_LIBRARIES` and `CURL_INCLUDE_DIRS` variables - for compatibility with CMake's `FindCURL.cmake`: - https://github.com/Kitware/CMake/blob/b411d0146c2e06acfb0c823bb039e99f0191b61 - 1/Modules/FindCURL.cmake#L209 - - For dependent projects, CMake's suggestion is to replace - `CURL_LIBRARIES` with `CURL::libcurl`, and drop `CURL_INCLUDE_DIRS`. - - Reported-by: Aurélien Pierre - Ref: https://curl.se/mail/lib-2024-06/0014.html - Ref: https://gitlab.kitware.com/cmake/cmake/-/issues/24580 - Closes #13897 - -Daniel Stenberg (13 Jun 2024) - -- tool_getparam: fix the bsearch call for ip-tos names - - Follow-up to 3c20ae08b9591 - Reported-by: Samuel Chiang - Fixes #13932 - Closes #13933 - -- request: change the struct field bodywrites to a bool, only for hyper - - Only hyper needs to know this, and it can use it as a boolean. - - Closes #13928 - -Andy Pan (12 Jun 2024) - -- test: fix CURLOPT_TCP_KEEPCNT typo - - Follow up to b77d627d242 - - Closes #13931 - -Daniel Stenberg (12 Jun 2024) - -- http: remove "struct HTTP" - - It is not actually used anymore and only contained a dummy struct field. - Remove all traces and uses of it. - - Closes #13927 - -- cd2nroff: convert two warnings to errors - - Since the warnings tend to get missed too easily and these are problems - we rather want addressed than letting slide. - - Closes #13929 - -- urlapi: use a correct value for CURLU_NO_GUESS_SCHEME - - It was mistakenly set to the same value as CURLU_GET_EMPTY uses. - - Reported-by: Patrick Monnerat - Bug: https://github.com/curl/curl/commit/655d44d139489625e77cf6790d36 - Closes #13926 - -- file: separate fake headers and body with a stand-alone CRLF - - Instead of bolting on the extra CRLF to the final header - as that makes - the behavior inconsistent and not as documented. The final CRLF is now - also made unconditional, just like it is for HTTP. - - Reported-by: dogma - Bug: https://curl.se/mail/lib-2024-06/0033.html - Closes #13925 - -- RELEASE-NOTES: synced - -Andy Pan (12 Jun 2024) - -- tcpkeepalive: add CURLOPT_TCP_KEEPCNT and --keepalive-cnt - - Closes #13885 - -Daniel Stenberg (12 Jun 2024) - -- TODO: make it "Add missing features to TLS backends" - - ... instead of just mentioning CA caching. - - Closes #13924 - -Orgad Shaneh (11 Jun 2024) - -- curl: support VLAN Priority: --vlan-priority - - Add --vlan-priority option to the command line tool for setting VLAN - priority. - - Closes #13907 - -RainRat (11 Jun 2024) - -- misc: fix typos - - Closes #13923 - -Daniel Stenberg (11 Jun 2024) - -- CURLOPT_ECH.md: remove repeated 'if' - - Closes #13922 - -- vms: fixed language in comment - - It started with me fixing a repeated "are are" but the wording was - incomprehensible so I tried to untangle it. - - Closes #13921 - -Stefan Eissing (11 Jun 2024) - -- lib: xfer_setup and non-blocking shutdown - - - clarify Curl_xfer_setup() with RECV/SEND flags and different calls for - which socket they operate on. Add a shutdown flag for secondary - sockets - - change Curl_xfer_setup() calls to new functions - - implement non-blocking connection shutdown at the end of receiving or - sending a transfer - - Closes #13913 - -Daniel Stenberg (11 Jun 2024) - -- test1486: verify that write-out.md and tool_writeout.c are in sync - - - also verify alphabetialal order in the source - - add two missing variables to write-out.md - - Closes #13920 - -Viktor Szakats (11 Jun 2024) - -- GHA: add cmake MSYS2 native job - - curl, libcurl, examples, build-only. - - To compare build behaviour with autotools. - - Closes #13917 - -Daniel Stenberg (11 Jun 2024) - -- openssl: shortcut store_expired for negative timeouts - - Avoid some unnecessary computation if the timeout is negative. - - Spotted by CodeSonar - Closes #13919 - -- RELEASE-NOTES: synced - -- curl: support -w '%{num_retries} - - Suggested-by: Jay Guerette - Ref: https://github.com/curl/curl/discussions/13901 - Closes #13910 - -Guilherme Puida (11 Jun 2024) - -- pytest: include testenv/vsftpd.py in dist tarball - - Closes #13918 - -Viktor Szakats (11 Jun 2024) - -- DISTROS: add MSYS2 (native) links - - Also rename existing 'MSYS2' to 'MSYS2 (mingw-w64)'. - - Closes #13915 - -Daniel Stenberg (10 Jun 2024) - -- tool_writeout: get certinfo only when needing it - - Removes a fairly expensive libcurl call when not necessary - - Closes #13914 - -- tool_writeout: bsearch the variable name - - As the list of variable names grows, doing a simple loop to find the - name get increasingly worse. This switches to a bsearch. - - Also: do a case sensitive check for the variable name. The names have - not been documented to be case insensitive and there is no point in - having them so. - - Closes #13914 - -Stefan Eissing (10 Jun 2024) - -- multi: prepare multi_wait() for future shutdown usage - - - new struct curl_pollfds and struct curl_waitfds - - add structs and methods to init/add/cleanup an array of pollfd and - struct curl_waitfd. Use in multi_wait() and multi_waitfds() to - populate the sets for polling. - - place USE_WINSOCK WSAEventSelect() setting into a separate loop over - all collected pfds - - Closes #13900 - -- connection: shutdown TLS (for FTP) better - - This adds connection shutdown infrastructure and first use for FTP. FTP - data connections, when not encountering an error, are now shut down in a - blocking way with a 2sec timeout. - - - add cfilter `Curl_cft_shutdown` callback - - keep a shutdown start timestamp and timeout at connectdata - - provide shutdown timeout default and member in - `data->set.shutdowntimeout`. - - provide methods for starting, interrogating and clearing - shutdown timers - - provide `Curl_conn_shutdown_blocking()` to shutdown the - `sockindex` filter chain in a blocking way. Use that in FTP. - - add `Curl_conn_cf_poll()` to wait for socket events during - shutdown of a connection filter chain. - This gets the monitoring sockets and events via the filters - "adjust_pollset()" methods. This gives correct behaviour when - shutting down a TLS connection through a HTTP/2 proxy. - - Implement shutdown for all socket filters - - for HTTP/2 and h2 proxying to send GOAWAY - - for TLS backends to the best of their capabilities - - for tcp socket filter to make a final, nonblocking - receive to avoid unwanted RST states - - add shutdown forwarding to happy eyeballers and - https connect ballers when applicable. - - Closes #13904 - -Daniel Stenberg (7 Jun 2024) - -- CURLOPT_CONNECTTIMEOUT*: clarify, document the milliseond version - - Provide an explanation in the CURLOPT_CONNECTTIMEOUT_MS page instead of - just referring to the non-MS version. - - Closes #13905 - -- cmdline-opts: tidy up --ip-tos and --mptcp - - To make them render nicer in the manpage and minor polish. - - Closes #13906 - -- RELEASE-NOTES: synced - -Dorian Craps (7 Jun 2024) - -- curl: (on linux) add MPTCP support - - Multipath TCP (MPTCP), standardized in RFC8684 [1], is a TCP extension - that enables a TCP connection to use different paths. - - Multipath TCP has been used for several use cases. On smartphones, MPTCP - enables seamless handovers between cellular and Wi-Fi networks while - preserving established connections. This use-case is what pushed Apple - to use MPTCP since 2013 in multiple applications [2]. On dual-stack - hosts, Multipath TCP enables the TCP connection to automatically use the - best performing path, either IPv4 or IPv6. If one path fails, MPTCP - automatically uses the other path. - - To benefit from MPTCP, both the client and the server have to support - it. Multipath TCP is a backward-compatible TCP extension that is enabled - by default on recent Linux distributions (Debian, Ubuntu, Redhat, ...). - Multipath TCP is included in the Linux kernel since version 5.6 [3]. To - use it on Linux, an application must explicitly enable it when creating - the socket. No need to change anything else in the application. - - This attached patch adds an --mptcp option which allows the creation of - an MPTCP socket instead of TCP on Linux. If Multipath TCP is not - supported on the system, an error will be reported. It is important to - note that if the end server doesn't support MPTCP, the connection will - continue after a seamless fallback to TCP. - - Link: https://www.rfc-editor.org/rfc/rfc8684.html [1] - Link: https://www.tessares.net/apples-mptcp-story-so-far/ [2] - Link: https://www.mptcp.dev [3] - Co-developed-by: Dorian Craps (@CrapsDorian) - Co-developed-by: Olivier Bonaventure (@obonaventure) - Co-developed-by: Matthieu Baerts (@matttbe) - Signed-off-by: Dorian Craps - - Closes #13278 - -Orgad Shaneh (7 Jun 2024) - -- curl: support IP Type of Service / Traffic Class: --ip-tos - - Add --ip-tos option to the command line tool for setting TOS for IPv4 or - Traffic Class for IPv6. - - Closes #13606 - -Andy Pan (7 Jun 2024) - -- socketpair: provide `Curl_socketpair` only when `!CURL_DISABLE_SOCKETPAIR` - - Ref: https://curl.se/dev/log.cgi?id=20240605035856-3529577 - - Reported-by: Marcel Raad - Closes #13888 - -Daniel Stenberg (7 Jun 2024) - -- noproxy: test bad ipv6 net size first - - No need to parse anything if the size is out of range. - - Added some tests to this effect to test 1614. - - Closes #13902 - -- managen: warn on excessively long help texts - - Help texts at 49 characters or longer get a warning displayed because - they make --help output uglier and we should make an effort to keep the - help texts short and succinct. - - The warning is only for display, it does not break the build. That is - left for the future if necessary. - - I picked 49 because the longest current text is 48. - - Closes #13895 - -Viktor Szakats (5 Jun 2024) - -- lib: tidy up types and casts - - Cherry-picked from #13489 - Closes #13862 - -Daniel Stenberg (5 Jun 2024) - -- cmdline-opts/ech.md: shorten the help text - - To make --help look sensible again - - Closes #13894 - -- cmdline-opts/_PROTOCOLS.md: mention WS(S) - - Closes #13891 - -Viktor Szakats (5 Jun 2024) - -- GHA: disable TFTP and WebSockets tests in old-mingw-w64 - - Follow-up to 03bd16e5339b069aa9409b75fcab2b21fd3a4b16 #13860 - Follow-up to def7d05382743ea7aa1d356d1e41dcb22ecdd4d7 - -Daniel Stenberg (5 Jun 2024) - -- cmdline-opts/fail.md: expand and clarify - - Closes #13890 - -- doh-insecure.md: expand - - Closes #13889 - -- cmdline: expand proxy option explanations - - - do less references to other options - - provide more specific text about proxies - - added more see-also references - - Closes #13887 - -- cmdline-opts: expand the parallel explanations - - Closes #13886 - -- RELEASE-NOTES: synced - -Stefan Eissing (5 Jun 2024) - -- vtls: new io_need flags for poll handling - - - decouple need to recv/send from negotiation state, we need - this later in shutdown handling as well - - move ssl enums from urldata.h to vtls_int.h - - implement use of `connssl->io_need` in vtls.c. and all backends - - Closes #13879 - -Daniel Stenberg (5 Jun 2024) - -- cfilters: make Curl_conn_connect always assign 'done' - - It could return error without assigning it, and we have a caller in - multi.c that assumes it gets set. - - Spotted by CodeSonar - Closes #13884 - -- CURLOPT_INTERFACE.md: quote the less-than and larger-than - - Fixes the warnings shown on stderr. - - Follow-up from 3060557af702dd5 - - Closes #13883 - -- cmdline-opts/interface.md: expand the documentation - - Explain the syntax it supports. - - Closes #13882 - -- url: allow DoH transfers to override max connection limit - - When reaching the set maximum limit of allowed connections, allow a new - connection anyway if the transfer is created for the (internal) purpose - of doing a DoH name resolve. Otherwise, unrelated "normal" transfers can - starve out new DoH requests making it impossible to name resolve for new - transfers. - - Bug: https://curl.se/mail/lib-2024-06/0001.html - Reported-by: kartatz - Closes #13880 - -Viktor Szakats (5 Jun 2024) - -- windows: fix UWP builds, add GHA job - - Add new job to test building for UWP (aka `CURL_WINDOWS_APP`). - - Fix fallouts when building for UWP: - - rand: do not use `BCryptGenRandom()`. - - cmake: disable using win32 LDAP. - - cmake: disable telnet. - - version_win32: fix code before declaration. - - schannel: disable `HAS_MANUAL_VERIFY_API`. - - schannel: disable `SSLSUPP_PINNEDPUBKEY` - and make `schannel_checksum()` a stub. - Ref: e178fbd40a896f2098278ae61e1166c88e7b31d0 #1429 - - schannel: make `cert_get_name_string()` a failing stub. - - system_win32: make `Curl_win32_impersonating()` a failing stub. - - system_win32: try to fix `Curl_win32_init()` (untested). - - threads: fix to use `CreateThread()`. - - src: disable searching `PATH` for the CA bundle. - - src: disable bold text support and capability detection. - - src: disable `getfiletime()`/`setfiletime()`. - - tests: make `win32_load_system_library()` a failing stub. - - tests/server/util: make it compile. - - tests/server/sockfilt: make it compile. - - tests/lib3026: fix to use `CreateThread()`. - - See individual commits for build error details. - - Some of these fixes may have better solutions, and some may not work - as expected. The goal of this patch is to make curl build for UWP. - - Closes #13870 - -Orgad Shaneh (4 Jun 2024) - -- socket: support binding to interface *AND* IP - - Introduce new notation for CURLOPT_INTERFACE / --interface: - ifhost!! - - Binding to an interface doesn't set the address, and an interface can - have multiple addresses. - - When binding to an address (without interface), the kernel is free to - choose the route, and it can route through any device that can access - the target address, not necessarily the one with the chosen address. - - Moreover, it is possible for different interfaces to have the same IP - address, on which case we need to provide a way to be more specific. - - Factor out the parsing part of interface option, and add unit tests: - 1663. - - Closes #13719 - -Andy Pan (4 Jun 2024) - -- socketpair: add `eventfd` and use `SOCK_NONBLOCK` for `socketpair()` - - Currently, we use `pipe` for `wakeup_create`, which requires ***two*** - file descriptors. Furthermore, given its complexity inside, `pipe` is a - bit heavyweight for just a simple event wait/notify mechanism. - - `eventfd` would be a more suitable solution for this kind of scenario, - kernel also advocates for developers to use `eventfd` instead of `pipe` - in some simple use cases: - - Applications can use an eventfd file descriptor instead of a pipe - (see pipe(2) in all cases where a pipe is used simply to signal - events. The kernel overhead of an eventfd file descriptor is much - lower than that of a pipe, and only one file descriptor is required - (versus the two required for a pipe). - - This change adds the new backend of `eventfd` for `wakeup_create` and - uses it where available, eliminating the overhead of `pipe`. Also, it - optimizes the `wakeup_create` to eliminate the system calls that make - file descriptors non-blocking by moving the logic of setting - non-blocking flags on file descriptors to `socketpair.c` and using - `SOCK_NONBLOCK` for `socketpair(2)`, `EFD_NONBLOCK` for `eventfd(2)`. - - Ref: - https://man7.org/linux/man-pages/man7/pipe.7.html - https://man7.org/linux/man-pages/man2/eventfd.2.html - https://man7.org/linux/man-pages/man2/socketpair.2.html - https://www.gnu.org/software/gnulib/manual/html_node/eventfd.html - - Closes #13874 - -renovate[bot] (4 Jun 2024) - -- ci: update github/codeql-action digest to 2e230e8 - - Closes #13881 - -Jay Satiro (4 Jun 2024) - -- examples/threaded-ssl: remove locking callback code - - - Remove the locking callback code that demonstrates how to meet - requirements of threading libraries (mainly OpenSSL). - - Locking callback code has not been needed for many years. According to - the documentation for OpenSSL and GnuTLS they are thread-safe by design, - assuming support for the underlying OS threading API is built-in. - - Ref: https://github.com/curl/curl/pull/13850#issuecomment-2143538458 - - Closes https://github.com/curl/curl/pull/13851 - -Viktor Szakats (4 Jun 2024) - -- tests: delete redundant `!MSDOS` guard - - This fix was supposed to be committed earlier, but ended up missing from - the final commit. - - Follow-up to e9a7d4a1c8377dbcf9a2d94365f60e3e5dff48f8 #12376 - Closes #13878 - -- lib: fix thread entry point to return `DWORD` on WinCE - - We already do this in `tests/server/util.c`: - https://github.com/curl/curl/blob/97e5e37cc8269660bc5d4a1936f10f2390b97c5a/te - sts/server/util.c#L604-L606 - and in `sockfilt.c`, `lib3026.c`. - - Before this patch it returned `unsigned int`. - - Closes #13877 - -Andy Pan (4 Jun 2024) - -- socket: use SOCK_NONBLOCK to eliminate extra system call - - Every time function `cf_socket_open()` is called to create a socket, - `curlx_nonblock()` is called to make that socket non-blocking. And - `curlx_nonblock()` will cost us 1 or 2 system calls (2 for `fcntl()`, 1 - for `ioctl()`, etc.), meanwhile, tucking `SOCK_NONBLOCK` and - `SOCK_CLOEXEC` into the `type` argument for `socket()` is widely - supported across UNIX-like OS: Linux, *BSD, Solaris, etc. With that - ability, we can save 1 or 2 system calls on each socket. - - Another change in this PR is to eliminate the redundant - `curlx_nonblock()` call on the socket in `cf_udp_setup_quic()` as that - socket created by `cf_socket_open()` is already non-blocking. - - Ref: - https://man7.org/linux/man-pages/man2/socket.2.html - https://man.freebsd.org/cgi/man.cgi?socket(2) - https://man.dragonflybsd.org/?command=socket§ion=2 - https://man.netbsd.org/socket.2 - https://man.openbsd.org/socket - https://docs.oracle.com/cd/E88353_01/html/E37843/socket-3c.html - https://illumos.org/man/3SOCKET/socket - ... - - Closes #13855 - -Viktor Szakats (4 Jun 2024) - -- GHA: show cmake error log in Windows and non-native workflows - - CMake configure doesn't fail often, but when it does, it helps to see - its `CMakeFiles/CMakeConfigureLog.yaml` output. This file is present - since CMake v3.26: - https://cmake.org/cmake/help/v3.26/manual/cmake-configure-log.7.html - - (Older CMake versions save similar contend to - `CMakeFiles\CMakeOutput.log` and - `CMakeFiles\CMakeError.log`. This patch doesn't deal with that because - the workflows touched are all running a newer CMake.) - - After this patch, we dump the content if cmake fails. Syncing this with - autotools, where we already did that. - - Closes #13872 - -- GHA: switch a Windows job to UCRT (gcc) - - Cherry-picked from #13870 - -- curl-config: revert to backticks to support old target envs - - Make an exception for `curl-config` because this script that may be - running on any target system, including old ones, e.g. SunOS 5.10. - - Reported-by: Alejandro R. Sedeño - Ref: https://github.com/curl/curl/pull/13307#issuecomment-2146427358 - Follow-up to fa69b41c7790fab86fd363242c81d8ef2e89e183 #13307 - Closes #13871 - -Stefan Eissing (4 Jun 2024) - -- mbedtls: v3.6.0 workarounds - - - add special sauce to disable unwanted peer verification by mbedtls - when negotiating TLS v1.3 - - add special sauce for MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET - return code on *writing* TLS data. We assume the data had not been - written and EAGAIN. - - return correct Curl error code when peer verification failed. - - disable test_08_05 with 50 HTTP/1.1 connections, as mbedtls reports a - memory allocation failed during handshake. - - bump CI mbedtls version to 3.6.0 - - Fixes #13653 - Closes #13838 - -- gnutls: support CA caching - - - similar to openssl, use a shared 'credentials' instance - among TLS connections with a plain configuration. - - different to openssl, a connection with a client certificate - is not eligible to sharing. - - document CURLOPT_CA_CACHE_TIMEOUT in man page - - Closes #13795 - -Dan Fandrich (3 Jun 2024) - -- tests: don't log buffer length in throwing away message - - It's not available at that point, and it will be written in the - non-error case right afterward. - -- tests: log "Throwing away" messages before throwing away - - In case the read that follows hangs we'll get a clue as to what it was - doing. - -- CI: reduce memory request for FreeBSD builds - - Also, add a comment with link to the Cirrus credit page since it's not - easy to find otherwise. - -Andy Pan (3 Jun 2024) - -- tcpkeepalive: support setting TCP keep-alive parameters on Solaris <11.4 - - Solaris didn't support TCP_KEEPIDLE and TCP_KEEPINTVL until 11.4, - before that it use TCP_KEEPALIVE_THRESHOLD and TCP_KEEPALIVE_ABORT_THRESHOLD - as the substitute. Therefore, for Solaris <11.4 we need to use this substitut - e - for setting TCP keep-alive parameters. - - Ref: - https://docs.oracle.com/cd/E86824_01/html/E54777/tcp-7p.html - https://docs.oracle.com/cd/E88353_01/html/E37851/tcp-4p.html - - Closes #13864 - -Daniel Stenberg (3 Jun 2024) - -- KNOWN_BUGS: quiche: QUIC connection is draining - - Closes #12037 - Closes #13867 - -- KNOWN_BUGS: aws-sigv4 has problems with particular URLs - - Closes #13058 - Closes #13866 - -- KNOWN_BUGS: aws-sigv4 does not handle multipart/form-data correctly - - Closes #13351 - Closes #13866 - -- RELEASE-NOTES: synced - -Viktor Szakats (3 Jun 2024) - -- GHA: fix old mingw-w64 32-bit job - - This toolchain resides in the `mingw32` directory. Make sure to - configure `PATH` accordingly. - - Before this patch, it pointed to a non-existing `mingw64` directory, - making the job use the wrong compiler (gcc 12, 64-bit). - - Follow-up to e838b341a08b44d4a8486fb0d3f15d12fc794c62 #12927 - Closes #13863 - -Daniel Stenberg (2 Jun 2024) - -- tool_cb_hdr: return error for failed header writes - - By checking that fflush() works. - - Reported-by: Sebastian Andersson - Fixes #13836 - Closes #13859 - -Viktor Szakats (2 Jun 2024) - -- GHA: bump all build jobs to nproc+1 - - - bump rest of the workflows (windows, macos, distrocheck). - - - non-native virtualized envs have 2 CPUs, bump down accordingly. - (for `vmactions/omnios-vm` it's just a guess.) - - - bump all to nproc + 1. - - Follow-up to e838b341a08b44d4a8486fb0d3f15d12fc794c62 #12927 - Closes #13807 - -- GHA: disable MQTT and WebSocket tests in Windows jobs - - Trying to figure out which category is causing the remaining hangs. - - Follow-up to def7d05382743ea7aa1d356d1e41dcb22ecdd4d7 - Closes #13860 - -- lib/v*: tidy up types and casts - - Also add a couple of negative checks. - - Cherry-picked from #13489 - Closes #13622 - -- GHA: fix caching old mingw-w64 toolchains in the Windows workflow - - - stop altering the `PATH` via `GITHUB_ENV`. This confused the - `actions/cache` post-job, which needs to run in the exact same - environment as its pre-job, to have a consistent cache entry "version" - hash. Altering the `PATH` via `GITHUB_ENV` spills into the the - post-job and breaks this hash. GHA doesn't reset the env automatically - and I have not found a way to do it manually. - - - add double-quotes where missing. - - - move cache directory under `USERPROFILE` to not rely on absolute - paths. - - - make cache directory flatter and versionless. - - Follow-up to 0914d8aadddac0d1459673d5b7f77e8f3378b22b #13759 - Closes #13856 - -renovate[bot] (2 Jun 2024) - -- ci: pin actions/github-script action to 60a0d83 - - Closes #13846 - -Bo Anderson (2 Jun 2024) - -- x509asn1: add some common ECDSA OIDs - - Closes #13857 - -renovate[bot] (2 Jun 2024) - -- ci: update rojopolis/spellcheck-github-actions digest to e36f662 - - Closes #13852 - -Bo Anderson (2 Jun 2024) - -- x509asn1: fallback to dotted OID representation - - Reported-by: Luke Hamburg - Fixes #13845 - Closes #13858 - -Lee Li (2 Jun 2024) - -- request.md: language fix - - improved for better readability and correctness - - Closes #13854 - -Christian Schmitz (2 Jun 2024) - -- vtls: deprioritize Secure Transport - - Moved Secure Transport behind OpenSSL, so we can build CURL with both - and prefer using OpenSSL over Secure Transport by default. - - Closes #13547 - -Daniel Stenberg (1 Jun 2024) - -- urlapi: add CURLU_NO_GUESS_SCHEME - - Used for extracting: - - - when used asking for a scheme, it will return CURLUE_NO_SCHEME if the - stored information was a guess - - - when used asking for a URL, the URL is returned without a scheme, like - when previously given to the URL parser when it was asked to guess - - - as soon as the scheme is set explicitly, it is no longer internally - marked as guessed - - The idea being: - - 1. allow a user to figure out if a URL's scheme was set as a result of - guessing - - 2. extract the URL without a guessed scheme - - 3. this makes it work similar to how we already deal with port numbers - - Extend test 1560 to verify. - - Closes #13616 - -- wolfssl: support CA caching - - As a bonus, add SSLSUPP_CA_CACHE to let TLS backends signal its support - for this so that *setopt() return error if there is no support. - - Closes #13786 - -Andy Pan (1 Jun 2024) - -- socket: change TCP keepalive from ms to seconds on DragonFly BSD - - DragonFly BSD changed the time unit for TCP keep-alive from milliseconds - to seconds since v5.8, thus setting the keepalive options with - milliseconds with curl/libcurl will result in unexpected behaviors on - DragonFlyBSD 5.8+ - - Distinguish the DragonFly BSD versions and use the proper time units - accordingly. - - Ref: - https://lists.dragonflybsd.org/pipermail/commits/2019-July/719125.html - https://github.com/DragonFlyBSD/DragonFlyBSD/blob/965b380e960908836b97aa034 - fa2753091e0172e/sys/sys/param.h#L207 - - Fixes #13847 - Closes #13848 - -Daniel Stenberg (1 Jun 2024) - -- curlver.h: aiming for 8.9.0 - -- noproxy: patterns need to be comma separated - - or they will not parse correctly. - - Mentioned in DEPRECATED since Janurary 2023 (in 7ad8a7ba9ebdedc). - - Closes #13789 - -Jan Venekamp (1 Jun 2024) - -- sectransp: remove large cipher table - - Previously a large table of ciphers was used to determine the default - ciphers and to lookup manually selected ciphers names. - - With the lookup of the manually selected cipher names moved to - Curl_cipher_suite_walk_str() the large table is no longer needed for - that purpose. - - The list of manually selected cipher can now be intersected with the - ciphers supported by Secure Transport (SSLGetSupportedCiphers()), - instead of using the fixed table for that. - - The other use of the table was to filter the list of all supported - ciphers offered by Secure Transport to create a list of ciphers to - use by default, excluding ciphers in the table marked as weak. - - Instead of using a complement based approach (exclude weak), switch - to using an intersection with a smaller list of ciphers deemed - appropriate. - - Closes #13823 - -Tatsuhiro Tsujikawa (1 Jun 2024) - -- GHA: unify http3 workflows into one - - This commit unifies the following http3 workflows into http3-linux.yml: - - - ngtcp2-linux.yml - - osslq-linux.yml - - quiche-linux.yml - - The idea is better use of the build cache. Previously, they - independently create caches with the same key. Some of the caches - include source code and intermediate object files, which makes cache - quite large. In this commit, only built artifacts are cached, which - drastically reduces the cache size. OpenSSL v3, mod_h2 and quiche caches - still include all stuff, but they are left for the later improvement. - Because the contents of the cache have been changed, the cache keys are - also changed to include the word "http3". - - Closes #13841 - -Stephen Farrell (1 Jun 2024) - -- openSSL: fix hostname handling when using ECH - - Reported-by: vvb2060 - Fixes #13818 - Closes #13822 - -renovate[bot] (1 Jun 2024) - -- ci: update github/codeql-action digest to f079b84 - - Closes #13837 - -Daniel Stenberg (1 Jun 2024) - -- RELEASE-NOTES: synced - -- curl_multi_poll.md: expand the example with an custom file descriptor - - Closes #13842 - -Christian Heusel (1 Jun 2024) - -- DISTROS: add a link to the list archive - - Related to https://github.com/curl/curl/discussions/13833 - - Signed-off-by: Christian Heusel - Closes #13843 - -Matt Jolly (31 May 2024) - -- autoconf: remove 'deeper' checks for `AC_CHECK_FUNCS` - - The net effect of the deeper checks is to raise implicit function decls - on modern compilers. - - These checks appear to have been added ~20 years ago, relating to an - unverifiable claim about HP-UX. Autoconf support for the platform has - grown in leaps and bounds since. - - It didn't cause a real problem here, but when investigating a FP this - came up. No evidence has been identified that this was actually broken - in the past, and there is no evidence that this is necessary now. - - `-Werror=implicit-function-declarations` is enabled for both checks; - without a working prototype they will both fail regardless. In the - second case there will in fact never be a working prototype and - therefore it will always fail unconditionally. - - `AC_CHECK_FUNCS` does effectively the same thing as the removed checks, - except it actually defines a dummy prototype to see if it links. - - If `AC_CHECK_FUNCS` is broken on a given platform we have bigger - problems than trying to build cURL. This should also be faster. - - Bug: https://bugs.gentoo.org/932827 - Reviewed-By: Eli Schwartz - Closes #13830 - -Jay Satiro (30 May 2024) - -- cf-socket: improve SO_SNDBUF update for Winsock - - - Rename: Curl_sndbufset => Curl_sndbuf_init - - - Rename: win_update_buffer_size => win_update_sndbuf_size - - - Save the last set SO_SNDBUF size to compare against so that we can - avoid setsockopt calls every second. - - This is a follow-up to 0b520e12 which moved the SO_SNDBUF update check - into cf-socket. This change improves it further by making the function - names easier to understand and reducing the amount of setsockopt calls. - - Closes https://github.com/curl/curl/pull/13827 - -Viktor Szakats (30 May 2024) - -- tidy-up: use consistent casing for Windows directories - - C:\Windows\System32 - - Closes #13832 - -- GHA: use ubuntu-latest with OmniOS job - - It's the same as ubuntu-22.04. - - Also update OmniOS package search link. - - Closes #13831 - -Ayesh Karunaratne (30 May 2024) - -- GHA: adjust parallel job counts - - Adjusts the `make -j` flag to match the latest GitHub-hosted runner - hardware specs[^1]: - - - `ubuntu-latest` on 4 CPU cores - - `macos-latest` on 3 CPU cores - - The processor count is ideally obtained from `nproc`, but setting env - vars from the current CI yaml files is not possible because they expect - literal strings. - - [^1]: https://docs.github.com/en/actions/using-github-hosted-runners/about-gi - thub-hosted-runners/about-github-hosted-runners#standard-github-hosted-runner - s-for-public-repositories - - Closes #12927 - -pszlazak (30 May 2024) - -- get.d: clarify the explanation - - Closes #13706 - -Daniel Stenberg (30 May 2024) - -- curl_url_set.md: libcurl only parses :// URLs - - Make it clearer in the documentation. - - Closes #13821 - -Stefan Eissing (30 May 2024) - -- multi: fix multi_wait() timeout handling - - - determine the actual poll timeout *after* all sockets - have been collected. Protocols and connection filters may - install new timeouts during collection. - - add debug logging to test1533 where the mistake was noticed - - Reported-by: Matt Jolly - Fixes #13782 - Closes #13825 - -Viktor Szakats (29 May 2024) - -- lib: prefer `var = time(NULL)` over `time(&var)` - - Following up on previous occurrences showing up as gcc warnings, replace - the remaining `time(&var)` calls with `var = time(NULL)`, though these - aren't specifically causing compiler warnings. These are in the TFTP - client code (`lib/tftp.c`), except one which is in a debug branch in - `lib/http_aws_sigv4.c`. - - What's unexplainable is that this patch seems to mitigate TFTP tests - often hanging or going into an infinite loop on GHA windows workflows - with MSYS2, mingw-w64 and MSVC (Cygwin is unaffected): - https://github.com/curl/curl/pull/13599#issuecomment-2119372376 - TFTP hangs did not entirely disappear though, so could be unrelated. - - `time()` docs: - https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/time-time32 - -time64 - https://manpages.debian.org/bookworm/manpages-dev/time.2.en.html - - Follow-up to 58ca0a2f0743a586716ca357c382b29e3f08db69 #13800 - Follow-up to d0728c9109629ee82b855b350a4c3f1f52ee61df #13643 - Closes #13815 - -Stefan Eissing (29 May 2024) - -- winsock: move SO_SNDBUF update into cf-socket - - - Move the code that updates the SO_SNDBUF size for Windows to - cf_socket_send. - - Prior to this change the code was in readwrite_upload but the socket - filter is the more appropriate place because it applies to all sends. - - Background: - - For Windows users SO_SNDBUF (the total per-socket buffer size reserved - by Winsock for sends) is updated dynamically by libcurl during the - transfer. This is because Windows does not do it automatically for - non-blocking sockets and without it the performance of large transfers - may suffer. - - Closes https://github.com/curl/curl/pull/13763 - -Jan Venekamp (29 May 2024) - -- sectransp: use common code for cipher suite lookup - - Take advantage of the Curl_cipher_suite_walk_str() and - Curl_cipher_suite_get_str() functions introduced in commit fba9afe. - - Closes #13521 - -Matthias Gatto (29 May 2024) - -- aws-sigv4: url encode the canonical path - - Refactors canon_query, so it could use the encoding part of the function - to use it in the path. - - As the path doesn't encode '/', but encode '=', I had to add some - conditions to know If I was doing the query or path encoding. - - Also, instead of adding a `bool in_path` variable, I use `bool - *found_equals` to know if the function was called for the query or path, - as found_equals is used only in query_encoding. - - Test 472 verifies. - - Reported-by: Alexander Shtuchkin - Fixes #13754 - Closes #13814 - - Signed-off-by: Matthias Gatto - -Daniel Stenberg (29 May 2024) - -- cd2nroff: use an empty "##" to signal end of .IP sequence - - Like when we list a series of options and then want to add "normal" text - again afterwards. - - Without this, the indentation level wrongly continues even after the - final "##" header, making following text wrongly appear to belong to the - header above. - - Adjusted several curldown files to use this. - - Fixes #13803 - Reported-by: Jay Satiro - Closes #13806 - -vvb2060 (28 May 2024) - -- openssl: fix %-specifier in infof() call - - Closes #13816 - -Daniel Stenberg (28 May 2024) - -- curl: make warnings and other messages aware of terminal width - - This removes unnecessary line wraps when the terminal is wider than 79 - columns and it also makes messages look better in narrower terminals. - - The get_terminal_columns() function is not split out into its own source - file. - - Suggested-by: Elliott Balsley - Fixes #13804 - Closes #13808 - -Viktor Szakats (28 May 2024) - -- GHA: enable tests 1139, 1177, 1477 on Windows - - These exclusions came from the AppVeyor CI config, but they do pass now - and they are static tests with no flakiness risk. - - Follow-up to 0914d8aadddac0d1459673d5b7f77e8f3378b22b #13759 - Closes #13817 - -Dan Fandrich (28 May 2024) - -- CI: Improve labeler tag detection - - Also, simplify patterns with a single glob. - -Viktor Szakats (28 May 2024) - -- GHA: disable TFTP tests in Windows jobs - - Shot in the dark trying to find out which tests are - hanging / going to an infinite loop. - - The ones failing after 45 minutes (mingw-w64) or 30 minutes (MSVC). - - Ref: https://github.com/curl/curl/pull/13599#issuecomment-2119372376 - -renovate[bot] (28 May 2024) - -- ci: update vmactions/omnios-vm digest to a61ca1e - - Closes #13801 - -Daniel Stenberg (28 May 2024) - -- openssl/gnutls: rectify the TLS version checks for QUIC - - The versions check wrongly complained and return error if the *minimum* - version was set to something less than 1.3. QUIC is always TLS 1.3, but - that means minimum 1.2 is still fine to ask for. - - This also renames the local variable to make the mistake harder to make - in the future. - - Regression shipped in 8.8.0 - - Follow-up to 3210101088dfa3d6a125 - - Reported-by: fds242 on github - Fixes #13799 - Closes #13802 - -Stefan Eissing (28 May 2024) - -- gnutls: improve TLS shutdown - - local ftp upload tests sometimes failed with an invalid TLS record being - reported by gnutls. vsftp did log that the shutdown was not regarded as - clean, failing the control connection thereafter. - - These changes make test_31_05 work reliable locally. - - - on closing the SSL filter, shutdown READ *and* WRITE - - on closing, try a receive after shutdown is sent - - convert to DEBUGF to CURL_TRC_CF - - Closes #13790 - -Daniel Stenberg (28 May 2024) - -- RELEASE-NOTES: synced - -- tests: run with "--trace-config all" to provide even more info - - in case of problems. - - Closes #13791 - -Viktor Szakats (28 May 2024) - -- build: untangle `CURLDEBUG` and `DEBUGBUILD` macros - - `CURLDEBUG` is meant to enable memory tracking, but in a bunch of cases, - it was protecting debug features that were supposed to be guarded with - `DEBUGBUILD`. - - Replace these uses with `DEBUGBUILD`. - - This leaves `CURLDEBUG` uses solely for its intended purpose: to enable - the memory tracking debug feature. - - Also: - - autotools: rely on `DEBUGBUILD` to enable `checksrc`. - Instead of `CURLDEBUG`, which worked in most cases because debug - builds enable `CURLDEBUG` by default, but it's not accurate. - - include `lib/easyif.h` instead of keeping a copy of a declaration. - - add CI test jobs for the build issues discovered. - - Ref: https://github.com/curl/curl/pull/13694#issuecomment-2120311894 - Closes #13718 - -- examples: delete unused includes - - Delete a bunch of unnecessary-looking headers from some examples. This - is known to be tricky on AIX (perhaps also in other less-tested envs). - - Let me know if any of this looks incorrect or outright fails on some - systems. - - Follow-up to d4b85890555388bec212b75f47a5c1a48705b156 #13771 - Closes #13785 - -- appveyor: fixup job name [ci skip] - - Follow-up to fc8e0dee3045658f293452121f5290d81ba3aa1e #13694 - -- cmake: fix `-Wredundant-decls` in unity/mingw-w64/gcc/curldebug/DLL builds - - It affected cmake-unity shared-curltool curldebug mingw-w64 gcc builds - when building the `testdeps` target. - - Apply the solution already used in `lib/base64.c` and `lib/dynbuf.c` - to fix it. - - Also update an existing GHA CI job to test the issue fixed. - - ``` - In file included from curl/lib/version_win32.c:35, - from curl/_bld/src/CMakeFiles/curl.dir/Unity/unity_0_c.c:145 - : - curl/lib/memdebug.h:52:14: error: redundant redeclaration of 'curl_dbg_logfil - e' [-Werror=redundant-decls] - 52 | extern FILE *curl_dbg_logfile; - | ^~~~~~~~~~~~~~~~ - In file included from curl/src/slist_wc.c:32, - from curl/_bld/src/CMakeFiles/curl.dir/Unity/unity_0_c.c:4: - curl/lib/memdebug.h:52:14: note: previous declaration of 'curl_dbg_logfile' w - ith type 'FILE *' {aka 'struct _iobuf *'} - 52 | extern FILE *curl_dbg_logfile; - | ^~~~~~~~~~~~~~~~ - curl/lib/memdebug.h:55:44: error: redundant redeclaration of 'curl_dbg_malloc - ' [-Werror=redundant-decls] - 55 | CURL_EXTERN ALLOC_FUNC ALLOC_SIZE(1) void *curl_dbg_malloc(size_t siz - e, - | ^~~~~~~~~~~~~~~ - curl/lib/memdebug.h:55:44: note: previous declaration of 'curl_dbg_malloc' wi - th type 'void *(size_t, int, const char *)' {aka 'void *(long long unsigned - int, int, const char *)'} - 55 | CURL_EXTERN ALLOC_FUNC ALLOC_SIZE(1) void *curl_dbg_malloc(size_t siz - e, - | ^~~~~~~~~~~~~~~ - [...] - curl/lib/memdebug.h:110:17: error: redundant redeclaration of 'curl_dbg_fclos - e' [-Werror=redundant-decls] - 110 | CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *sou - rce); - | ^~~~~~~~~~~~~~~ - curl/lib/memdebug.h:110:17: note: previous declaration of 'curl_dbg_fclose' w - ith type 'int(FILE *, int, const char *)' {aka 'int(struct _iobuf *, int, c - onst char *)'} - 110 | CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *sou - rce); - | ^~~~~~~~~~~~~~~ - ``` - Ref: https://ci.appveyor.com/project/curlorg/curl/builds/49840554/job/a4aoet1 - 7e9qnqx1a#L362 - - After: https://ci.appveyor.com/project/curlorg/curl/builds/49843735/job/hbo2u - ah2vj0ns523 - - Ref: #13689 (CI testing this PR with `DEBUGBUILD`/`CURLDEBUG`/shared-static c - ombinations) - Depends-on: #13694 - Depends-on: #13800 - Closes #13705 - -- lib: fix gcc warning in certain debug builds - - ``` - curl/lib/http_aws_sigv4.c:536:10: error: 'clock' may be used uninitialized [- - Werror=maybe-uninitialized] - 536 | time_t clock; - | ^~~~~ - ``` - Ref: https://github.com/curl/curl/actions/runs/9158755123/job/25177765000#ste - p:13:79 - - Cherry-picked from #13718 - Closes #13800 - -- cmake: always build unit tests with the `testdeps` target - - Before this patch, the `testdeps` build target required `-DCURLDEBUG` - be set either via `ENABLE_DEBUG=ON` or `ENABLE_CURLDEBUG=ON` to build - the curl unit tests. - - After fixing build issues in #13694, we can drop this requirement and - build unit tests unconditionally. - - Depends-on: #13694 - Depends-on: #13697 (fix unit test issue revealed by Old Linux CI job) - Follow-up to 39e7c22bb459c2e818f079984989a26a09741860 #11446 - Closes #13698 - -- CI: disable dependency tracking in most autotools builds - - For better build performance. Dependency tracking causes a build - overhead while compiling to help a subsequent build, but in CI there is - never one and the extra work is discarded. - - Closes #13794 - -- build: untangle `UNITTESTS` and `DEBUGBUILD` macros - - - fix `DEBUGBUILD` guards that should be `UNITTESTS`, in libcurl code - used by unit tests. - - fix guards for libcurl functions used in unit tests only. - - sync `UNITTEST` attribute between declarations and definitions. - - drop `DEBUGBUILD` guard from test `unit2600`. - - fix guards for libcurl HSTS code used by both a unit test (`unit1660`) - and `test0446`. - - update an existing AppVeyor CI job to test the issues fixed. - - This fixes building tests with `CURLDEBUG` enabled but `DEBUGBUILD` - disabled. This can happen when building tests with CMake with - `ENABLE_DEBUG=ON` in Release config, or with `ENABLE_CURLDEBUG=ON` - and _without_ `ENABLE_DEBUG=ON`. Possibly also with autotools - when using `--enable-curldebug` without `--enable-debug`. - - Test results: - - before: - https://ci.appveyor.com/project/curlorg/curl/builds/49835609 - https://ci.appveyor.com/project/curlorg/curl/builds/49898529/job/k8qpbs8idb - y70smw - https://github.com/curl/curl/actions/runs/9259078835/job/25470318167?pr=137 - 98#step:13:821 - - after: https://ci.appveyor.com/project/curlorg/curl/builds/49839255 - (the two failures are unrelated, subject to PR #13705) - - Ref: #13592 (issue discovery) - Ref: #13689 (CI testing this PR with `DEBUGBUILD`/`CURLDEBUG` combinations) - Closes #13694 - -- GHA: ignore flaky MQTT and FTP test results [ci skip] - - MQTT / OmniOS: - ``` - TESTFAIL: These test cases failed: 1190 1198 3017 - ``` - Ref: https://github.com/curl/curl/actions/runs/9258522297/job/25468730731?pr= - 13694#step:3:10251 - - MQTT / OmniOS: - ``` - TESTFAIL: These test cases failed: 1194 2200 2203 2205 - ``` - Ref: https://github.com/curl/curl/actions/runs/9150523540/job/25155409832#ste - p:3:10233 - - FTP / OmniOS: - ``` - TESTFAIL: These test cases failed: 1096 - ``` - Ref: https://github.com/curl/curl/actions/runs/9150702711/job/25155793948#ste - p:3:10247 - - FTP / OmniOS: - ``` - TESTFAIL: These test cases failed: 381 - ``` - Ref: https://github.com/curl/curl/actions/runs/9163863822/job/25193897640#ste - p:3:10230 - - FTP / OmniOS: - ``` - TESTFAIL: These test cases failed: 340 - ``` - Ref: https://github.com/curl/curl/actions/runs/9233804752/job/25406671742?pr= - 13771#step:3:10245 - - Ref: https://github.com/curl/curl/pull/13583#issuecomment-2119376898 - -- CI: tidy up skipping tests build/run in Windows jobs - - Simplify controlling whether to build and/run tests in a CI job. - - Apply the TFLAGS='skipall' (do not build nor run tests) or - 'skiprun' (build, but do not run) method already used with old-mingw-w64 - and msvc jobs to existing Windows jobs in GHA and AppVeyor. - - Also: - - add Cygwin/cmake test build and run steps while here. - - replace `DISABLED_TESTS` with `TFLAGS` in AppVeyor. - - Closes #13796 - -- cmake: use `APPLE` instead of `CMAKE_SYSTEM_NAME` string - - Follow-up to a86254b39307af1a53735b065a382567805cd9b8 #12515 - Closes #13713 - -- cmake: whitespace, formatting/tidy-up in comments - - Also correct casing in a few option descriptions. - - Closes #13711 - -- cmake: allow `ENABLE_CURLDEBUG=OFF` with `ENABLE_DEBUG=ON` - - Before this patch, `ENABLE_CURLDEBUG` (memory tracking) was - unconditionally enabled when `ENABLE_DEBUGBUILD` was set. This made - testing some build configurations complicated. To fix it, this patch - makes `ENABLE_CURLDEBUG` to receive the value of `ENABLE_DEBUG` by - default, while allowing free override by the user. - - This allows to use the config: - `ENABLE_DEBUGBUILD=ON ENABLE_CURLDEBUG=OFF` - to enable debug features, without also enabling memory tracking. - - This is important because some other build methods allow to set one of - these features but not the other. This patch allows to test any - combination with CMake. - - This makes it unnecessary to use the workaround of passing - `-DDEBUGBUILD` via `CMAKE_C_FLAGS`. Which has the disadvantage that our - CMake logic cannot easily detect it, e.g. for disabling symbol hiding on - Windows for `ENABLE_DEBUG`/`DEBUGBUILD` builds. - - Cherry-picked from #13718 - Closes #13792 - -- cmake: `ENABLE_DEBUG=ON` to always set `-DDEBUGBUILD` - - Before this patch `ENABLE_DEBUG=ON` always enabled the TrackMemory - (aka `ENABLE_CURLDEBUG=ON`) feature, but required the `Debug` CMake - configration to actually enable curl debug features - (aka `-DDEBUGBUILD`). - - Curl debug features do not require compiling with C debug options. This - also made enabling debug features unintuitive and complicated to use. - Due to other issues (subject to PR #13694) it also caused an error in - default (and `Release`/`MinSizeRel`/`RelWithDebInfo`) configs, when - building the `testdeps` target: - ``` - ld: CMakeFiles/unit1395.dir/unit1395.c.o: in function `test': - unit1395.c:(.text+0x1a0): undefined reference to `dedotdotify' - ``` - Ref: https://github.com/curl/curl/actions/runs/9037287098/job/24835990826#ste - p:3:2483 - - Fix it by always defining `DEBUGBUILD` when setting `ENABLE_DEBUG=ON`. - Decoupling this option from the selected CMake configuration. - - Note that after this patch `ENABLE_DEBUG=ON` unconditionally enables - curl debug features. These features are insecure and unsuited for - production. Make sure to omit this option when building for production - in default, `Release` (and other not-`Debug`) modes. - - Also delete a workaround no longer necessary in GHA CI jobs. - - Ref: 1a62b6e68c08c7e471ff22dd92932aba7e026817 (2015-03-03) - Ref: #13583 - Closes #13592 - -- GHA: add autotools mingw-64, build-only job - - Cherry-picked from #13718 - Closes #13793 - -- GHA: add three MSVC jobs - - Continuing the theme, add 3 MSVC jobs with tests, matching - configurations used on AppVeyor. MSVC versions are identical: - 19.39.33523.0 + Windows SDK 10.0.22621.0. - - Also enable websockets, and build examples. Tests are run in parallel - (`-j14`), with improved performance. - - Job performance: - ``` - AppVeyor GHA - w/examples - -------- ---------- - CMake, VS2022, Debug, x64, Schannel, Static, Unicode 38m 4s 11m57s - CMake, VS2022, Debug, x64, no SSL, Static 35m15s 12m 6s - CMake, VS2022, Debug, x64, no SSL, Static, HTTP only 25m25s 10m36s - ``` - Based on these runs: - https://ci.appveyor.com/project/curlorg/curl/builds/49884748 - https://github.com/curl/curl/actions/runs/9229448468 - - This is the first time examples are built in CI with MSVC: Fix all - warnings and errors that came up via - d4b85890555388bec212b75f47a5c1a48705b156 #13771. - - Closes #13766 - -- GHA: add three old (gcc 6, 7, 9) mingw-w64 jobs - - Re-implement old mingw-w64 jobs in GHA. This allows to use the latest - Windows runners, replacing Windows Server 2012 R2 (gcc 6) and Windows - Server 2016 (gcc 7, 9) with Windows Server 2022. - - GHA runners are also significantly faster, and allow running tests in - parallel (`-j14`). It also offloads 3 more long-running jobs from - AppVeyor CI. - - These jobs download (then cache) the mingw-w64 packages from their - original location, which allows flexibility in choosing which versions - and flavours (win32/POSIX, SEH/DWARF, 64/32-bit) we want to test in CI. - The new jobs use these distros: - - https://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20 - Win64/Personal%20Builds/mingw-builds/ (for gcc 7, same as on AppVeyor) - - https://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20 - Win32/Personal%20Builds/mingw-builds/ (for gcc 6, same as on AppVeyor) - - https://winlibs.com/ (for gcc 9) - - I matched existing AppVeyor job configs, with these differences: - - gcc 6.4.0 instead of 6.3.0. - (same distro as on AppVeyor, but the latest bugfix release) - - gcc 9.5.0 instead of 9.1.0 and a different (but compatible) binary distro. - (in AppVeyor this relies on an old MSYS2 pre-installed on the runner) - - using win32 builds instead of posix for gcc 6.4.0 and 7.3.0. - - websockets enabled. - - always build examples. - - always build tests (this wasn't done for 6.4.0 with AppVeyor CI). - - I did not replicate existing test exclusions, and oddly enough the few - failures (so far) were different from MSYS2 jobs and also from their - AppVeyor CI counterparts. - - Also: - - delete redundant (default) `-u` option from `cygpath` calls. - - allow matrix options to override default ones in CMake. - - detect and use Windows-supplied curl for `TFLAGS` `-ac` option. - (it's available in modern runners.) - - delete the 3 AppVeyor CI jobs now replicated in GHA. - - appveyor: prefer `SYSTEMROOT` over `WINDIR`. - - tidy-up quotes. - - Job performance: - ``` - AppVeyor GH - A - w/ - examples - w/ - tests - -------- -- - -------- - CMake, mingw-w64, gcc 6, Debug, x86, Schannel, Static, no-unity 1m25s 8 - m50s - CMake, mingw-w64, gcc 7, Debug, x64, Schannel, Static, Unicode 31m45s 9 - m39s - CMake, mingw-w64, gcc 9, Debug, x64, Schannel, Static 28m25s 13 - m38s - ``` - Based on these runs: - https://ci.appveyor.com/project/curlorg/curl/builds/49880799 - https://github.com/curl/curl/actions/runs/9218292508 - - Notice that building examples and tests is time consuming. - - We can tweak any build parameter as necessary to make them more useful - and/or without clogging the job queue or introducing flakiness. - - Closes #13759 - -Daniel Stenberg (27 May 2024) - -- TODO: remove some old, clarify, add something - - Closes #13788 - -- TODO: Add "Share CA cache" + "CA caching to more TLS backends" - - Closes #13787 - -Viktor Szakats (26 May 2024) - -- runtests: sort test IDs in summary lines - - Changing this output: - ``` - TESTFAIL: These test cases failed: 2301 2303 2302 2307 - ``` - Ref: https://github.com/curl/curl/actions/runs/9228638364/job/25393106631#ste - p:6:21181 - - To: - ``` - TESTFAIL: These test cases failed: 2301 2302 2303 2307 - ``` - - Cherry-picked from #13766 - Closes #13774 - -- examples: fix compiling with MSVC - - - `websocket.c`: use `Sleep()` on Windows. - `sleep()` and `unistd.h` are not available in MSVC. - - - `http2-upload.c`: use local `gettimeofday()` implementation when - compiled with MSVC. - (Alternate solution is to disable the trace function for MSVC.) - Public domain code copied and adapted from libssh2: - https://github.com/libssh2/libssh2/blob/e973493f992313b3be73f51d3f7ca6d52e2 - 88558/src/misc.c#L719-L743 - - - silence compiler warning for deprecated `inet_addr()`. - Also drop duplicate winsock2 include. - ``` - curl\docs\examples\externalsocket.c(125,32): error C2220: the following war - ning is treated as an error [curl\bld\docs\examples\curl-example-externalsock - et.vcxproj] - curl\docs\examples\externalsocket.c(125,32): warning C4996: 'inet_addr': Us - e inet_pton() or InetPton() instead or define _WINSOCK_DEPRECATED_NO_WARNINGS - to disable deprecated API warnings [curl\bld\docs\examples\curl-example-e - ``` - Ref: https://github.com/curl/curl/actions/runs/9227337318/job/25389073450#s - tep:4:95 - - - silence an MSVC compiler warning. This is in conflict with `checksrc` - rules, so silence the rule in favour of the warning-free C syntax. - ``` - curl\docs\examples\multi-legacy.c(152,1): error C2220: the following warnin - g is treated as an error [curl\bld\docs\examples\curl-example-multi-legacy.vc - xproj] - curl\docs\examples\multi-legacy.c(152,1): warning C4706: assignment within - conditional expression [curl\bld\docs\examples\curl-example-multi-legacy.vcxp - roj] - ``` - Ref: https://github.com/curl/curl/actions/runs/9227337318/job/25389073450#s - tep:4:226 - - - do not use `sys/time.h` and `unistd.h` in Windows builds. - Some of these includes look unnecessary. Subject to another PR. - - Cherry-picked from #13766 - Closes #13771 - -Jonathan Matthews (26 May 2024) - -- docs/cmdline-opts: fix mail-auth example TLD typo - - Closes: #13784 - Reviewed-by: Daniel Gustafsson - -Daniel Stenberg (26 May 2024) - -- libssh: remove CURLOPT_SSL_VERIFYHOST check - - It was never meant for SSH: it should rely on the knownhosts file (if - set) in the same way libssh2 already does. - - Reported-by: James Abbatiello - Fixes #13767 - Closes #13781 - -Stefan Eissing (26 May 2024) - -- multi: add multi->proto_hash, a key-value store for protocol data - - - add `Curl_hash_add2()` that passes a destructor function for - the element added. Call element destructor instead of hash - destructor if present. - - multi: add `proto_hash` for protocol related information, - remove `struct multi_ssl_backend_data`. - - openssl: use multi->proto_hash to keep x509 shared store - - schannel: use multi->proto_hash to keep x509 shared store - - vtls: remove Curl_free_multi_ssl_backend_data() and its - equivalents in the TLS backends - - Closes #13345 - -Jan Venekamp (25 May 2024) - -- tests: add pytest for --ciphers and --tls13-ciphers options - - Closes #13530 - -Orgad Shaneh (25 May 2024) - -- tool_operate: avoid explicitly setting verifypeer to 1 - - Also for the proxy verison. It is the default, just like verifyhost, - since a long time. - - Closes #13704 - -- tests: extend user/password parsing test1620 - - Closes #13756 - -Alejandro R. Sedeño (25 May 2024) - -- configure: use `$EGREP` in place of `grep -E` - - `$EGREP` is set based on an earlier test in configure so that we can - work with systems that have `egrep` and a `grep` that does not support - `-E`. - - Closes #13780 - -renovate[bot] (25 May 2024) - -- ci: update dependency awslabs/aws-lc to v1.28.0 - - Closes #13770 - -Jan Venekamp (25 May 2024) - -- tests: test_17_ssl_use.py clarify mbedtls TLSv1.3 support - - Closes #13779 - -Stefan Eissing (25 May 2024) - -- http: write last header line late - - - HEADERFUNCTIONS might inspect response properties like - CURLINFO_CONTENT_LENGTH_DOWNLOAD_T on seeing the last header line. If - the line is being written before this is initialized, values are not - available. - - - write the last header line late when analyzing a HTTP response so that - all information is available at the time of the writing. - - - add test1485 to verify that CURLINFO_CONTENT_LENGTH_DOWNLOAD_T works - on seeing the last header. - - Fixes #13752 - Reported-by: Harry Sintonen - Closes #13757 - -Dan Fandrich (24 May 2024) - -- tests: use exec when spawning nghttpx - - This stops keeping perl and shell processes around that are no longer - needed, plus it eliminates an unneeded shell message when the server is - later terminated. - - Closes #13772 - -Viktor Szakats (24 May 2024) - -- GHA: ignore flaky test 3017 (MQTT) on OpenBSD - - ``` - TESTFAIL: These test cases failed: 3017 - ``` - Ref: https://github.com/curl/curl/actions/runs/9223543272/job/25376999226?pr= - 13759#step:3:16326 - Ref: https://github.com/curl/curl/actions/runs/9230183764/job/25397883193?pr= - 13766#step:3:16345 - - Ref: https://github.com/curl/curl/pull/13583#issuecomment-2119376898 - -Joseph Chen (24 May 2024) - -- build: add more supported attributes to the IAR compiler - - Closes #13744 - -Viktor Szakats (24 May 2024) - -- cmake: fix test 1013 with websockets enabled and no TLS - - test 1013 is 'Compare curl --version with curl-config --protocols'. - - Ref: https://github.com/curl/curl/actions/runs/9228363859/job/25392251955 - - Closes #13769 - -- GHA: stop deleting curl in non-native workflows - - We do it in Cirrus CI, but for some platforms it's not possible to - delete it and tests work anyway. - - The test runner also runs `../src/curl` by default, which is always the - one freshly built. The runner may also need the system curl to talk to - APIs when needed. - - Also: - - stop setting `CURL` env. This isn't picked up by the runners, - and works out of the box anyway. - - quote an option just in case. - - Follow-up to 90e644f944969bb11c6448bf50c6d441b5c0b1e6 #13583 - Closes #13765 - -Jay Satiro (24 May 2024) - -- openssl: stop duplicate ssl key logging for legacy OpenSSL - - - Don't call the keylog function if it has already logged the key. - - For old OpenSSL versions and its forks that do not have support for - OpenSSL's keylog callback, libcurl has its own legacy key logging - function that logs the TLS 1.2 (and earlier) key (client random + master - key) on a single line. - - Prior to this change, since e7de80e8 (precedes 8.8.0), the legacy key - logging function could write the same key line more than once (usually - twice) due to some incorrect logic. - - Closes https://github.com/curl/curl/pull/13683 - -Stefan Eissing (24 May 2024) - -- transfer: remove curl_upload_refill_watermark, no longer used - - the define applied to upload buffers which we removed - - Closes #13764 - -Daniel Stenberg (24 May 2024) - -- RELEASE-NOTES: synced - -Viktor Szakats (24 May 2024) - -- cmake: fix brotli lib order - - Fix root cause that caused missing symbols when linking brotli - statically with e.g. binutils `ld` (and any other "picky" linker, - or "traditional" linker as CMake now calls them). - - Also drop existing workaround that added brotli libs twice to the lib - list. - - ``` - x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(decode.c.o - bj):decode.c:(.text$ProcessCommands[ProcessCommands]+0xbb5): undefined refere - nce to `BrotliTransformDictionaryWord' - x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(decode.c.o - bj):decode.c:(.text$SafeProcessCommands[SafeProcessCommands]+0xe8a): undefine - d reference to `BrotliTransformDictionaryWord' - x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(decode.c.o - bj):decode.c:(.rdata$.refptr._kBrotliContextLookupTable[.refptr._kBrotliConte - xtLookupTable]+0x0): undefined reference to `_kBrotliContextLookupTable' - x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(decode.c.o - bj):decode.c:(.rdata$.refptr._kBrotliPrefixCodeRanges[.refptr._kBrotliPrefixC - odeRanges]+0x0): undefined reference to `_kBrotliPrefixCodeRanges' - x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(state.c.ob - j):state.c:(.text$BrotliDecoderStateInit[BrotliDecoderStateInit]+0x21): undef - ined reference to `BrotliDefaultAllocFunc' - x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(state.c.ob - j):state.c:(.text$BrotliDecoderStateInit[BrotliDecoderStateInit]+0x2f): undef - ined reference to `BrotliDefaultFreeFunc' - x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(state.c.ob - j):state.c:(.text$BrotliDecoderStateInit[BrotliDecoderStateInit]+0x10e): unde - fined reference to `BrotliSharedDictionaryCreateInstance' - x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(state.c.ob - j):state.c:(.text$BrotliDecoderStateCleanup[BrotliDecoderStateCleanup]+0xf4): - undefined reference to `BrotliSharedDictionaryDestroyInstance' - collect2: error: ld returned 1 exit status - ``` - - Breakage reproducible with curl-for-win config "`win-gcc`" and deleting - the `LDFLAGS+=' -Wl,--start-group'` line from its `curl.sh` script. - (Above line still required for some non-brotli cases, e.g. libssh2 and - zlib.) - - Assisted-by: Kai Pastor - Ref: https://github.com/curl/curl/pull/10857#discussion_r1611714989 - Follow-up to 1e3319a167d2f32d295603167486e9e88af9bb4e #10857 - Closes #13761 - -Pavel Pavlov (24 May 2024) - -- cmake: fix building in unity mode - - - Fix sha256 and sha512 duplicate macro names (eg function-like macro Ch - is now Sha256_Ch and Sha512_Ch). - - - Avoid defining short defines like R, S. (eg S is now Sha256_S). - - Closes https://github.com/curl/curl/pull/13751 - -Jay Satiro (24 May 2024) - -- winbuild: remove outdated WIN32 defines - - - Remove all instances in the makefile of compiler option /DWIN32. - - This is a follow-up to e9a7d4a1 which replaced all defined(WIN32) checks - with defined(_WIN32) in the codebase, since only the latter is - automatically defined by all compilers for Windows builds. - - Bug: https://github.com/curl/curl/pull/13739#issuecomment-2123937859 - Reported-by: Viktor Szakats - - Closes https://github.com/curl/curl/pull/13742 - -renovate[bot] (24 May 2024) - -- ci: update github/codeql-action digest to 9fdb3e4 - - Closes #13726 - -Pavel Pavlov (23 May 2024) - -- asyn-thread: avoid using GetAddrInfoExW with impersonation - - Multiple reports suggest that GetAddrInfoExW fails when impersonation is - used. This PR checks if thread is impersonating and avoids using - GetAddrInfoExW api. - - Reported-by: Keerthi Timmaraju - Assisted-by: edmcln on github - Fixes #13612 - Closes #13738 - -Stefan Eissing (23 May 2024) - -- transfer: conn close on paused upload - - - add 2 variations on test_07_42 which PAUSEs uploads - and response connections terminating either right away - or after the 100-continue response - - when detecting the connection being closed in transfer.c - readwrite_data(), clear ALL send bits in data->req.keepon. - It no longer makes send to wait for a KEEP_SEND_PAUSE or HOLD. - - in the protocol client writer add the check for incomplete - response bodies. When an EOS is seen and the length is known, - check that and fail if bytes are missing. - - Reported-by: Sergey Bronnikov - Fixes #13740 - Closes #13750 - -- CI GHA: add vsftpd to ngtcp2-linux runs - - - not using HTTP/3, but gnutls does not seem to run - somewhere else right now - - Closes #13760 - -Orgad Shaneh (23 May 2024) - -- GHA: increase timeout for Cygwin autotools build tests step - - Apparently 10 minutes are not (always) enough: - https://github.com/curl/curl/actions/runs/9197003907/job/25296439556#step:8:1 - 936 - - Closes #13753 - -Stefan Eissing (22 May 2024) - -- mbedtls: send close-notify on close - - - send the TLS close notify message when cloding down - the mbedtls connection filter - - this is a "least" effort version and, as other TLS filters, - is lacking a graceful send/receive/timeout for a really - clean shutdown. - - Closes #13745 - -- mbedtls: check version for cipher id - - mbedtls_ssl_get_ciphersuite_id_from_ssl() seems to have been added in - mbedtls 3.2.0. Check for that version. - - Closes #13749 - -Viktor Szakats (22 May 2024) - -- cmake: fix building with both md4 and md5 in unity mode - - Macro and static function names were colliding between - `lib/md4.c` and - `lib/md5.c`. - - Fix it by namespacing these symbols. - - Seen with a basic macOS build using these options: - `-DCMAKE_UNITY_BUILD=ON -DCURL_USE_SECTRANSP=ON` - - Closes #13737 - -Daniel Stenberg (22 May 2024) - -- docs/Makefile.am: make curl-config.1 install - - on "make install" like it should - - Follow-up to 60971d665b9b1df87082 - - Closes #13741 - -dependabot[bot] (22 May 2024) - -- GHA: bump actions/checkout from 4.1.4 to 4.1.6 - - Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.4 to 4 - .1.6. - - [Release notes](https://github.com/actions/checkout/releases) - - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - - [Commits](https://github.com/actions/checkout/compare/0ad4b8fadaa221de15dce - c353f45205ec38ea70b...a5ac7e51b41094c92402da3b24376905380afc29) - - --- - updated-dependencies: - - dependency-name: actions/checkout - dependency-type: direct:production - update-type: version-update:semver-patch - ... - - Signed-off-by: dependabot[bot] - - Closes #13720 - -Stefan Eissing (22 May 2024) - -- pytest: add ftp upload tests - - - refs #13556 - - allow anon uploads on vsftpd test server - - add test_30_05 for plain upload of 1k, 100k, 1m - - add test_31_05 for SSL upload of 1k, 100k, 1m - - verify file size and contents - - Closes #13734 - -- test: add test1546, chunked not last transfer encoding - - with more than one transfer-encoding, 'chunked' must be the last added - to the writer stack (and therefore the first to decode). RFC 9112, ch. - 6.1. - - Closes #13736 - -- test: add test1484, for HEAD with content - - - test HEAD request with 'Transfer-Encoding:chunked' and - non-encoded response content - - verifies #13725 - - Closes #13735 - -Daniel Stenberg (22 May 2024) - -- RELEASE-NOTES: synced - - bump to 8.8.1 for now - -Viktor Szakats (22 May 2024) - -- (lib)curl.rc: set debug flag also for `CURLDEBUG` and `UNITTESTS` - - These macros also enable debug features in both libcurl and curl. - Enable `VS_FF_DEBUG` version resource flag when they are set. - - Closes #13730 - -Jay Satiro (22 May 2024) - -- winbuild: fix PE version info debug flag - - - Only set PE file flag VS_FF_DEBUG if curl.exe and libcurl.dll were - built with winbuild option DEBUG=yes which builds with debug info. - - VS_FF_DEBUG is a PE flag (Portable Executable file flag - dll, exe, etc) - that indicates the file contains or was built with debug info. - - Prior to this change when winbuild was used to build curl, curl.exe - and libcurl.dll always had VS_FF_DEBUG set, regardless of build option - DEBUG=yes/no, due to some bad logic. - - Closes https://github.com/curl/curl/pull/13739 - -Version 8.8.0 (22 May 2024) - -Daniel Stenberg (22 May 2024) - -- RELEASE-NOTES: synced - -- THANKS: add contributors from 8.8.0 - -Nathan Moinvaziri (21 May 2024) - -- url: remove duplicate call to Curl_conncache_remove_conn when pruning - - - remove unnecessary prunedead struct from prune_dead_connections - - rename extract_if_dead to prune_if_dead for clarity - - Closes #13710 - -Joseph Chen (21 May 2024) - -- curl_setup.h: add support for IAR compiler - - Closes #13728 - -Stephen Farrell (21 May 2024) - -- docs/ECH: typo/clarification - - Closes #13727 - -Viktor Szakats (21 May 2024) - -- hash: delete unused debug function - - It had no use in the curl codebase and was also protected by the macro - `AGGRESSIVE_TEST` (renamed in 2020), also with no local reference. - - Added in ca6e77083768858aa34207f8c5dce38b3c05336d (2002-11-11) - - Closes #13729 - -Stefan Eissing (21 May 2024) - -- content_encoding: reject transfer-encoding after chunked - - reject a response that applies a transfer-encoding after a 'chunked' - encoding. RFC 9112 ch. 6.1 required chunked to be the final encoding. - - Closes #13733 - -- http: HEAD response body tolerance - - - as reported in #13725, some servers wrongly send body bytes in - responses to a HEAD request. This used to be tolerated in curl - 8.4 and before and leads to failed transfers in newer versions. - - restore previous behaviour for HTTP/1.1 and HTTP/2: - * 1.1: do not add 'Transfer-Encoding' writers from HEAD - responses. RFC 9112 says they do not apply. - * 2: when the transfer expects 'no_body', to not report stream - resets as error when all response headers have been received. - - Reported-by: Jeroen Ooms - Fixes #13725 - Closes #13732 - -Viktor Szakats (20 May 2024) - -- tests: fix TFTP test 2305 on Windows - - Ref: #13692 - Closes #13724 - -Jay Satiro (20 May 2024) - -- openssl: revert keylog_callback support for LibreSSL - - - Revert to the legacy TLS 1.2 key logging code for LibreSSL. - - - Document SSLKEYLOGFILE for LibreSSL is TLS 1.2 max. - - Prior to this change if the user specified a filename in the - SSLKEYLOGFILE environment variable and was using LibreSSL 3.5.0+ then - an empty file would be created and no keys would be logged. - - This is effectively a revert of e43474b4 which changed openssl.c to use - SSL_CTX_set_keylog_callback for LibreSSL 3.5.0+. Unfortunately LibreSSL - added that function only as a stub that doesn't actually do anything. - - Reported-by: Gonçalo Carvalho - - Fixes https://github.com/curl/curl/issues/13672 - Closes https://github.com/curl/curl/pull/13682 - -renovate[bot] (19 May 2024) - -- GHA: pin dependencies - - Closes #13712 - -Viktor Szakats (19 May 2024) - -- appveyor: drop unnecessary `--clean-first` cmake option - - In CI all machines are fresh on startup, making the `clean` operation - unnecessary. This can save some time/energy for each job run. - - Closes #13707 - -- cmake: merge two `if(BUILD_TESTING)` branches - - Closes #13708 - -Tatsuhiro Tsujikawa (19 May 2024) - -- GHA: bump nghttp2 to v1.62.1 - - Use gcc-12 explicitly to compile C++20 source files. - - Closes #13702 - -Viktor Szakats (19 May 2024) - -- GHA: add NetBSD, OpenBSD, FreeBSD/arm64 and OmniOS jobs - - Add these jobs to GHA: - - NetBSD, cmake-unity, clang, OpenSSL, x86_64, with tests, w/o python, - no parallelism (was flaky sometimes) - - OpenBSD, cmake-unity, clang, LibreSSL, x86_64, with tests, - with python, -j8, TFTP results ignored due to #13623. - - FreeBSD, cmake-unity and autotools, clang, OpenSSL, arm64 - (Tests disabled for arm64, because they are slow. It's available for - x86_64 with python, -j12.) - Configuration matches our existing Cirrus CI one. - - OmniOS, autotools, gcc, OpenSSL, x86_64, with tests, -j12. - - All build with websockets and examples. - - Closes #13583 - -- GHA: disable TFTP test on native Windows - - Some TFTP tests seem to enter into a loop and maybe hang? - - E.g. 1007, 1009, 1238 - - Try fixing it by skipping all TFTP tests. - - Ref: https://github.com/curl/curl/actions/runs/9141987545/job/25137038249?pr= - 13698 - - Also drop mingw-w64 test exclusions copy-pasted from MSYS jobs. - - Possibly related: cffbcc3110c1eda2e333f9cfe2e269154618793a #5364 - - Close #13699 - -renovate[bot] (18 May 2024) - -- GHA: pin dependencies - - Closes #13691 - -Viktor Szakats (18 May 2024) - -- cmake: do not pass linker flags to the static library tool - - Do not add linker flags to the global CMake static library tool (aka - "static linker") (e.g. `ar`) flags list. They don't mix well. This was - only done after successfully detecting GSSAPI. - - Linker flags seen on Old Linux CI: - ``` - -- |GSS_LINKER_FLAGS|-Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/lib/x86_64-li - nux-gnu/heimdal| - -- |CMAKE_STATIC_LINKER_FLAGS| -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/lib - /x86_64-linux-gnu/heimdal| - ``` - Ref: https://github.com/curl/curl/actions/runs/9138988036/job/25130791712#ste - p:6:85 - - Causing: - ``` - /usr/bin/ar qc libcurltool.a -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/lib/ - x86_64-linux-gnu/heimdal - CMakeFiles/curltool.dir/slist_wc.c.o CMakeFiles/curltool.dir/tool_binmode.c - .o CMakeFiles/curltool.dir/tool_bname.c.o - [...] - CMakeFiles/curltool.dir/tool_writeout_json.c.o CMakeFiles/curltool.dir/tool - _xattr.c.o CMakeFiles/curltool.dir/var.c.o - CMakeFiles/curltool.dir/__/lib/base64.c.o CMakeFiles/curltool.dir/__/lib/dy - nbuf.c.o - /usr/bin/ar: invalid option -- 'W' - Usage: /usr/bin/ar [emulation options] [-]{dmpqrstx}[abcDfilMNoPsSTuvV] [--pl - ugin ] [member-name] [count] archive-file file... - /usr/bin/ar -M [now - c->timestamp; - | ^~~ - curl/lib/hostip.c: In function 'Curl_hostcache_prune': - curl/lib/hostip.c:241:10: note: 'now' was declared here - 241 | time_t now; - | ^~~ - In function 'hostcache_timestamp_remove', - inlined from 'fetch_addr' at curl/lib/hostip.c:310:8: - curl/lib/hostip.c:205:23: error: 'user.now' may be used uninitialized [-Werro - r=maybe-uninitialized] - 205 | time_t age = prune->now - c->timestamp; - | ~~~~~^~~~~ - curl/lib/hostip.c: In function 'fetch_addr': - curl/lib/hostip.c:304:33: note: 'user' declared here - 304 | struct hostcache_prune_data user; - | ^~~~ - In file included from curl/_bld/lib/CMakeFiles/libcurl_object.dir/Unity/unity - _0_c.c:40: - curl/lib/cf-socket.c: In function 'cf_socket_send': - curl/lib/cf-socket.c:1294:10: error: 'c' may be used uninitialized [-Werror=m - aybe-uninitialized] - 1294 | if(c >= ((100-ctx->wblock_percent)*256/100)) { - | ~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - curl/lib/cf-socket.c:1292:19: note: 'c' was declared here - 1292 | unsigned char c; - | ^ - In file included from curl/_bld/lib/CMakeFiles/libcurl_object.dir/Unity/unity - _0_c.c:364: - In function 'tftp_state_timeout', - inlined from 'tftp_multi_statemach' at curl/lib/tftp.c:1230:27: - curl/lib/tftp.c:1208:5: error: 'current' may be used uninitialized [-Werror=m - aybe-uninitialized] - 1208 | if(current > state->rx_time + state->retry_time) { - | ^ - curl/lib/tftp.c: In function 'tftp_multi_statemach': - curl/lib/tftp.c:1192:10: note: 'current' was declared here - 1192 | time_t current; - | ^~~~~~~ - ``` - Ref: https://ci.appveyor.com/project/curlorg/curl/builds/49792835/job/91c8dj5 - qb36spfe0#L112 - Ref: https://github.com/curl/curl/actions/runs/9082968838/job/24960616145#ste - p:12:62 - - Ref: #13592 - Closes #13643 - -Andrew (16 May 2024) - -- wakeup_create: use FD_CLOEXEC/SOCK_CLOEXEC - - for `pipe()`/`socketpair()` - - Fixes #13618 - Closes #13625 - -Stefan Eissing (16 May 2024) - -- rustls: fix partial send handling - - When TLS bytes could not completely sent off, the amount of plain bytes - already added to rustls were forgotten. This lead to send those byte - duplicate, corrupting the request send to the server. - - Closes #13676 - -- pytest: add DELETE tests, check server version - - - add tests for DELETE working - - check apache version in keepalive test - - fix some comments - - Closes #13679 - -Juliusz Sosinowicz (16 May 2024) - -- vquic-tls: use correct cert name check API for wolfSSL - - wolfSSL_X509_check_host checks the peer name against the alt names and - the common name. - - Fixes #13487 - Closes #13680 - -Viktor Szakats (16 May 2024) - -- cmake: initialize `BUILD_TESTING` before first use - - Before this patch `BUILD_TESTING` was used once, then initialized, then - used again. This caused the `curlu` library not being built when relying - on an implicit `BUILD_TESTING=ON` setting, and ending up with a link - error when building the `testdeps` target. - - It did not cause issues when `BUILD_TESTING` was explicitly set. - - Move the initialization before the first use to fix it. - - Regression from aace27b0965c10394544d1dacc9c2cb2fe0de3d3 #12287 - Closes #13668 - -Daniel Stenberg (16 May 2024) - -- libtest: 2308 verifies CURLE_WRITE_ERROR after write callback error - - Verifies that the issue in #13669 actually is fixed. This return code is - what the CURLOPT_WRITEFUNCTION manpage documents should be returned. - - This code is mostly from the - Source-written-by: Trumeet on github - Closes #13671 - -Antoine Bollengier (16 May 2024) - -- socketpair: fix compilation when USE_UNIX_SOCKETS is not defined - - Closes #13666 - -Stefan Eissing (16 May 2024) - -- rustsls: fix error code on receive - - - use CURLE_RECV_ERROR instead of CURLE_READ_ERROR when receiving - data fails. - - Closes #13670 - -Max Dymond (16 May 2024) - -- ci: disable Renovate dashboard - - The Renovate dashboard insists on an open issue, - which is a problem. Disable the dashboard. Status - can still be seen at https://developer.mend.io/github/curl/curl. - - Fixes #13630 - Closes #13673 - -Daniel Stenberg (16 May 2024) - -- RELEASE-NOTES: synced - -renovate[bot] (16 May 2024) - -- GHA: update awslabs/aws-lc to v1.27.0 - - Closes #13667 - -Daniel Stenberg (15 May 2024) - -- curl_easy_pause.md: use correct defines in example - - Spotted-by: Harry Sintonen - Closes #13664 - -Viktor Szakats (15 May 2024) - -- appveyor: more tidy-ups - - - use `--disable` when calling `curl --version`. Just in case. - - - use single-quotes for a constant. - - Closes #13662 - -- reuse: migrate standalone license file to dep5 - - Follow-up to 73a36021207284ad2b4340ffde34a51b0ba4d47a - Closes #13660 - -- appveyor: guard against crash-build with VS2008 - - The combination of `-DDEBUGBUILD`, a shared `curl.exe`, and the VS2008 - compiler creates a `curl.exe` segfaulting on startup: - - ``` - + _bld/src/curl.exe --version - ./appveyor.sh: line 122: 793 Segmentation fault "${curl}" --version - Command exited with code 139 - ``` - Ref: https://ci.appveyor.com/project/curlorg/curl/builds/49817266/job/651iy6q - n1e238pqj#L191 - - Add job that triggers the issue and add the necessary logic to skip - running the affected `curl.exe`. - - Ref: #13592 - Closes #13654 - -renovate[bot] (15 May 2024) - -- GHA: pin dependencies - - Closes #13628 - -Orgad Shaneh (15 May 2024) - -- socket: remove redundant call to getsockname - - The result "add" is unused. - - Closes #13655 - -renovate[bot] (15 May 2024) - -- CI: renovate updates - - - GHA: update actions/checkout action to v4 - - GHA: update wolfSSL/wolfssh to v1.4.17 - - GHA: update wolfSSL/wolfssl to v5.7.0 - - Update the regex config in renovate.json - - Closes #13632 - Closes #13641 - Closes #13658 - Closes #13659 - -Max Dymond (15 May 2024) - -- ci: fix renovate config for WolfSSL/WolfSSH tagging scheme - - WolfSSL/WolfSSH use a different versioning scheme; - stable builds end with `-stable`. Renovate requires - some extra configuration to extract the version - from these types of tags. - - Closes #13644 - -- ci: set semantic type as CI and include digests as CI operations - - Replace "chore" with "ci" for renovate's semantic - type, and include digests with "pin" and - "pinDigest" as ci operations. - - Closes #13644 - -Daniel Stenberg (15 May 2024) - -- DEPRECATE.md: TLS libraries without 1.3 support - - curl drops support for TLS libraries without TLS 1.3 capability after - May 2025. - - It requires that a curl build using the library should be able to - negotiate and use TLS 1.3, or else it is not good enough. We support a - vast amount of other TLS libraries that are likely to satisfy users - better. - - Closes #13544 - -- Revert "ci: update nghttp2/nghttp2 to v1.62.0" - - This reverts commit 14f2c767555b7598d7783ccd9093670b84d28488. - - We need to also upgrade the C++ compiler for that bump to work. - - Closes #13656 - -renovate[bot] (15 May 2024) - -- Dockerfile: update debian digest to 911821c - - Closes #13629 - -- ci: update gnutls/gnutls to v3.8.5 - - Closes #13640 - -- ci: update awslabs/aws-lc to v1.26.0 - - Closes #13647 - -- ci: update cloudflare/quiche to v0.21.0 - - Closes #13648 - -- ci: update libressl-portable/portable to v3.9.2 - - Closes #13649 - -- ci: update nghttp2/nghttp2 to v1.62.0 - - Closes #13650 - -- ci: update ngtcp2/nghttp3 to v1.3.0 - - Closes #13651 - -- ci: update ngtcp2/ngtcp2 to v1.5.0 - - Closes #13652 - -Max Dymond (14 May 2024) - -- ci: handle git submodules for mbedTLS - -- ci: reconfigure renovate - - - set prefix for github actions updates to be gha: - - set prefix for other renovate actions to be ci: - - disable debian updates in linux-old.yml - -Viktor Szakats (14 May 2024) - -- tidy-up: whitespace [ci skip] - -- warnless: delete orphan declarations - - Follow-up to 358f7e757781857c4b498a68634726609fa3884a #11932 - Closes #13639 - -Daniel Stenberg (14 May 2024) - -- BUG-BOUNTY.md: clarify the third party situation - - We do not pay bounties for problems in other libraries. - - Closes #13560 - -Stefan Eissing (14 May 2024) - -- http tests: in CI skip test_02_23* for quiche - - For unknown reasons, these tests fail in CI often, but run fine locally. - Skip them in CI to avoid unrelated PRs to have failures. - - Closes #13638 - -Daniel Gustafsson (14 May 2024) - -- hsts: explicitly skip blank lines - - Keep blank lines or lines containing only whitespace to make it all - the way to the more expensive sscanf call in hsts_add. - - Closes: #13603 - Reviewed-by: Daniel Stenberg - -- autotools: Only probe for SGI MIPS compilers on IRIX - - MIPSPro and the predecessor compiler which was part of the IDO (IRIS - Development Option) were only ever shipped on the SGI IRIX operating - system (with MIPSPro on 6.0+ which was released in 1994). Limit the - autoconf check to IRIX when probing for these compilers to save some - cycles on other platforms. - - Closes: #13611 - Reviewed-by: Daniel Stenberg - -Viktor Szakats (14 May 2024) - -- tests: fix test 1167 to skip digit-only symbols - - This avoids mistaking symbols with their numeric value when using - certain C preprocessors which output these numeric values at the - beginning of the line as part of an expression. - - Seen on OpenBSD 7.5 + clang. - - Example `test1167.pl -v` output, before this patch: - ``` - Source: cpp /home/runner/work/curl/curl/tests/../include/curl/curl.h - Symbol: 20000 - Line #3835: 20000 + 142, - [...] - Bad symbols in public header files: - 20000 - [...] - ``` - Ref: https://github.com/curl/curl/actions/runs/9069136530/job/24918015357#ste - p:3:7513 - - Ref: #13583 - Closes #13634 - -Daniel Stenberg (14 May 2024) - -- lib: call Curl_strntolower instead of doing crafted loops - - Closes #13627 - -- setopt: acknowledge errors proper for CURLOPT_COOKIEJAR - - Error out on error, do not continue. - - Closes #13624 - -- vtls: remove duplicate assign - - Curl_ssl_peer_cleanup() already clears the ->sni field, no point in - assigning it again. - - Spotted by CodeSonar - - Closes #13626 - -Max Dymond (13 May 2024) - -- Group all non-major updates together to reduce PR spam - -- Add the remainder of the workflows - -- Add some basic versioning for some workflows to check whether this is detecte - d properly - -renovate[bot] (13 May 2024) - -- Add renovate.json - -Daniel Stenberg (13 May 2024) - -- vauth: make two functions void that always just returned OK - - Removes the need to check return values when they can never fail. - - Pointed out by CodeSonar - - Closes #13621 - -- setopt: remove check for 'option' that is always true - - - make sure that passing in option set to NULL clears the fields - correctly - - - remove the weird second take if Curl_parse_login_details() returns - error - - Follow-up to 7333faf00bf25db7cd1e0012d6b140 - - Spotted by CodeSonar - - Closes #13619 - -Viktor Szakats (13 May 2024) - -- tests: tidy up types in server code - - Cherry-picked from #13489 - Closes #13610 - -Daniel Stenberg (13 May 2024) - -- setopt: make the setstropt_userpwd args compulsory - - They were always used so no point in allowing them to be optional. - - follow-up to 0e37b42dc956bd8a - - Closes #13608 - Reviewed-by: Daniel Gustafsson - -- RELEASE-NOTES: synced - -Daniel Gustafsson (13 May 2024) - -- websocket: Avoid memory leak in error path - - In the errorpath for randstr being too long to copy into the buffer - we leak the randstr when returning CURLE_FAILED_INIT. Fix by using - an explicit free on randstr in the errorpath. - - Closes: #13602 - Reviewed-by: Daniel Stenberg - -- hsts: Remove single-use single-line function - - The hsts_entry() function contains of a single line and is only - used in a single place in the code, so move the allocation into - hsts_create instead to improve code readability. C code usually - don't use the factory abstraction for object creation, and this - small example wasn't following our usual code style. - - Closes: #13604 - Reviewed-by: Daniel Stenberg - -Viktor Szakats (12 May 2024) - -- lib: bump hash sizes to `size_t` - - Follow-up to cc907e80a2498c0599253271a6f657f614b52a4e #13502 - Cherry-picked from #13489 - Closes #13601 - -- tests: make the unit test result type `CURLcode` - - Before this patch, the result code was a mixture of `int` and - `CURLcode`. - - Also adjust casts and fix a couple of minor issues found along the way. - - Cherry-picked from #13489 - Closes #13600 - -- appveyor: tidy-ups - - - delete a duplicate line. - - simplify a `make` call. - - merge two `if` branches. - - reorder autotools options for clarity. - - add `--enable-warnings` where missing (it's also the default.) - - add empty lines to YAML for readability. - - use lowercase install prefix/directory. - - Closes #13598 - -Daniel Stenberg (12 May 2024) - -- docs/cmdline-opts: mention STARTTLS for --ssl and --ssl-reqd - - ... since users might look for those terms in the manpage. - - Closes #13590 - -- setopt: warn on Curl_set*opt() uses not using the return value - - And switch the invokes that would "set" NULL to instead just plainly - free the pointer, as those were otherwise the invokes that would ignore - the return code. And possibly confuse static code analyzers. - - Closes #13591 - -Orgad Shaneh (12 May 2024) - -- autotools: delete unused functions - - Closes #13605 - -Viktor Szakats (11 May 2024) - -- examples: fix/silence `-Wsign-conversion` - - - extend `FD_SET()` hack to all platforms (was only Cygwin). - Warnings may also happen in other envs, e.g. OmniOS. - Ref: https://github.com/libssh2/libssh2/actions/runs/8854199687/job/2431676 - 2831#step:3:2021 - - - tidy-up `CURLcode` vs `int` use. - - - cast an unsigned to `long` before passing to `curl_easy_setopt()`. - - Cherry-picked from #13489 - Follow-up to 3829759bd042c03225ae862062560f568ba1a231 #12489 - Closes #13501 - -Orgad Shaneh (11 May 2024) - -- cmake: fix `HAVE_IOCTLSOCKET_FIONBIO` test with gcc 14 - - The function signature has had u_long flags since ever. This is how it - is defined in the documentation, and implemented in MinGW. - - The code that uses ioctlsocket in nonblock.c also has unsigned long. - - Error: - CurlTests.c:275:41: error: passing argument 3 of 'ioctlsocket' from incompati - ble pointer type [-Wincompatible-pointer-types] - 275 | if(0 != ioctlsocket(0, FIONBIO, &flags)) - | ^~~~~~ - | | - | int * - In file included from CurlTests.c:266: - /opt/mxe/usr/i686-w64-mingw32.static/include/winsock2.h:1007:76: note: expect - ed 'u_long *' {aka 'long unsigned int *'} but argument is of type 'int *' - 1007 | WINSOCK_API_LINKAGE int WSAAPI ioctlsocket(SOCKET s,__LONG32 cmd,u_ - long *argp); - | ~~ - ~~~~~~^~~~ - - Closes #13578 - -Jay Satiro (10 May 2024) - -- ftp: fix build for CURL_DISABLE_VERBOSE_STRINGS - - This is a follow-up to b7c7dffe which changed the FTP state change - verbose debug text (aka infof) to tracing debug text (aka trc). - - Prior to this change if libcurl was without DEBUGBUILD and built with - CURL_DISABLE_VERBOSE_STRINGS (ie --disable-verbose) the build would - error. - - Caught by Circle CI job openssl-no-verbose. - -- lib: clear the easy handle's saved errno before transfer - - - Clear data->state.os_errno before transfer. - - - Explain the change in behavior in the CURLINFO_OS_ERRNO doc. - - - Add to the CURLINFO_OS_ERRNO doc the list of libcurl network-related - errors that may cause the errno to be saved. - - data->state.os_errno is saved before libcurl returns a network-related - failure such as connection failure. It is accessible to the user via - CURLINFO_OS_ERRNO so they can get more information about the failure. - - Prior to this change it wasn't cleared before transfer, so if a user - retrieved the saved errno it could be from a previous transfer. That is - because an errno is not always saved for network-related errors. - - Closes https://github.com/curl/curl/pull/13574 - -Stefan Eissing (10 May 2024) - -- ftp: add tracing support - - - add `Curl_trc_feat_ftp` for tracing via trace config - - add macro CURL_TRC_FTP(data, fmt, ...) - - replace DEBUGF(infof()) statements in ftp.c by CURL_TRC_FTP() - - always trace FTP connection state - - Closes #13580 - -Daniel Stenberg (10 May 2024) - -- http: remove redundant check - - Spotted by CodeSonar - - Closes #13582 - -Viktor Szakats (10 May 2024) - -- ldap: fix unused variables (seen on OmniOS) - - ``` - ../../lib/ldap.c: In function 'ldap_do': - ../../lib/ldap.c:380:11: error: unused variable 'ldap_ca' [-Werror=unused-v - ariable] - 380 | char *ldap_ca = conn->ssl_config.CAfile; - | ^~~~~~~ - ../../lib/ldap.c:379:9: error: unused variable 'ldap_option' [-Werror=unuse - d-variable] - 379 | int ldap_option; - | ^~~~~~~~~~~ - ``` - Ref: https://github.com/curl/curl/actions/runs/9033564377/job/24824192730#ste - p:3:6059 - - Ref: #13583 - Closes #13588 - -Daniel Stenberg (10 May 2024) - -- url: make parse_login_details use memdup0 - - Also make the user and password arguments mandatory, since all code - paths in libcurl used them anyway. - - Adapted unit test case 1620 to the new rules. - - Closes #13584 - -Orgad Shaneh (10 May 2024) - -- digest: replace strcpy for empty string with simple assignment - - Closes #13586 - -Viktor Szakats (10 May 2024) - -- autotools: fix `HAVE_IOCTLSOCKET_FIONBIO` test for gcc 14 - - ``` - conftest.c:152:41: error: passing argument 3 of 'ioctlsocket' from incompatib - le pointer type [-Wincompatible-pointer-types] - 152 | if(0 != ioctlsocket(0, FIONBIO, &flags)) - | ^~~~~~ - | | - | int * - ``` - - Reported-by: LigH - Fixes #13579 - Closes #13587 - -- CI: ignore test 286 on Appveyor gcc 7 build - - Disabled earlier for gcc 9 builds. gcc 7 uses the same runner and - prone to similar intermittent failures. - - Follow-up to f1e05a6e6e7225fa09952abb2c935ae1abe44f45 #12106 #12040 - Closes #13575 - -Daniel Stenberg (10 May 2024) - -- cf-socket: don't try getting local IP without socket - - In cf_tcp_connect(), it might fail and not get a socket assigned to - ctx->sock but set_local_ip() is still called which would make - getsockname() get invoked with a negative file desriptor and fail. - - By adding this check, set_local_ip() will now instead blank out the - fields correctly. - - Spotted by CodeSonar - - Closes #13577 - -- tool_getparam: remove two redundant conditions - - When getstr() does not return error, it returns a valid pointer. - - Spotted by CodeSonar - - Closes #13576 - -Stefan Eissing (10 May 2024) - -- quiche: trust its timeout handling - - - set the idle timeout transport parameter - in milliseconds as documented by quiche - - do not calculate the idle timeout, rely on - quiche handling it - - Closes #13581 - -Daniel Stenberg (10 May 2024) - -- dmaketgz: accept a SOURCE_DATE_EPOCH as an second argument - - to make it easier to reproduce a tarball - - Closes #13573 - -- RELEASE-NOTES: synced - -Stefan Eissing (10 May 2024) - -- h3/ngtcp2: improve error handling - - - identify ngtcp2 and nghttp3 error codes that are fatal - - close quic connection on fatal errors - - refuse further filter operations once connection is closed - - confusion about the nghttp3 API. We should close the QUIC stream on - cancel and not use the nghttp3 calls intended to be invoked when the - QUIC stream was closed by the peer. - - Closes #13562 - -Jay Satiro (10 May 2024) - -- docs: fix some CURLINFO examples - - - improve getinfo result check for example sections: - CURLINFO_ACTIVESOCKET, CURLINFO_LASTSOCKET, CURLINFO_SSL_VERIFYRESULT, - CURLINFO_PROXY_SSL_VERIFYRESULT - - - fix getinfo result check for example sections: - CURLINFO_NUM_CONNECTS, CURLINFO_OS_ERRNO - - - fix verify result check for example sections: - CURLINFO_PROXY_SSL_VERIFYRESULT - - Bug: https://github.com/curl/curl/discussions/13557#discussion-6625507 - Reported-by: farazrbx@users.noreply.github.com - - Closes https://github.com/curl/curl/pull/13559 - -Daniel Stenberg (9 May 2024) - -- KNOWN_BUGS: gssapi library name + version is missing in curl_version_info() - - Closes #13492 - Closes #13570 - -- krb5: use dynbuf - - Closes #13568 - -- managen: fix the option sort order - - ... it used to strip off the .d file extension to sort correctly but - ever since the extension changed to .md the operation failed and the - sort got wrong. - - Follow-up to 2494b8dd5175cee7f2e - - Closes #13567 - -Stefan Eissing (8 May 2024) - -- GHA: repair the linux-old job - - package libc6_2.28-10+deb10u2_amd64.deb changed to - libc6_2.28-10+deb10u3_amd64.deb - - Closes #13564 - -Viktor Szakats (8 May 2024) - -- appveyor: make gcc 6 mingw64 job build-only - - This job has proven to be the flakiest of all, and it's also the oldest - Windows runner we had tests running on: 'Visual Studio 2015', that is - running on Windows Server 2012 R2: - https://www.appveyor.com/docs/windows-images-software/ - - Turn off tests on this job to help stabilizing CI runs. - - This was also one of the slowest running job amongst the AppVeyor CI ones. - - Flakiness data: - https://testclutch.curl.se/static/reports/summary.html - Entries: - Appveyor / CMake, mingw-w64, gcc 6, Debug, x86, Schannel, Static, no-unity - (curl) [current] - Appveyor / CMake, mingw-w64, gcc 6, Debug, x86, Schannel, Static (curl) [fo - rmer] - - Closes #13566 - -Stefan Eissing (8 May 2024) - -- unit2604: use alloc instead of overlong string const - - Closes #13563 - -Daniel Gustafsson (8 May 2024) - -- bufq: remove duplicate word in comment - - Inspired by 13552. - - Closes: #13554 - Reviewed-by: Daniel Stenberg - -Viktor Szakats (8 May 2024) - -- lib/cf-h1-proxy: silence compiler warnings (gcc 14) - - They came up ealier with gcc 12 (Windows), but apparently gcc 14 is - still reporting them, also under Linux. - - ``` - /home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c: In functi - on 'cf_h1_proxy_close': - /home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:1060:17: w - arning: null pointer dereference [-Wnull-dereference] - 1060 | cf->connected = FALSE; - /home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:1061:8: wa - rning: null pointer dereference [-Wnull-dereference] - 1061 | if(cf->ctx) { - | ~~^~~~~ - In function 'tunnel_free', - inlined from 'cf_h1_proxy_destroy' at /home/runner/work/curl-for-win/curl - -for-win/curl/lib/cf-h1-proxy.c:1053:3: - /home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:198:27: wa - rning: null pointer dereference [-Wnull-dereference] - 198 | struct h1_tunnel_state *ts = cf->ctx; - | ^~ - ``` - Ref: https://github.com/curl/curl-for-win/actions/runs/8985369476/job/2467921 - 9528#step:3:6320 - - Fixes #13237 - Closes #13555 - -Michał Antoniak (8 May 2024) - -- mbedtls: support TLS 1.3 - - Closes #13539 - -Daniel Stenberg (8 May 2024) - -- version: use msnprintf instead of strncpy - - - to ensure a terminating null byte - - to avoid zero-padding the target - - debug code only - - Closes #13549 - -- curl_path: make Curl_get_pathname use dynbuf - - ... instead of malloc and memcpy - - - unit test 2604 verifies Curl_get_pathname() - - Closes #13550 - -- lib: make protocol handlers store scheme name lowercase - - - saves a lowercase operation when the "[scheme]_proxy" name is - generated - - appears less "shouting" - - update test 970, 972, 1438 and 1536 - - Closes #13553 - -- lib: remove two instances of "only only" messages - - Fixes #13551 - Reported-by: Lucas Nussbaum - Closes #13552 - -Pavel Pavlov (7 May 2024) - -- asyn-thread: fix curl_global_cleanup crash in Windows - - - Make sure that asynchronous resolves handled by Winsock are stopped - before WSACleanup is called. - - This is implemented by ensuring that when Curl_resolver_kill is called - (eg via multi_done) it will cancel the Winsock asynchronous resolve and - wait for the cancellation to complete. Winsock runs the asynchronous - completion routine immediately when a resolve is canceled. - - Prior to this change it was possible that during curl_global_cleanup - "a DNS resolver thread created by GetAddrInfoExW did not terminate yet, - however curl is already shutting down, deinitializing Winsock with - WSACleanup() leading to an access violation." - - Background: - - If libcurl is built with the asynchronous threaded resolver option for - Windows then it resolves in one of two ways. For Windows 8.1 and later, - libcurl resolves by using the Winsock asynchronous resolver which does - its own thread management. For older versions of Windows, libcurl - resolves by creating a separate thread that calls getaddrinfo. This - change only affects the former and it's already handled for the latter. - - Reported-by: Ch40zz@users.noreply.github.com - - Fixes https://github.com/curl/curl/issues/13509 - Closes https://github.com/curl/curl/pull/13518 - -Jay Satiro (7 May 2024) - -- asyn-thread: fix Curl_thread_create result check - - - Compare to curl_thread_t_null instead of 0 for error. - - Currently for both supported thread libraries (pthreads and Windows) - curl_thread_t_null is defined as 0. However, the pattern throughout the - code is to check against curl_thread_t_null and not 0 since for - posterity some thread library may not use 0 for error. - - Closes https://github.com/curl/curl/pull/13542 - -- curl_multibyte: remove access() function wrapper for Windows - - - Remove curlx_win32_access() which was a wrapper to use access() in - Windows. - - This is a follow-up to 602fc213, one of two commits which removed - access() calls from the codebase and banned use of the function. - - Closes https://github.com/curl/curl/pull/13529 - -Daniel Gustafsson (6 May 2024) - -- tls: Remove EXAMPLEs from deprecated options - - CURLOPT_EGDSOCKET and CURLOPT_RANDOM_FILE are both completely dead - so remove their example sections since the code there is useless. - There is still a way to inject a random file for OpenSSL older than - 1.1.0 but it's not what the example showed (and it's not even done - with this option) so we refrain from documenting it here. - - Closes: #13540 - Reviewed-by: Daniel Stenberg - -- tests: Only require EXAMPLE for non-deprecated options - - Manpages which document deprecated CURLOPT_ or CURLINFO_ are not - required to have an EXAMPLE section since they might effectively - be dead no-ops which we don't want to trick users into believing - they can use by copying example code. - - Closes: #13540 - Reviewed-by: Daniel Stenberg - -Daniel Stenberg (6 May 2024) - -- EXPERIMENTAL: add graduation requirements for each feature - - Starting now, experimental features should have a set of documentated - requirements of what is needed for the feature to graduate. - - This adds requirements to all existing experiments. - - Closes #13541 - -Ivan (6 May 2024) - -- misc: fix typos, quoting and spelling - - Fix wording of comments, and misquotings where `' is markdown parsed - where it shouldn't be, and remove a misspelled preprocessor comment - which really isn't needed (and removing it makes it match surrounding - code better). - - Closes: #13538 - Reviewed-by: Daniel Gustafsson - -Daniel Gustafsson (6 May 2024) - -- tests: Mark tftpd timer function as noreturn - - This avoids the below compiler warning: - - tftpd.c:280:1: warning: function 'timer' could be declared with - attribute 'noreturn' [-Wmissing-noreturn] - - Closes: #13534 - Reviewed-by: Daniel Stenberg - -- doh: Remove unused function prototype - - Closes: #13536 - Reviewed-by: Daniel Stenberg - -Daniel Stenberg (6 May 2024) - -- doh: cleanups in ECH related functions - - - make local_decode_rdata_name use dynbuf instead of calloc + memcpy - - avoid extra memdup in local_decode_rdata_alpn - - no need to if() before free() - - use memdup instead of calloc + memcpy in Curl_doh_decode_httpsrr - - Reviewed-by: Stephen Farrell - Closes #13526 - -Viktor Szakats (5 May 2024) - -- libssh2: delete redundant feature guard - - Delete `HAVE_LIBSSH2_VERSION` (equivalent to - `LIBSSH2_VERSION_NUM` > 0x010100) guard surrounding - a `LIBSSH2_VERSION_NUM` > 0x010B00 one. - - Reviewed-by: Daniel Gustafsson - Closes #13537 - -Jan Venekamp (5 May 2024) - -- tool_cfgable: free {proxy_}cipher13_list on exit - - Author: Jan Venekamp - Reviewed-by: Daniel Gustafsson - Closes: #13531 - -RainRat (4 May 2024) - -- doh: Fix typo in comment - - Closes: #13504 - Author: RainRat on Github - Reviewed-by: Daniel Stenberg - Reviewed-by: Daniel Gustafsson - -Christian Schmitz (4 May 2024) - -- dynbuf: Fix returncode on memory error - - Curl_dyn_vaddf should return a proper error code in case allocating - memory failed. - - Closes: #13533 - Author: Christian Schmitz - Reviewed-by: Daniel Gustafsson - -Daniel Stenberg (3 May 2024) - -- RELEASE-NOTES: synced - -Jan Venekamp (2 May 2024) - -- bearssl: use common code for cipher suite lookup - - Take advantage of the Curl_cipher_suite_walk_str() and - Curl_cipher_suite_get_str() functions introduced in commit fba9afeb. - - This also fixes CURLOPT_SSL_CIPHER_LIST not working at all for bearssl - due to commit ff74cef5. - - Closes #13464 - -Daniel Stenberg (2 May 2024) - -- curl.h: change CURL_SSLVERSION_* from enum to defines - - C++20 and later compilers emit a deprecation warning if values from two - different enums are combined with a bitwise operation the way the - CURL_SSLVERSION_* values were previously created. - - Reported-by: Michael Kaufmann - Fixes #13510 - Closes #13511 - -- configure: error on missing perl if docs or manual is enabled - - Fixes #13508 - Reported-by: Harmen Stoppels - Closes #13514 - -- tool_cb_rea: limit rate unpause for -T . uploads - - To avoid getting stuck in a busy-loop when nothing is read from stdin, - this function now checks the call rate and might enforce a short sleep - when called repeatedly without uploading anything. It is a crude - work-around to avoid a 100% busy CPU. - - Reported-by: magisterquis on hackerone - Fixes #13174 - Closes #13506 - -Viktor Szakats (1 May 2024) - -- appveyor: enable websockets for VS2017 jobs - - Follow-up to eb4fe6c6340c3d5b0c347c6e30be004d4f9117d7 #13232 - Closes #13513 - -Daniel Stenberg (30 Apr 2024) - -- if2ip: make the buf_size arg a size_t - - sizes should be size_t - - Ref: #13489 - Closes #13505 - -- cf-https-connect: use timeouts as unsigned ints - - To match the type used in 'set.happy_eyeballs_timeout'. - - Ref: #13489 - Closes #13503 - -- hash: change 'slots' to size_t from int - - - an unsigned type makes more sense - - size_t seems suitable - - on 64 bit args, the struct alignment makes the new Curl_hash remain - the same size - - Closes #13502 - -Viktor Szakats (30 Apr 2024) - -- libssh2: replace `access()` with `stat()` - - Prefer `stat()` to verify the presence of key files. - - This drops the last uses of `access()` in the codebase, which was - reported to cause issues in some cases. - - Also add `access()` to the list of banned functions in checksrc. - - Ref: https://github.com/curl/curl/pull/13412#issuecomment-2065505415 - Ref: https://github.com/curl/curl/pull/13482#issuecomment-2078980522 - Ref: #13497 - Co-authored-by: Jay Satiro - Closes #13498 - -Daniel Stenberg (30 Apr 2024) - -- multi: remove useless assignment - - Spotted by CodeSonar - - Closes #13500 - -- RELEASE-NOTES: synced - -fuzzard (29 Apr 2024) - -- cmake: FindNGHTTP2 add static lib name to find_library call - - Add the static library name, nghttp2_static as a name to search. - - This provides cmake parity with the winbuild Makefile.vc allowing - the cmake build to find and allow the link to static nghttp2 library. - -Viktor Szakats (29 Apr 2024) - -- DISTROS: add patch and issues link for curl-for-win - - curl-for-win sometimes includes curl patches that were already merged in - master, but not yet part of a stable release. - - Also include the Issues link. Build-specific issues are handled there. - - Ref: #13493 - Closes #13499 - -Daniel Stenberg (29 Apr 2024) - -- mime: avoid using access() - - If stat() fails, there is no point in calling access() - - Also: return error immediately if the stat() fails. - - Ref: #13482 - Closes #13497 - -Stefan Eissing (29 Apr 2024) - -- tests: add SNI and peer name checks - - - connect to DNS names with trailing dot - - connect to DNS names with double trailing dot - - rustls, always give `peer->hostname` and let it - figure out SNI itself - - add SNI tests for ip address and localhost - - document in code and TODO that QUIC with ngtcp2+wolfssl - does not do proper peer verification of the certificate - - mbedtls, skip tests with ip address verification as not - supported by the library - - Closes #13486 - -Daniel Stenberg (29 Apr 2024) - -- curl_getdate.md: document two-digit year handling - - Mentioned-by: Paul Gilmartin - Ref: https://curl.se/mail/archive-2024-04/0014.html - Closes #13494 - -Viktor Szakats (29 Apr 2024) - -- cmake: add `BUILD_EXAMPLES` option to build examples - - You can enable it with `-DBUILD_EXAMPLES=ON`. - - To match autotools' `make examples` feature. - Windows (static) builds not tested. - - Also enable examples in a pair of CI jobs. - - Apply related updates to the macOS CI workflow: - - drop unused `CXX` envs. - - drop no longer needed `-Wno-error=undef -Wno-error=conversion` flags. - - pass `-Wno-deprecated-declarations` to GCC too (for `BUILD_EXAMPLES`). - - document why `-Wno-deprecated-declarations` is necessary. - - Closes #13491 - -Stefan Eissing (26 Apr 2024) - -- http3: quiche+ngtcp2 improvements - - - quiche: error transfers that try to receive on a closed - or draining connection - - ngtcp2: use callback for extending max bidi streams. This - allows more precise calculation of MAX_CONCURRENT as we - only can start a new stream when the server acknowledges - the close - not when we locally have closed it. - - remove a fprintf() from h2-download client to avoid excess - log files on tests timing out. - - Closes #13475 - -- vtls: TLS session storage overhaul - - - add session with destructor callback - - remove vtls `session_free` method - - let `Curl_ssl_addsessionid()` take ownership - of session object, freeing it also on failures - - change tls backend use - - test_17, add tests for SSL session resumption - - Closes #13386 - -- multi: multi_wait improvements - - - only call `multi_getsock()` once for all transfers - - realloc pollset array on demand - - fold repeated sockets - - Closes #13150 - -Philip Heiduck (25 Apr 2024) - -- ci: remove microsoft-prod.list - - This is added by default, and it is often broken, but we don't need - anything from it. - - Closes #13473 - -Evgeny Grin (Karlson2k) (25 Apr 2024) - -- curl_setup.h: detect 'inline' support - - Closes #13355 - -Daniel Stenberg (25 Apr 2024) - -- multi: avoid memory-leak risk - - 'newurl' is allocated in some conditions and used in a few scenarios, - but there were theoretical combinations in which it would not get freed. - Move the free to happen unconditionally. Never triggered by tests, but - spotted by Coverity. - - Closes #13471 - -Johann Sebastian Schicho (25 Apr 2024) - -- sendf: Curl_cwriter_write: remove comment disallowing zero length writes - - They are needed to pass CLIENTWRITE_EOS. - - Closes #13477 - -Stefan Eissing (25 Apr 2024) - -- CI: macos fixes for new ARM GHA images - - - based on #13478 with additions from #13476 - - make homebrew install path flexible - - fix OpenSSL pkgconfig files libdir - - add path to --with-libssh2 target - - disable gcc securetransport due to linker - errors (missing symbols), probably because - the os version is no longer low enough - - Assisted-by: Viktor Szakats - - Closes #13479 - -- content_encoding: ignore duplicate chunked encoding - - - ignore duplicate "chunked" transfer-encodings from - a server to accomodate for broken implementations - - add test1482 and test1483 - - Reported-by: Mel Zuser - Fixes #13451 - Closes #13461 - -Daniel Stenberg (25 Apr 2024) - -- tool: move tool_ftruncate64 to tool_util.c - - ... and the prototype to tool_setup.h, to make them both available more - widely and accurately. - - Follow-up to 00bef95946d3511 - - Fixes #13458 - Closes #13459 - -Viktor Szakats (24 Apr 2024) - -- lib: silence `-Wsign-conversion` in base64, strcase, mprintf - - Closes #13467 - -- CI: retain failure code after `./configure` with Circle CI - - Suggested-by: Dan Fandrich - Follow-up to 43299e93c06b96fea8a8dc9b1c2e49c82bc21801 #13462 - Follow-up to d7332e3e46c3ef401b34e6a1a129eb4dd846c452 #12635 - Closes #13468 - -Daniel Stenberg (24 Apr 2024) - -- RELEASE-NOTES: synced - -Jan Venekamp (24 Apr 2024) - -- mbedTLS: implement CURLOPT_SSL_CIPHER_LIST option - - Use a lookup list to set the cipher suites, allowing the - ciphers to be set by either openssl or IANA names. - - To keep the binary size of the lookup list down we compress - each entry in the cipher list down to 2 + 6 bytes using the - C preprocessor. - - Closes #13442 - -Viktor Szakats (24 Apr 2024) - -- CI: show more failed `config.log` on Circle CI - - Show last 1000 lines of `config.log` if `./configure` fails. This was - already done for one job, this patch extends it to all. - - Ref: #13438 - Closes #13462 - -Daniel Stenberg (24 Apr 2024) - -- telnet: check return code from fileno() - - and return error if necessary - - Spotted by CodeSonar - - Closes #13457 - -Viktor Szakats (24 Apr 2024) - -- tls: fix SecureTransport + BearSSL cmake unity builds - - Avoid clashing static function names by namespacing them. - - Pointed-out-by: Jan Venekamp - Ref: https://github.com/curl/curl/pull/13442#discussion_r1576350700 - Closes #13450 - -Jay Satiro (24 Apr 2024) - -- dllmain: Call OpenSSL thread cleanup for Windows and Cygwin - - - Call OPENSSL_thread_stop on thread termination (DLL_THREAD_DETACH) - to prevent a memory leak in case OpenSSL is linked statically. - - - Warn in libcurl-thread.3 that if OpenSSL is linked statically then it - may require thread cleanup. - - OpenSSL may need per-thread cleanup to stop a memory leak. For Windows - and Cygwin if libcurl was built as a DLL then we can do that for the - user by calling OPENSSL_thread_stop on thread termination. However, if - libcurl was built statically then we do not have notification of thread - termination and cannot do that for the user. - - Also, there are several other unusual cases where it may be necessary - for the user to call OPENSSL_thread_stop, so in the libcurl-thread - warning I added a link to the OpenSSL documentation. - - Co-authored-by: Viktor Szakats - - Reported-by: southernedge@users.noreply.github.com - Reported-by: zmcx16@users.noreply.github.com - - Ref: https://www.openssl.org/docs/man3.0/man3/OPENSSL_thread_stop.html#NOTES - - Fixes https://github.com/curl/curl/issues/12327 - Closes https://github.com/curl/curl/pull/12408 - -Jan Venekamp (24 Apr 2024) - -- rustls: remove incorrect SSLSUPP_TLS13_CIPHERSUITES flag - - The rustls backend advertises SSLSUPP_TLS13_CIPHERSUITES, but - the code does not actually seem to support it (yet?). Removed - the flag and corrected documentation. - - Closes #13452 - -Stefan Eissing (24 Apr 2024) - -- quiche: expire all active transfers on connection close - - - when a connection close is detected, all ongoing transfers - need to expire bc no more POLL events are likely to happen - for them. - - Fixes #13439 - Reported-by: Jay Satiro - Closes #13447 - -Dan Fandrich (23 Apr 2024) - -- tests: fix feature case in test1481 - - This test was being skipped everywhere because the feature never - matched. - - Closes #13445 - -Gusted (23 Apr 2024) - -- tool_operate: don't truncate the etag save file by default - - This fixes a regression of 75d79a4486b279100209ddf8c7fdb12955fb66e9. The - code in tool-operate truncated the etag save file, under the assumption - that the file would be written with a new etag value. However since - 75d79a4486b279100209ddf8c7fdb12955fb66e9 that might not be the case - anymore and could result in the file being truncated when --etag-compare - and --etag-save was used and that the etag value matched with what the - server responded. Instead the truncation should not be done when a new - etag value should be written. - - Test 3204 was added to verify that the file with the etag value doesn't - change the contents when used by --etag-compare and --etage-save and - that value matches with what the server returns on a non 2xx response. - - Closes #13432 - -Abdullah Alyan (22 Apr 2024) - -- tests: enable test 1117 for hyper - - Closes #13436 - -Daniel Stenberg (22 Apr 2024) - -- sendf: useless assignment in cr_lc_read() - - Spotted by CodeSonar - - Closes #13437 - -- tool_paramhlp: remove duplicate assign - - Spotted by CodeSonar - - Closes #13433 - -- transfer: remove useless assignment - - in Curl_xfer_recv_resp - - Spotted by CodeSonar - - Closes #13435 - -- http: acknowledge a returned error code - - ... and do not overwrite it with a new value that could then hide the - problem. - - Spotted by CodeSonar - - Closes #13434 - -- tool_operate: init vars unconditionally in post_per_transfer - - In case of (the unlikely) early return, they could otherwise remain - uninitialized - - Spotted by CodeSonar - - Closes #13430 - -- RELEASE-NOTES: synced - -- urlapi: allow setting port number zero - - Also set and check errno when strtoul() parsing numbers for better error - checking. - - Updated test 1560 - - Closes #13427 - -- http_aws_sigv4: remove useless assignment - - This code assigned the variable the same value it already had - - Spotted by CodeSonar - - Closes #13426 - -- file: remove useless assignment - - This code assigned the variable the same value it already had. - - Spotted by CodeSonar - - Closes #13425 - -- test2406: verify -f with HTTP/2 - -Stefan Eissing (19 Apr 2024) - -- http2 + ngtcp2: pass CURLcode errors from callbacks - - - errors returned by Curl_xfer_write_resp() and the header variant are - not errors in the protocol. The result needs to be returned on the - next recv() from the protocol filter. - - - make xfer write errors for response data cause the stream to be - cancelled - - - added pytest test_02_14 and test_02_15 to verify that also for - parallel processing - - Reported-by: Laramie Leavitt - Fixes #13411 - Closes #13424 - -Daniel Stenberg (19 Apr 2024) - -- request: make Curl_req_init return void - - Since it could not return error and therefore this change removes dead - code for the caller. - - Spotted by CodeSonar. - - Closes #13423 - -- multi: remove the unused Curl_preconnect function - - The implementation has been removed, no point in keeping it around. - - Follow-up to 476adfeac019ed - - Closes #13422 - -- Curl_creader_read: init two variables to avoid using them uninited - - Spotted by CodeSonar - - Closes #13419 - -- http: reject HTTP major version switch mid connection - - A connection that has seen an HTTP major version now refuses any other - major HTTP version in future responses. Previously, a HTTP/1.x - connection would just silently accept HTTP/2 or HTTP/3 in the status - lines as long as it had support for those built-in. It would then just - lead to confusion and badness. - - Indirectly Spotted by CodeSonar which identified a duplicate assignment - in this function. - - Add test 471 to verify - - Closes #13421 - -- mqtt: when Curl_xfer_recv returns error, don't use nread - - A returned error code makes other return value unreliable, and in this - case potentially uninitialized. On error, do not read other return - values like the nread counter. - - Spotted by CodeSonar - - Closes #13418 - -- ftp: fix socket leak on rare error - - In the function AcceptServerConnect() the newly created socket would - leak if Curl_conn_tcp_accepted_set() returns error. Which basically - should never happen. - - Spotted by CodeSonar. - - Closes #13417 - -- urlapi: remove unused flags argument from Curl_url_set_authority - - The function is only called from a single place (for HTTP/2 server push) - so might as well just assume this fixed option every time. - - Closes #13409 - -- github/ISSUE_TEMPLATE: tweak the commericual support text - -- github/ISSUE_TEMPLATE: link the GitHub discussions too - - ... and move the feature request line to the bottom. - -- curl_url_get.md: clarify queries and fragments and CURLU_GET_EMPTY - - Follow-up to 3eac21d86bc5 - - Closes #13407 - -Stefan Eissing (18 Apr 2024) - -- tests: check caddy server version to match test expectations - - - new caddy servers no longer return 200 on POSTs, but 405 - as they should - - Closes #13405 - -Daniel Stenberg (18 Apr 2024) - -- curl_url_set.md: extended - - Closes #13404 - -- urlapi: add CURLU_GET_EMPTY for empty queries and fragments - - By default the API inhibits empty queries and fragments extracted. - Unless this new flag is set. - - This also makes the behavior more consistent: without it set, zero - length queries and fragments are considered not present in the URL. With - the flag set, they are returned as a zero length strings if they were in - fact present in the URL. - - This applies when extracting the individual query and fragment - components and for the full URL. - - Closes #13396 - -- RELEASE-NOTES: synced - -- lib1560: test with leading zeroes and more IPv4 versions - - Inspired by WHATWG URL Spec test inputs - - Closes #13400 - -Christian Schmitz (17 Apr 2024) - -- smtp: result of Curl_bufq_cread was not used - - return the result back to the caller. - - Closes #13398 - -Daniel Stenberg (17 Apr 2024) - -- urlapi: fix relative redirects to fragment-only - - Using the URL API for a redirect URL when the redirected-to string - starts with a hash, ie is only a fragment, the API would produce the - wrong final URL. - - Adjusted test 1560 to test for several new redirect cases. - - Closes #13394 - -Jiwoo Park (17 Apr 2024) - -- url: fix use of an uninitialized variable - - Closes #13399 - -Patrick Monnerat (17 Apr 2024) - -- os400: sync with latest changes - - - Conversion support for new version info character field rtmp_version. - - New ILE/RPG declarations. - - Closes #13402 - -Daniel Stenberg (17 Apr 2024) - -- ngtcp2: fix macro use - - macro "H3_STREAM_CTX" requires 2 arguments, but only 1 given - - Follow-up to c6655f7029ec5c128561e3ecf1f93db3ed0432a4 - - Closes #13401 - -Christian Schmitz (17 Apr 2024) - -- sendf: fix two typos in comments - - The parameters are named data, not date. - - Closes #13393 - -- lib: silence warnings on comma misuse - - Building curl with -Wcomma, I see warnings about "possible misuse of - comma operator here" and moving fields assignment out of the for() fixes - it. - - Closes #13392 - -Stefan Eissing (17 Apr 2024) - -- http/2, http/3: decouple stream state from easy handle - - - add `Curl_hash_offt` as hashmap between a `curl_off_t` and - an object. Use this in h2+h3 connection filters to associate - `data->id` with the internal stream state. - - changed implementations of all affected connection filters - - removed `h2_ctx*` and `h3_ctx*` from `struct HTTP` and thus - the easy handle - - solves the problem of attaching "foreign protocol" easy handles - during connection shutdown - - Test 1616 verifies the new hash functions. - - Closes #13204 - -Daniel Stenberg (17 Apr 2024) - -- ROADMAP: remove completed entries, mention websocket - -- THANKS-filter: name fixes - -Christian Schmitz (17 Apr 2024) - -- winbuild: add ENABLE_WEBSOCKETS option - - Closes #13232 - -Daniel Stenberg (17 Apr 2024) - -- dmaketgz: compacter - - Removes the need for disabling shellcheck warnings. - - Follow-up to d28f74913c2 - Proposed-by: Viktor Szakats - Closes #13391 - -Dan Fandrich (16 Apr 2024) - -- tests: Fix uninitialized value warning - - The check for an option must be predicated on options existing at all. - - Follow-up to f7cc9e91 - -Christian Schmitz (17 Apr 2024) - -- idn: add native AppleIDN (icucore) support for macOS/iOS - - I implemented the IDN functions for macOS and iOS using Unicode - libraries coming with macOS and iOS. - - Builds and runs here on macOS 14.2.1. Also verified to load and - run on older macOS version 10.13. - - Build requires macOS SDK 13 or equivalent. - - Set `-DUSE_APPLE_IDN=ON` CMake option to enable it. - With autotools and other build tools, set these manual options: - ``` - CPPFLAGS=-DUSE_APPLE_IDN - LIBS=-licucore - ``` - - Completes TODO 1.6. - - TODO: add autotools option and feature-detection. - - Refs: #5330 #5371 - Co-authored-by: Viktor Szakats - Closes #13246 - -Stefan Eissing (16 Apr 2024) - -- http3: extend download abort tests, fixes in ngtcp2 - - - fix flow handling in ngtcp2 to ACK data on streams - we abort ourself. - - extend test_02_23* cases to also run for h3 - - skip test_02_23* for OpenSSL QUIC as it gets stalled - on progressing the connection - - Closes #13374 - -Daniel Stenberg (16 Apr 2024) - -- tests: add -q as first option when invoking curl for tests - - To reduce the risk that the user running the tests has a .curlrc present - that messes things up. - - Support 'option="no-q"' for the tag to switch it off on demand. - Use this new feature in test 433 and 436. - - Ref: #13284 - Closes #13387 - -- dmaketgz: release tarball generation using docker - - For easier reproducibility. - - Mention using this script in RELEASE-PROCEDURE - - Closes #13388 - -Viktor Szakats (16 Apr 2024) - -- cmake: update ECH code and minor fixups - - - `openssl_check_symbol_exists()` expects a 4th argument now. - Follow-up to edc2702a1fe3a4a5386ffd9aa4f240f0c0197fa2 #13373 - - - minor comment/script touch-ups. - Follow-up to a362962b7289ec02b412890c9515657cf0ed50ac #11922 - - - fix indentation. - - Closes #13383 - -- tests: fix shellcheck issues in `ech_tests.sh` - - Add double-quotes where missing. - - Follow-up to a362962b7289ec02b412890c9515657cf0ed50ac #11922 - Closes #13382 - -- dist: add ECH files to tarball - - Also sort `EXTRA_DIST` list in `tests/Makefile.am` and make it diffable. - - Follow-up to a362962b7289ec02b412890c9515657cf0ed50ac #11922 - Closes #13381 - -- openvms: look for `USE_IPV6` in `config.h` (was: `ENABLE_IPV6`) - - The OpenVMS script `config_h.com` is parsing the config header - generated by autotools. Let's make it look for the macro name we now - use universally across the codebase. - - Follow-up to e411c98f702f0fb38dceec95e7507ef15a00d12c #13349 - Closes #13360 - -daniel-j-h (16 Apr 2024) - -- Dockerfile: for release automation and reproducibility - - Closes #13250 - -Stefan Eissing (16 Apr 2024) - -- cw-out: improved error handling - - - remember error encountered in invoking write callback and always fail - afterwards without further invokes - - - check behaviour in test_02_17 with h2-pausing client - - Reported-by: Pavel Kropachev - Fixes #13337 - Closes #13340 - -Daniel Stenberg (16 Apr 2024) - -- version: add "ECH" as a feature - - If available - - Follow-up to a362962b7 - Closes #13378 - -- CURLOPT_ECH: polish - - - remove the pointer to build instructions, it won't work in manpages - - add see-also - - minor white space edits - - Closes #13379 - -Viktor Szakats (16 Apr 2024) - -- tidy-up: whitespace [ci skip] - -- mbedtls: fix building with v3 in CMake Unity mode - - Before this patch the internal feature detection macro - `HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS` was defined in three files, - with an incomplete logic in one of them. In Unity mode that spilled - into another source file and broke the build. - - Closes #13377 - -- cmake: add librtmp/rtmpdump option and detection - - Add CMake option `USE_LIBRTMP`. Disabled by default. - - This library requires OpenSSL TLS-backend when linked statically. - - Follow-up to 6eb9e65781fa1fd8a0bcfe0715187a3a35f09ae4 #13364 - Closes #13373 - -Stephen Farrell (16 Apr 2024) - -- TLS: add support for ECH (Encrypted Client Hello) - - An EXPERIMENTAL feature used with CURLOPT_ECH and --ech. - - Closes #11922 - -Daniel Stenberg (15 Apr 2024) - -- RELEASE-NOTES: synced - -- multi: introduce SETUP state for better timeouts - - Since we can go to the CONNECT state from PENDING, potentially multiple - times for a single transfer, this change introdues a SETUP state that - happens before CONNECT when doing a new transfer. - - Now, doing a redirect on a handle goes back to SETUP (not CONNECT like - before) and we initilize the connect timeout etc in SETUP. Previously, - we would do it in CONNECT but that would make it unreliable in cases - where a transfer goes in and out between CONNECT and PENDING multiple - times. - - SETUP is transient, so the handle never actually stays in that state. - - Additionally: take care of timeouts of PENDING transfers in - curl_multi_perform() - - Ref: #13227 - Closes #13371 - -Tal Regev (15 Apr 2024) - -- cmake: forward `USE_LIBRTMP` option to C - - Define in C `USE_LIBRTMP` if user requested it from cmake. - - Closes #13364 - -Daniel Stenberg (15 Apr 2024) - -- curl_version_info: provide librtmp version - - Ref: https://github.com/curl/curl/pull/13364#issuecomment-2054151942 - Reported-by: talregev on github - Closes #13368 - -blankie (15 Apr 2024) - -- docs: clarify CURLOPT_MAXFILESIZE and CURLOPT_MAXFILESIZE_LARGE - - The bounds of the size parameter were not specified, and nor was it - specified how to disable the maximum file size check. - - The documentation also incorrectly stated that CURLOPT_MAXFILESIZE - always returns CURLE_OK and that CURLOPT_MAXFILESIZE_LARGE only returns - CURLE_OK or CURLE_UNKNOWN_OPTION. - - It also did not mention what the default value is, which is zero. This - commit updates the documentation to make note of all these things. - - Closes #13372 - -Patrick Monnerat (15 Apr 2024) - -- OS400: post-shellcheck changes adjustments - - Build scripts must be executed by the os/400 shell (sh), not bash which - is a PASE program. - - Shell function get_make_vars() escaping reworked to match $() subcommand - construct. - - Follow-up to 8a622baf9e9233241bbe93d6599c99cb46478614 - Closes #13366 - -Viktor Szakats (15 Apr 2024) - -- OS400: tidy-up - - Drop/fixup mods trying to make some syntax highlighters happier. - - Follow-up to 8a622baf9e9233241bbe93d6599c99cb46478614 #13309 - Closes #13362 - -Daniel Stenberg (15 Apr 2024) - -- multi: timeout handles even without connection - - When there is a "change" in a multi handle and pending handles are moved - back to the main list to be retested if they can proceed further (for - example a previous transfer completed or a connection has a confirmed - multiplexed state), the timeout check in multi_runsingle() would not - trigger because it required an established connection. - - This could make a pending tranfer go back to pending state even though - it had been "in progress" for a longer time than permitted. By removing - the requirement for an associated connection, the timeout check will be - done proper even for transfers that has not yet been assigned one. - - Ref #13227 - Reported-by: Rahul Krishna M - Closes #13276 - -Patrick Monnerat (15 Apr 2024) - -- mprintf: check fputc error rather than matching returned character - - OS/400 ascii fputc wrapper deviates from the posix standard by the - fact that it returns the ebcdic encoding of the original ascii - character. Testing for a matching value for success will then always - fail. - - This commit replaces the chariacter comparison by an explicit error - return check. - - Follow-up to ef2cf58 - Closes #13367 - -Viktor Szakats (14 Apr 2024) - -- ci: add CMake build variation, fixup libssh detection in `linux-old` - - To test without c-ares and hit `easy_lock.h` on an old system. Use this - new build step to introduce small variations, and also test libssh2. - - Also add workaround to existing job to enable libssh. (CMake's generic - auto-detection doesn't seem to work here.): - ``` - CMake Warning at CMakeLists.txt:908 (find_package): - Could not find a package configuration file provided by "libssh" with any - of the following names: - - libsshConfig.cmake - libssh-config.cmake - ``` - Ref: https://github.com/curl/curl/actions/runs/8661316091/job/23750974358#ste - p:5:69 - - Closes #13361 - -- lib: merge `ENABLE_QUIC` C macro into `USE_HTTP3` - - Before this patch `lib/curl_setup.h` defined these two macros right - next to each other, then the source code used them interchangeably. - - After this patch, `USE_HTTP3` guards all HTTP/3 / QUIC features. - (Like `USE_HTTP2` does for HTTP/2.) `ENABLE_QUIC` is no longer used. - - This patch doesn't change the way HTTP/3 is enabled via autotools - or CMake. Builders who enabled HTTP/3 manually by defining both of - these macros via `CPPFLAGS` can now delete `-DENABLE_QUIC`. - - Closes #13352 - -- build: prefer `USE_IPV6` macro internally (was: `ENABLE_IPV6`) - - Before this patch, two macros were used to guard IPv6 features in curl - sources: `ENABLE_IPV6` and `USE_IPV6`. This patch makes the source use - the latter for consistency with other similar switches. - - `-DENABLE_IPV6` remains accepted for compatibility as a synonym for - `-DUSE_IPV6`, when passed to the compiler. - - `ENABLE_IPV6` also remains the name of the CMake and `Makefile.vc` - options to control this feature. - - Closes #13349 - -Dan Fandrich (12 Apr 2024) - -- DISTROS: mark rolling release distros - - These are ones that are unlikely to have back-ported curl patches. - - Closes #13353 - -Daniel Stenberg (12 Apr 2024) - -- mbedtls: cut off trailing newlines from debug logs - - To avoid double newlines in the output. - - Reported-by: Gisle Vanem - Fixes #13321 - Closes #13356 - -- RELEASE-NOTES: synced - -Stefan Eissing (12 Apr 2024) - -- CURLINFO_REQUEST_SIZE: fixed, add tests for transfer infos reported - - - tests for 'size_request' and other stats reported, for - presence and consistency - - Reported-by: Jonatan Vela - Fixes #13269 - Closes #13275 - -Viktor Szakats (11 Apr 2024) - -- dist: add files missing from release tarball - - Closes #13346 - -- ci: parallelize more, tidy up cmake commands (distcheck, macos) - - Also enable `-DCURL_WERROR=ON` in the Linux cmake build test. - - Closes #13343 - -Toon Claes (11 Apr 2024) - -- docs: add CURLOPT_NOPROGRESS to CURLOPT_XFERINFOFUNCTION example - - It's important to set `CURLOPT_NOPROGRESS` to `0` if you want your - transfer callback function, set by `CURLOPT_XFERINFOFUNCTION`, getting - called. To emphasize this to the users, add this to the code example. - - Closes #13348 - -RainRat (11 Apr 2024) - -- misc: fix typos - - Closes #13344 - -Colin Leroy-Mira (11 Apr 2024) - -- file: add support for getting basic directory listings - - Not supported on Windows (yet) - - Closes #13137 - -Viktor Szakats (11 Apr 2024) - -- ci: add curl-for-win builds: Linux MUSL, macOS, Windows - - Linux MUSL (llvm/clang), macOS Apple clang, Windows (llvm/clang). - - Configured with HTTP/2 and HTTP/3 and other dependencies (the default - curl-for-win) for a comprehensive build test. - - ``` - curl 8.8.0-DEV (x86_64-unknown-linux-musl) libcurl/8.8.0-DEV LibreSSL/3.9.1 z - lib/1.3.1 brotli/1.1.0 zstd/1.5.6 libpsl/0.21.5 libssh2/1.11.0 nghttp2/1.61.0 - ngtcp2/1.4.0 nghttp3/1.2.0 - Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns - mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss - Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Largefil - e libz NTLM PSL SSL threadsafe UnixSockets zstd - - curl 8.8.0-DEV (x86_64-apple-darwin) libcurl/8.8.0-DEV LibreSSL/3.9.1 zlib/1. - 3.1 brotli/1.1.0 zstd/1.5.6 libpsl/0.21.5 libssh2/1.11.0 nghttp2/1.61.0 ngtcp - 2/1.4.0 nghttp3/1.2.0 - Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns - ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws w - ss - Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Largefil - e libz NTLM PSL SSL threadsafe UnixSockets zstd - - curl 8.8.0-DEV (x86_64-w64-mingw32) libcurl/8.8.0-DEV LibreSSL/3.9.1 zlib/1.3 - .1 brotli/1.1.0 zstd/1.5.6 WinIDN libpsl/0.21.5 libssh2/1.11.0 nghttp2/1.61.0 - ngtcp2/1.4.0 nghttp3/1.2.0 - Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns - ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws w - ss - Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerb - eros Largefile libz NTLM PSL SPNEGO SSL SSPI threadsafe UnixSockets zstd - ``` - - Limited to x64, because for build testing the additional CPUs don't add - much value compared to the extra build time. They can be enabled easily - if deemed useful. - - To the extent of curl-for-win configuration options, it's trivial to add - further build combinations. - - Closes #13335 - -- OS400: fix shellcheck warnings in scripts - - - use `$()` instead of backticks, and re-arrange double-quotes inside. - - add missing `|| exit 1` to `cd` calls. (could be dropped by using `set -eu` - .) - - add `-n` to a few `if`s. - - shorten redirections by using `{} >` (as shellcheck recommended). - - silence warnings where variables were detected as unused (SC2034). - - a couple misc updates to silence warnings. - - switch to bash shebang for `-ot` feature. - - split two lines to unbreak syntax highlighting in my editor. (`$(expr \`, ` - $(dirname \`) - - Also enable CI checks for OS/400 shell scripts. - - Ref: #13307 - Closes #13309 - -Stefan Eissing (11 Apr 2024) - -- lib: add Curl_xfer_write_resp_hd - - Add method in protocol handlers to allow writing of a single, - 0-terminated header line. Avoids parsing and copying these lines. - - Closes #13165 - -- llist: add Curl_llist_append() - - - use for better readability in all places where the "insert_next" - actually performs an append to the list - - add some tests in unit1300 - - Closes #13336 - -- gnutls: lazy init the trust settings - - - delay loading of trust anchors and CRLs after the ClientHello - has been sent off - - add tracing to IO operations - - on IO errors, return the CURLcode of the underlying filter - - Closes #13339 - -Marcel Raad (10 Apr 2024) - -- http_negotiate: fix `CURL_DISABLE_PROXY` build - - `proxyuserpwd` was removed from `dynamically_allocated_data` in commit - f46385d36df. - - Closes https://github.com/curl/curl/pull/13334 - -Viktor Szakats (10 Apr 2024) - -- quic: fixup duplicate static function name (for cmake unity) - - Visible in daily curl-for-win builds: - https://github.com/curl/curl-for-win/actions/runs/8621925870 - - ``` - lib/vquic/curl_ngtcp2.c:1916:12: error: redefinition of 'ossl_new_session_cb' - static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) - ^ - lib/vtls/openssl.c:2978:12: note: previous definition is here - static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) - ^ - ``` - https://github.com/curl/curl-for-win/actions/runs/8621925870/job/23631885439# - step:3:6965 - - Follow-up to 3210101088dfa3d6a125d213226b092f2f866722 #13172 - Closes #13332 - -- appveyor: make VS2010 job build-only, enable Schannel, fix compiler warnings - - Tests were consistently flaky for a while. - - Also fix compiler warnings in `CertOpenStore()` calls for old MSVC compilers: - ``` - C:/projects/curl/lib/vtls/schannel.c(688): - warning C4306: 'type cast' : conversion from 'int' to 'LPCSTR' of greater s - ize - C:/projects/curl/lib/vtls/schannel_verify.c(642): - warning C4306: 'type cast' : conversion from 'int' to 'LPCSTR' of greater s - ize - ``` - Ref: https://ci.appveyor.com/project/curlorg/curl/builds/49580310/job/ywu2y44 - kymgc0nif#L106 - - Closes #13330 - -Daniel Stenberg (10 Apr 2024) - -- projects: drop MSVC project files for recent versions - - We encourage users to generate visual studio project files using CMake. - - We keep project files in git for ancient visual studio versions that - cmake cannot generate files for, but we no longer ship the project files - in the tarballs. - - appveyor: switch VisualStudioSolution job to VC12 (Visual Studio 2013) - - Co-Authored-by: Viktor Szakats - Co-Authored-by: Jay Satiro - - Closes #13311 - -Viktor Szakats (9 Apr 2024) - -- cmake: use namespaced custom target names - - Rename custom target to namespaced (unique) names to avoid colliding - with 3rd-party projects (e.g. libzip) built together with curl. - - Reported-by: hammlee96 on github - Fixes #13324 - Closes #13326 - -- appveyor: re-enable OpenSSL 3, bump to 3.2.1 - - Ref: b62454a875d70f93ab5347c050903596feb45a23 #13266 - Closes #13329 - -Stefan Eissing (9 Apr 2024) - -- CI: upgrade openssl version to 3.3.0 for openssl-quic - - Closes #13328 - -Daniel Stenberg (9 Apr 2024) - -- RELEASE-NOTES: synced - - Bump to 8.8.0-DEV - -- curl_multi_waitfds.md: add protocol mention - - Follow-up to 02beac6bb6b - -Dmitry Karpov (9 Apr 2024) - -- lib: add curl_multi_waitfds - - New function call, similar to curl_multi_fdset() - - Closes #13135 - -Viktor Szakats (9 Apr 2024) - -- dist: verify tarball reproducibility in CI - - Closes #13327 - -Stefan Eissing (9 Apr 2024) - -- tests: stabilitze test_02_23* - - - h2-download now always opens the output file on first write callback - invocation, if it will pause the transfer or not. - - Checks on output files then does not depend on the amount of data curl - has collected for the first write. - - Closes #13323 - -- tls: fix compile issues on old-linux CI - - Follow-up to 3210101088dfa - Closes #13325 - -Viktor Szakats (9 Apr 2024) - -- dist: add reproducible dir entries to tarballs - - In the initial implementation of reproducible tarballs, they were - missing directory entries, while .zip archives had them. It meant - that on extracting the tarball, on-disk directory entries got the - current timestamp. - - This patch fixes this by including directory entries in the tarball, - with reproducible timestamps. It also moves sorting inside tar, - to ensure reproducible directory entry timestamps on extract - (without the need of `--delay-directory-restore` option, when - extracting with GNU tar. BSD tar got that right by default.) - - GNU tar 1.28 (2014-07-28) introduced `--sort=`. - - Ref: https://github.com/curl/curl/pull/13299#discussion_r1555957350 - Follow-up to 860cd5fc2dc8e165fadd2c19a9b7c73b3ae5069d #13299 - Closes #13322 - -Stefan Eissing (9 Apr 2024) - -- tls: use shared init code for TCP+QUIC - - Closes #13172 - -Daniel Stenberg (9 Apr 2024) - -- .mailmap: update Gisle's preferred email - -Jan Macku (9 Apr 2024) - -- doc: pytest `--repeat` -> `--count` - - Pytest doesn't have a `--repeat` option, but it does have a `--count` - option. - - ``` - --count=COUNT Number of times to repeat each test - ``` - - Closes #13218 - -Daniel Stenberg (9 Apr 2024) - -- src/Makefile.am: access curl.txt using a relative path, not abs - - ... to make it work when mounted using different mount points. Like when - generated/used inside and outside of a docker image. - - Closes #13320 - -- build: remove MacOSX-Framework script - - I don't think this is much used these days. - - Also remove the libcurl.plist file used (only) by this script - - Closes #13313 - -- release-tools.sh: store the timestamp and release tag too - - When maketgz invokes this script to generate the docs/RELEASE-TOOLS.md - file that gets bundled in the release, it now also passes on the exact - timestamp and version number so that those details also get mentioned in - the document. They will help users reproduce an identical tarball. - - Closes #13319 - -Viktor Szakats (8 Apr 2024) - -- GHA: disable permissions where missing - - Reviewed-by: Daniel Stenberg - Closes #13306 - -Stefan Eissing (8 Apr 2024) - -- CI: update component versions - - - ngtcp2: v1.4.0 - - nghttp3: v1.2.0 - - nghttp2: v1.61.0 - - mod_h2: v2.0.27 - - Closes #13316 - -Jérôme Leclercq (8 Apr 2024) - -- CMake: check fseeko after detecting HAVE_FILE_OFFSET_BITS - - Closes #13264 - -Stefan Eissing (8 Apr 2024) - -- http2: emit RST when client write fails - - - When the writing of response data fails, reset the stream - and do not return a callback error to nghttp2. That would - be a fatal error for the connection and harm other requests. - - add test cases for various abort scenarios - - Reported-by: Konstantin Kuzov - Fixes #13292 - Closes #13298 - -Kailun Qin (8 Apr 2024) - -- mbedtls: call mbedtls_ssl_setup() after RNG callback is set - - Since mbedTLS v3.6.0, the RNG check added in ssl_conf_check() will fail - if no RNG is provided when calling mbedtls_ssl_setup(). - - Therefore, mbedtls_ssl_conf_rng() needs to be called before the SSL - context is passed to mbedtls_ssl_setup(). - - Ref: https://github.com/Mbed-TLS/mbedtls/commit/b422cab052b51ec84758638d6783d - 6ba4fc60613 - - Signed-off-by: Kailun Qin - Closes #13314 - -Daniel Stenberg (8 Apr 2024) - -- NTLM_WB: drop support - - The feature has not worked for months and has been marked as DEPRECATED - for six+ months. - - Closes #13249 - -- curl_trc: fix build error when lacking verbose messages - - Follow-up from 0b28ece657b2273 - Closes #13312 - -Viktor Szakats (8 Apr 2024) - -- contrithanks: honor `CURLWWW` variable - - Reviewed-by: Daniel Stenberg - Closes #13315 - -- GHA: add shellcheck job and fix warnings, shell tidy-ups - - Reviewed-by: Daniel Stenberg - Closes #13307 - -- dist: do not require Perl in `maketgz` - - Perl remains required for the tarball build process. - - Follow-up to 860cd5fc2dc8e165fadd2c19a9b7c73b3ae5069d #13299 - - Reviewed-by: Daniel Stenberg - Closes #13310 - -Daniel Stenberg (8 Apr 2024) - -- RELEASE-NOTES: synced - -- docs/cmdline-opts: invoke managen using a relative path - - ... no need to use an absolute path, that makes the build unncessarily - fail if invoked using a different mount point. managen now takes options - to find the input files. - - Update test1478 to provide the dir arguments to managen - - Closes #13281 - -- GHA: add valgrind to a wolfSSL build - - Closes #13274 - -Viktor Szakats (7 Apr 2024) - -- dist: `set -eu`, fix shellcheck, make reproducible and smaller tarballs - - - set bash `-eu` and fix fallouts. - - fix shellcheck warnings. - - set and use `SOURCE_DATE_EPOCH` for reproducibility. - Authored-by: Daniel J. H. - Ref: #13280 - - set `TZ=UTC` and `LC_ALL=C` for reproducibility. - - make file timestamps in tarball/zip reproducible. - - make directory timestamps in zip reproducible. - - make timestamps of tarballs/zip reproducible. - - make file order in tarball/zip reproducible. - - omit extra file metadata from zip for reproducibility. - - use maximum zip compression. - - use POSIX `ustar` tarball format to avoid supply chain vulnerability: - https://seclists.org/oss-sec/2021/q4/0 - - make uid/gid in tarball reproducible. - - omit owner user/group names from tarball for reproducibility and privacy. - - omit current timestamp from .gz header for reproducibility. - - display SHA-256 hashes of produced tarballs/zip. - - fix whitespace. - - `.tar.gz` also became smaller in the process: 4,462,311 -> 4,148,249 bytes (8 - .7.1) - - Requires GNU tar, GNU date, `sha256sum`. - - Reviewed-by: Daniel Stenberg - Ref: #13250 - Closes #13299 - -Gisle Vanem (7 Apr 2024) - -- tests/http: fix compiler warning - - - Init result code variable to fix clang warning that it may be used - uninitialized. - - Fixes https://github.com/curl/curl/issues/13301 - Closes https://github.com/curl/curl/pull/13304 - -Stefan Eissing (6 Apr 2024) - -- vquic: use new curl_int64_t type - - - add curl_int64_t signed 64-bit type for lib use - - - define CURL_PRId64, CURL_PRIu64 format ids - - - use curl_int64_t in vquic - - curl_int64_t signed complements the existing curl_uint64_t unsigned. - - Note that `curl_int64_t` and `int64_t` are assignable from each other - but not identical. Some platforms with 64 long type defint int64_t as - "long long" (staring at macOS) which messes up things like pointers and - format identifiers. - - Closes https://github.com/curl/curl/pull/13293 - -Jay Satiro (5 Apr 2024) - -- lib: use multi instead of multi_easy for the active multi - - - Use data->multi and not data->multi_easy to refer to the active multi. - - The easy handle's active multi is always data->multi. - - This is a follow up to 757dfdf which changed curl so that an easy handle - used with the easy interface and then multi interface cannot have two - different multi handles associated with it at the same time - (data->multi_easy from the easy interface and data->multi from the multi - interface). - - Closes https://github.com/curl/curl/pull/12665 - -Viktor Szakats (5 Apr 2024) - -- tidy-up: whitespace [ci skip] - -Daniel Stenberg (5 Apr 2024) - -- makefile: remove the sorting from the vc-ide action - - This target generates the MSVC project files. This change removes the - extra sorting and instead makes the script use the order of the files as - listed in the variables - which are mostly sorted anyway. - - This is an attempt to make the project file generation more easily - reproducible. - - Ref: #13250 - Closes #13294 - -Gisle Vanem (5 Apr 2024) - -- bearssl: fix compiler warnings - - "variables may be uninitialized when used" - - Fixes #13290 - Closes #13297 - -Daniel Stenberg (5 Apr 2024) - -- DISTROS: Cygwin updates - - Brought-by: Brian Inglis - Fixes #13258 - Co-authored-by: Viktor Szakats - Closes #13279 - -Stefan Eissing (5 Apr 2024) - -- lib: add trace support for client reads and writes - - - add `CURL_TRC_READ()` and `CURL_TRC_WRITE()` - - use in generic client writers and readers, as well - as http headers, chunking and websockets - - Closes #13223 - -Michał Antoniak (5 Apr 2024) - -- urldata: remove fields not used depending on used features - - Reduced size of dynamically_allocated_data structure. - - Reduced number of stored values in enum dupstring and enum dupblob. This - affects the reduced array placed in the UserDefined structure. - - Closes #13188 - -Viktor Szakats (5 Apr 2024) - -- cmake: enable `-pedantic-errors` for clang when `CURL_WERROR=ON` - - clang doesn't have the issues of GCC and old CMake versions. - - Note: This introduces asymmetry with autotools, which only enables - this for GCC. - - Reviewed-by: Daniel Stenberg - Closes #13286 - -- cmake: fix `CURL_WERROR=ON` for old CMake and use it in GHA/linux-old - - - cmake: fix `-pedantic-errors` for old CMake with `CURL_WERROR=ON` set. - - `-pedantic-errors` option throws a warning with GCC (all versions) and - makes `check_symbol_exists()` fail in CMake versions older than - v3.23.0 (2022-03-29), when CMake introduced a workaround: - - https://gitlab.kitware.com/cmake/cmake/-/issues/13208 - https://gitlab.kitware.com/cmake/cmake/-/commit/eeb45401163d831b8c841ef6eba - 81466b4067b68 - https://gitlab.kitware.com/cmake/cmake/-/commit/1ab7c3cd28b27ca162c4559e102 - 6e5cad1898ade - - Follow-up to 3829759bd042c03225ae862062560f568ba1a231 #12489 - - - set `CURL_WERROR=ON` for the `linux-old` job in CI. - - Closes #13282 - -- lib: use `#error` instead of invalid syntax in `curl_setup_once.h` - - Reviewed-by: Daniel Stenberg - Closes #13287 - -Daniel Stenberg (5 Apr 2024) - -- GHA: on macOS remove $HOME/.curlrc - - A recent image upgrade added a $HOME/.curlrc by default using --ipv4. - - Ref: https://github.com/actions/runner-images/pull/9586 - Fixes #13284 - Closes #13285 - -Viktor Szakats (4 Apr 2024) - -- cmake: fixup `DEPENDS` filename - - Fixing: - ``` - make[2]: Circular docs/curl-config.1 <- docs/curl-config.1 dependency dropped - . - make[2]: Circular docs/mk-ca-bundle.1 <- docs/mk-ca-bundle.1 dependency dropp - ed. - ``` - Ref: https://github.com/curl/curl/actions/runs/8559617487/job/23456740844?pr= - 13282#step:6:18 - - Follow-up to 5023ffad2c27d4b916ddb91800f99ecc5d3aad07 #13197 - Closes #13283 - -- GHA: enable unity mode for cmake jobs + tidy-ups - - Unity mode is not supported by CMake v3.7.2 used in linux-old, but - enable it anyway for consistency and to kick in automatically once - migrating to a newer old Linux in the future. - - Also: - - replace `CMAKE_COMPILE_WARNING_AS_ERROR` with `CURL_WERROR`. - - delete default build option `PICKY_COMPILER=ON`. - - Closes #13277 - -Dan Fandrich (4 Apr 2024) - -- CI: Add CI build on Debian stretch to test old support - - This version still has ELTS support and contains some old versions of - key components like cmake to help prevent us from breaking that support. - - Closes #13029 - -Stefan Eissing (4 Apr 2024) - -- request: paused upload on completed download, assess connection - - A transfer with a completed download that is still uploading needs to - check the connection state when it is PAUSEd, since connection - close/errors would otherwise go unnoticed. - - Reported-by: Sergey Bronnikov - Fixes #13260 - Closes #13271 - -Daniel Stenberg (4 Apr 2024) - -- url: do not URL decode proxy crendentials - - The two options CURLOPT_PROXYUSERNAME and CURLOPT_PROXYPASSWORD set the - actual names as-is, not URL encoded. - - Modified test 503 to use percent-encoded strings in the credential - strings that should be passed on as-is. - - Reported-by: Sergey Ogryzkov - Fixes #13265 - Closes #13270 - -Viktor Szakats (4 Apr 2024) - -- appveyor: enable cmake unity mode by default - - Leave one non-unity cmake job. This makes the jobs finish slightly - quicker, while giving more coverage for unity issues. - - Before: - https://ci.appveyor.com/project/curlorg/curl/builds/49496977 - https://ci.appveyor.com/project/curlorg/curl/builds/49500372 - After: - https://ci.appveyor.com/project/curlorg/curl/builds/49500338 - - Also fixup unrelated whitespace. - - Reviewed-by: Daniel Stenberg - Closes #13217 - -Daniel Stenberg (4 Apr 2024) - -- RELEASE-NOTES: synced - -Viktor Szakats (4 Apr 2024) - -- cmake: speed up libcurl doc building again - - This time limit the number of files per command to avoid exceeding - limitations of certain OS/shell envs. - - Such known env is Windows with the `cmd.exe` shell, which features an - 8K command-line length limit to this day. - - Allowlisting `UNIX` to have no limit and using a limit of 200 for other - envs to be safe. If there is a way to detect `cmd.exe` and/or we know - which precise envs are sensitive to this, we can tweak these conditions - further. - - Even with the low limit, this patch reduces external commands by 200x, - making builds much faster. - - Ref: #12762 2620aa930bc73af1e4c70b10e3125b957b96ecfb (initial) - Ref: #13047 f03c85635f35269f1f45b983bf216624f541760a (revert) - - Reviewed-by: Daniel Stenberg - Closes #13207 - -- cmake: tidy-up to use `WORKING_DIRECTORY` - - Reviewed-by: Daniel Stenberg - Closes #13206 - -- cmake: generate misc manpages and install `mk-ca-bundle.pl` - - - install `mk-ca-bundle.pl` like autotools does. - - - generate and install `mk-ca-bundle.1` and `curl-config.1` like - autotools. This fixes tests 1140 and 1173. - - Reported-by: Dan Fandrich - Fixes #13194 - - - add option `BUILD_MISC_DOCS` to control building the above two - manpages. Enabled by default. - - - appveyor: stop disabling tests 1140 and 1173. - - Reviewed-by: Daniel Stenberg - Closes #13197 - -Fabian Keil (4 Apr 2024) - -- wolfssl: plug memory leak in wolfssl_connect_step2() - - Fixes: - - test 2034...[simple HTTPS GET with DER public key pinning] - ==61829== 22,610 (3,744 direct, 18,866 indirect) bytes in 1 blocks are d - efinitely lost in loss record 51 of 54 - ==61829== at 0x484BB74: malloc (vg_replace_malloc.c:446) - ==61829== by 0x4B53A80: wolfSSL_Malloc (memory.c:344) - ==61829== by 0x4C1C8E1: wolfSSL_X509_new (x509.c:5326) - ==61829== by 0x4C3977D: d2i_X509orX509REQ (x509.c:3628) - ==61829== by 0x4C1D1F4: wolfSSL_X509_d2i (x509.c:3664) - ==61829== by 0x4C1C37B: wolfSSL_X509_dup (x509.c:13425) - ==61829== by 0x4C197DB: wolfSSL_get_peer_certificate (ssl.c:18765) - ==61829== by 0x33297C: wolfssl_connect_step2 (wolfssl.c:875) - ==61829== by 0x331669: wolfssl_connect_common (wolfssl.c:1287) - ==61829== by 0x3303E9: wolfssl_connect_nonblocking (wolfssl.c:1319) - ==61829== by 0x32FE89: ssl_connect_nonblocking (vtls.c:510) - ==61829== by 0x32DBE5: ssl_cf_connect (vtls.c:1679) - ==61829== by 0x27ABD7: Curl_conn_cf_connect (cfilters.c:307) - ==61829== by 0x27D9CF: cf_setup_connect (connect.c:1199) - ==61829== by 0x27ABD7: Curl_conn_cf_connect (cfilters.c:307) - ==61829== by 0x283CEA: cf_hc_baller_connect (cf-https-connect.c:135) - - Closes #13272 - -Viktor Szakats (3 Apr 2024) - -- appveyor: OpenSSL 3 no longer found by CMake, revert to 1.1.1 - - OpenSSL moved directories, and bumped versions in AppVeyor CI. - - Downgrading is not an ideal solution, but however trivial the solution - may be, I failed to come with anything that made CMake recognize either - OpenSSL 3.1 or 3.2. - - Possibly caused by: - https://github.com/appveyor/build-images/commit/702e8cdca01f28f6a40687783f493 - c786cebbe2c - https://github.com/appveyor/build-images/pull/149 - - Closes #13266 - -hongfei.li (3 Apr 2024) - -- winbuild: use $(RC) correctly - - Cloes #13267 - -Daniel Stenberg (3 Apr 2024) - -- dist: remove the curl-config.1 from the tarball - - The markdown file is already there and the .1 file gets generated in the - build. - - Ref: #13250 - Closes #13268 - -- curl_global_trace.md: shorten the description - - Closes #13263 - -- test1901: verify chunked POST from callback with CURLOPT_POSTFIELDSIZE set - - Follow-up to 721941aadf4ad - - Ref: #13257 - Closes #13262 - -Stefan Eissing (2 Apr 2024) - -- http: with chunked POST forced, disable length check on read callback - - - when an application forces HTTP/1.1 chunked transfer encoding - by setting the corresponding header and instructs curl to use - the CURLOPT_READFUNCTION, disregard any POST length information. - - this establishes backward compatibility with previous curl versions - - Applications are encouraged to not force "chunked", but rather - set length information for a POST. By setting -1, curl will - auto-select chunked on HTTP/1.1 and work properly on other HTTP - versions. - - Reported-by: Jeff King - Fixes #13229 - Closes #13257 - -Jay Satiro (1 Apr 2024) - -- INSTALL-CMAKE.md: explain `cmake -G ` - - - Explain that CMake's -G option can be used to specify which build - system to generate files for. - - Example: cmake ../curl -G "MinGW Makefiles" - - Ref: https://github.com/curl/curl/pull/12224#issuecomment-2026813645 - - Closes https://github.com/curl/curl/pull/13244 - -Daniel Stenberg (1 Apr 2024) - -- libcurl-opts: mention pipelining less - - libcurl has not supported HTTP pipelining since many years. Remove a few - (more) mentions of the feature. - - Closes #13254 - -Daniel McCarney (31 Mar 2024) - -- m4: reposition USE_RUSTLS="yes" for pkg-config - - It's necessary to set this var to "yes" _after_ AC_DEFINE and AC_SUBST - in order for a later `test` to pass so that `check_for_ca_bundle=1` ends - up being set. This is in turn required for the default CA certificate - bundle to be set when building w/ rustls & pkg-config. - - Reported-by: Matt Jolly - Fixes #13248 - Closes #13251 - -Daniel Stenberg (31 Mar 2024) - -- maketgz: put docs/RELEASE-TOOL.md into the tarball - - Generated with scripts/release-tools.sh - - The script lists the exact Debian package names and version numbers for - the tools that are used to generate the tarball. - - Closes #13239 - -- cd2nroff/manage: use UTC when SOURCE_DATE_EPOCH is set - - Make them independent of the TZ setting. Also set a date string like - YYYY-MM-DD to avoid a local month name in the date. - - Reported-by: Carlos Henrique Lima Melara - Fixes #13242 - Closes #13243 - -- RELEASE-NOTES: synced - -- docs/MAIL-ETIQUETTE: convert to markdown - - To render nicer. To get spellchecked. - - Closes #13247 - -- reuse: add copyright + license info to individual docs/*.md files - - Instead of use 'docs/*.md' in dep5. For clarity and avoiding a wide- - matching wildcard. - - + Remove mention of old files from .reuse/dep5 - + add info to .github/dependabot.yml - + make scripts/copyright.pl warn on non-matching patterns - - Closes #13245 - -- test470: warn about unicode quote character read from config file - - Idea-by: Emanuele Torre - -- test469: verify warning when argument has unicode quote - -- tool_getparam: output warning for leading unicode quote character - - ... in the option argument. - - Typically this is a mistake done when copying example command lines from - online documentation using the wrong quote character. - - Presumably there are also other potential quote characters that might be - used, and this check is done without even knowing that unicode is used! - - Reported-by: Sanjay Pujare - Fixes #13214 - Closes #13215 - -- tool: follow-up getenv fix - - Remove a double free. Change the IPFS env use to a plain getenv() simply - because coverity gets confused. - - Follow-up to 9126b141c9398fe - Closes #13241 - -- idn: make Curl_idnconvert_hostname() use Curl_idn_decode() - - In the name of less code duplication - - Closes #13236 - -- curl-confopts.m4: define CARES_NO_DEPRECATED when c-ares is used - - Starting in 1.28.0 c-ares added deprecation warnings for some API calls - libcurl uses. - - Closes #13240 - -- vquic: use CURL_FORMAT_CURL_OFF_T for 64 bit printf output - - Reported-by: Keitagit-kun on github - Fixes #13224 - Closes #13231 - -- openldap: create ldap URLs correctly for IPv6 addresses - - Reported-by: Sergio Durigan Junior - Fixes #13228 - Closes #13235 - -- curl: use curl_getenv instead of the curlx_ version - - The curlx one was once introduced when we still considered dropping the - libcurl function at some point. To reduce confusion and to make it - easier to understand when curl_free() should be used, use the actual - libcurl function call directly instead. - - Closes #13230 - -Evgeny Grin (Karlson2k) (30 Mar 2024) - -- curl_sha512_256: do not use workaround for NetBSD when not needed - - Assisted-by: riastradh on github - Assisted-by: Michael Kaufmann - Closes #13225 - -Matt Jolly (30 Mar 2024) - -- m4: fix rustls pkg-config codepath - - The previous pkg-config code would successfully detect rustls but did - not set all appropriate variables and call the right macros to properly - configure cURL. - - Reported-by: kpcyrd on github - Fixes #13200 - Closes #13202 - -Daniel McCarney (30 Mar 2024) - -- deps: update librustls 0.12.0 -> 0.13.0 - - This commit updates the optional rustls-ffi librustls dependency from - 0.12.0 to 0.13.0. This version is based on the latest available rustls - release (0.23.4). - - The breaking API changes from 0.12.0 to 0.13.0 are in API surface unused - by curl, so this is an in-place update without any code changes. - - The `RUSTLS.md` documentation is updated to reflect the new version in - use, and to clarify that `cbindgen` isn't required to build `librustls` - - it's only used by developers to update the vendored `rustls.h` header - file maintained upstream. - - Closes #13238 - -Daniel Stenberg (28 Mar 2024) - -- RELEASE-NOTES: synced - -- tool_xattr: "guess" URL scheme if none is provided - - ... when figuring out the source URL to store. - - Reported-by: Dagfinn Ilmari Mannsåker - Fixes #13205 - Closes #13221 - -- tool_xattr: in debug builds, act normally if CURL_FAKE_XATTR is not set - - Closes #13220 - -Stefan Eissing (28 Mar 2024) - -- content_encoding: brotli and others, pass through 0-length writes - - - curl's transfer handling may write 0-length chunks at the end of the - download with an EOS flag. (HTTP/2 does this commonly) - - - content encoders need to pass-through such a write and not count this - as error in case they are finished decoding - - Fixes #13209 - Fixes #13212 - Closes #13219 - -Tobias Stoeckmann (28 Mar 2024) - -- libssh2: set length to 0 if strdup failed - - Internally, libssh2 dereferences the NULL pointer if length is non-zero. - The callback function cannot return the error condition, so at least - prevent subsequent crash. - - Closes #13213 - -Daniel Stenberg (28 Mar 2024) - -- RELEASE-PROCEDURE: mention an initial working build - - This is the step that was not done and caused the 8.7.0 mishap (it - lacked the correctly generated hugehelp file). - - Remove the mention of the copyright script as this is verified by a CI - job these days: the REUSE one. - - Closes #13216 - -Paul Howarth (28 Mar 2024) - -- curl_sha512_255: fix detection of OpenSSL 1.1.1 or later - - Use the same OPENSSL_VERSION_NUMBER comparison as in lib/vtls/openssl.c. - - Closes #13208 - -Robert Moreton (28 Mar 2024) - -- cf-socket: remove references to l_ip, l_port - - Fixes #13210 - Closes #13211 - -Daniel Stenberg (28 Mar 2024) - -- openssl: do not set SSL_MODE_RELEASE_BUFFERS - - While it might save some memory, it causes OpenSSL to instead do a huge - amount of allocations. - - Ref: #13136 - Closes #13203 - -- curl: make --help adapt to the terminal width - - Instead of assuming and working with 80 colums, try figuring out what - width is actually used. - - Ref: #13141 - - Closes #13171 - -- RELEASE-NOTES: synced - - and bump to 8.7.2 for now - -- configure: make --disable-docs imply --disable-manual - - Because when the docs is not built, the necesary curl.txt file is not - present so then the manual cannot get built. - - Reported-by: Harry Sintonen - Closes #13191 - -Chris Webb (27 Mar 2024) - -- cmdline-docs: fix make install with configure --disable-docs - - make -C docs/cmdline-opts install depends on all-am, which in turn - depends on $(MANS), unconditionally defined to be $(man_MANS). - - As with CLEANFILES, only add curl.1 to man_MANS when BUILD_DOCS is true - so we don't try to build curl.1 unnecessarily. - - Closes #13198 - -Version 8.7.1 (27 Mar 2024) - -Daniel Stenberg (27 Mar 2024) - -- RELEASE-PROCEDURE: remove old release dates, add new pending ones - -Version 8.7.0 (27 Mar 2024) - -Daniel Stenberg (27 Mar 2024) - -- RELEASE-NOTES: synced - - curl 8.7.0 release - -- THANKS: new contributors from the 8.7.0 release - -- CURLOPT_POSTFIELDS.md: used for MQTT as well - - Closes #13189 - -- http: remove stale comment about rewindbeforesend - - ... because that struct field exists no more. - - Follow-up to 14bcea074a782272. - - Closes #13187 - -- DISTROS: add document with distro pointers - - Lots of organizations distribute curl packages to end users. This is a - collection of pointers to where to learn more about curl on and with - each distro. - - Assisted-by: Alan Coopersmith - Assisted-by: Andrew Kaster - Assisted-by: Andy Fiddaman - Assisted-by: Arjan van de Ven - Assisted-by: Brian Clemens - Assisted-by: chrysos349 on github - Assisted-by: Dan Fandrich - Assisted-by: Dan McDonald - Assisted-by: Gaelan Steele - Assisted-by: graywolf on github - Assisted-by: Jan Macku - Assisted-by: John Marshall - Assisted-by: Jonathan Perkin - Assisted-by: Kevin Daudt - Assisted-by: Marcus Müller - Assisted-by: Michał Górny - Assisted-by: Outvi V - Assisted-by: Ross Burton - Assisted-by: Sean Molenaar - Assisted-by: Till Wegmüller - Assisted-by: Viktor Szakats - Assisted-by: Winni Neessen - - Closes #13178 - -Fabian Keil (25 Mar 2024) - -- wolfSSL: do not call the stub function wolfSSL_BIO_set_init() - - Calling the function isn't necessary and causes the build - to fail when wolfSSL has been compiled with NO_WOLFSSL_STUB: - - Making all in opts - CCLD curl - ld: error: undefined symbol: wolfSSL_BIO_set_init - >>> referenced by wolfssl.c:235 (vtls/wolfssl.c:235) - >>> libcurl_la-wolfssl.o:(wolfssl_bio_cf_create) in archiv - e ../lib/.libs/libcurl.a - cc: error: linker command failed with exit code 1 (use -v to see invocat - ion) - *** Error code 1 - - Closes #13164 - -Daniel Stenberg (25 Mar 2024) - -- cmdline-opts: shorter help texts - - In an effort to increase the readability of the "--help all" output on - narrow (80 column) terminals. - - Co-authored-by: Jay Satiro - - Closes #13169 - -Matt Jolly (25 Mar 2024) - -- curl-rustls.m4: add pkg-config support to rustls detection - - Based on the existing openssl pkg-config detection, this commit tries to - use pkg-config to find `rustls` then falls back to the current approach - if that fails. - - We use the following logic: - - - if no path is provided, just use pkg-config, if it's not there we have - a problem! - - if a path is provided, try pkg-config - + if pkg-config fails, try and find rustls directly - - Closes #13179 - -Mohammadreza Hendiani (25 Mar 2024) - -- TODO: update 13.11 with more information - - Closes #13173 - -Daniel Stenberg (23 Mar 2024) - -- docs/libcurl: generate PROTOCOLS from meta-data - - Remove the PROTOCOLS section from the source files completely and - instead generate them based on the header data in the curldown files. - - It also generates TLS backend information for options marked for TLS as - protocol. - - Closes #13175 - -- CURLMOPT_MAX*: mention what happens if changed mid-transfer - - For CURLMOPT_MAXCONNECTS and CURLMOPT_MAX_HOST_CONNECTIONS - - Ref: #13158 - Closes #13176 - -- docs/libcurl: add TLS backend info for all TLS options - - All man pages that are listed to be for TLS now must also specify - exactly what TLS backends the option works for, or use All if they all - work. - - cd2nroff makes sure this is done and that the listed backends exist. - - Closes #13168 - -- docs/libcurl: cleanups - - - CURLINFO_TLS_SESSION.md: remove mention of NSS - - CURLINFO_TLS_SSL_PTR.md: remove NSS leftover - - CURLOPT_CAINFO.md: drop mention of backends not supporting this - - CURLOPT_CAPATH.md: wolfSSL also supports this - - Closes #13166 - -- docs: make each libcurl man specify protocol(s) - - The mandatory header now has a mandatory list of protocols for which the - manpage is relevant. - - Most man pages already has a "PROTOCOLS" section, but this introduces a - stricter way to specify the relevant protocols. - - cd2nroff verifies that at least one protocol is mentioned (which can be - `*`). - - This information is not used just yet, but A) the PROTOCOLS section can - now instead get generated and get a unified wording across all manpages - and B) this allows us to more reliably filter/search for protocol - specific manpages/options. - - Closes #13166 - -Stefan Eissing (21 Mar 2024) - -- http2, http3: only return CURLE_PARTIAL_FILE when bytes were received - - - should resolve spurious pytest failures when stream were reset - right after response header were received - - Clsoes #13151 - -- http: separate response parsing from response action - - - move code that triggers on end-of-response into separate function from - parsing - - simplify some headp/headerlen usage - - add `httpversion` to SingleRequest to indicate the version of the - current response - - Closes #13134 - -Daniel Stenberg (21 Mar 2024) - -- http2: remove the third (unused) argument from http2_data_done() - - Closes #13154 - -- RELEASE-NOTES: synced - -Evgeny Grin (Karlson2k) (21 Mar 2024) - -- RELEASE-NOTES: corrected - - Corrected link for item 118 - - Closes #13157 - -Daniel Stenberg (19 Mar 2024) - -- CURLOPT_INTERFACE.md: remove spurious amp, add see-also - - Closes #13149 - -Stefan Eissing (19 Mar 2024) - -- http: improve response header handling, save cpu cycles - - Saving some cpu cycles in http response header processing: - - pass the length of the header line along - - use string constant sizeof() instead of strlen() - - check line length if prefix is possible - - switch on first header char to limit checks - - Closes #13143 - -Daniel Stenberg (19 Mar 2024) - -- tool_getparam: accept a blank -w "" - - Added test 468 to verify. - - Regression from 07bcae89d5d00 (shipped in 8.6.0) - Reported-by: Thomas Pyle - Fixes #13144 - Closes #13145 - -Evgeny Grin (Karlson2k) (18 Mar 2024) - -- curl_sha512_256: work around a NetBSD bug - - Based on Michael Kaufmann analysis and suggestion - - Closes #13133 - -Stefan Eissing (18 Mar 2024) - -- http: expect 100 rework - - Move all handling of HTTP's `Expect: 100-continue` feature into a client - reader. Add sending flag `KEEP_SEND_TIMED` that triggers transfer - sending on general events like a timer. - - HTTP installs a `CURL_CR_PROTOCOL` reader when announcing `Expect: - 100-continue`. That reader works as follows: - - - on first invocation, records time, starts the `EXPIRE_100_TIMEOUT` - timer, disables `KEEP_SEND`, enables `KEEP_SEND_TIMER` and returns 0, - eos=FALSE like a paused upload. - - - on subsequent invocation it checks if the timer has expired. If so, it - enables `KEEP_SEND` and switches to passing through reads to the - underlying readers. - - Transfer handling's `readwrite()` will be invoked when a timer expires - (like `EXPIRE_100_TIMEOUT`) or when data from the server arrives. Seeing - `KEEP_SEND_TIMER`, it will try to upload more data, which triggers - reading from the client readers again. Which then may lead to a new - pausing or cause the upload to start. - - Flags and timestamps connected to this have been moved from - `SingleRequest` into the reader's context. - - Closes #13110 - -- mbedtls: fix pytest for newer versions - - Fix the expectations in pytest for newer versions of mbedtls - - Closes #13132 - -Daniel Stenberg (15 Mar 2024) - -- ipv6.md: mention IPv4 mapped addresses - - Reported-by: Josh Soref - Assisted-by: Jay Satiro - Fixes #13112 - Closes #13131 - -Stefan Eissing (15 Mar 2024) - -- http: revisit http_perhapsrewind() - - - use facilities provided by client readers better - - work also for non-uploading requests like GET/HEAD - - update documentation - - Closes #13117 - -- test 1541: verify getinfo values on first header callback - - Reported-by: chensong1211 on github - Ref: #13125 - Closes #13128 - -- TLS: start shutdown only when peer did not already close - - - When curl sees a TCP close from the peer, do not start a TLS shutdown. - TLS shutdown is a handshake and if the peer already closed the - connection, it is not interested in participating. - - Reported-by: dfdity on github - Assisted-by: Jiří Bok - Assisted-by: Pēteris Caune - Fixes #10290 - Closes #13087 - -Daniel Stenberg (14 Mar 2024) - -- RELEASE-NOTES: synced - -- curl: make --libcurl output better CURLOPT_*SSLVERSION - - The option is really two enums ORed together, so it needs special - attention to make the code output nice. - - Added test 1481 to verify. Both the server and the proxy versions. - - Reported-by: Boris Verkhovskiy - Fixes #13127 - Closes #13129 - -- GHA/linux: add sysctl trick to work-around GitHub runner issue - - The GitHub image runner update from 20240304.1.0 to 20240310.1 - introduces a problem for clang-14. The issue is caused by - incompatibility between llvm 14 provided in ubuntu-22.04 image and the - much newer kernel configured with high-entropy ASLR. - - As a work-around, we issue a sysctl command to lower the entropy and get - clang-14 to work again. - - URL: https://github.com/actions/runner-images/issues/9491 - - Closes #13124 - -- SPONSORS: describe the basics - - Closes #13119 - -- GOVERNANCE: document the core team - - Closes #13118 - -Jay Satiro (13 Mar 2024) - -- vquic-tls: fix the error code returned for bad CA file - - - Return CURLE_SSL_CACERT_BADFILE if wolfSSL encounters a problem - reading the cert file or path. - - This is a follow-up to the parent commit aedbbdf1. - - Reported-by: Karthikdasari0423@users.noreply.github.com - - Fixes https://github.com/curl/curl/issues/13115 - -Daniel Stenberg (12 Mar 2024) - -- vquic-tls: return appropirate errors on wolfSSL errors - - Reported-by: Dexter Gerig - Closes #13107 - -Viktor Szakats (12 Mar 2024) - -- tidy-up: one comment and EOF newlines - - Reviewed-by: Daniel Stenberg - Closes #13108 - -Daniel Stenberg (12 Mar 2024) - -- cmdline-opts: language cleanups - - Use imperative mood consistently for the first sentence describing an - option. - - "Set this" instead "tell curl to set" or "this sets..." - - Plus some extra cleanups and rephrasing. - - Closes #13106 - -- managen: remove space before protocols - - For options that are listed for specific protocols, the protocols (shown - first within parentheses) are now output without the leading space in the - manpage output. - - Closes #13105 - -Jay Satiro (12 Mar 2024) - -- mbedtls: properly cleanup the thread-shared entropy - - - Store the state of the thread-shared entropy for global init/cleanup. - - - Use curl's thread support of mbedtls for all Windows builds instead of - just when the threaded resolver is used via USE_THREADS_WIN32. - - Prior to this change on global cleanup curl builds that have curl thread - support for mbedtls freed the entropy (8b1d2298) but failed to mark that - it had been freed, which caused problems on subsequent init + transfer. - - Bug: https://github.com/curl/curl/discussions/11919#discussioncomment-8687105 - Reported-by: awesomekosm@users.noreply.github.com - - Closes https://github.com/curl/curl/pull/13071 - -Daniel Stenberg (12 Mar 2024) - -- tool_getparam: handle non-existing (out of range) short-options - - ... correctly, even when they follow an existing one without a space in - between. - - Verify with test 467 - - Follow-up to 07dd60c05b - Reported-by: Geeknik Labs - Fixes #13101 - Closes #13102 - -Stefan Eissing (11 Mar 2024) - -- lib: move 'done' parameter to SingleRequests - - A transfer may do several `SingleRequest`s for its success. This happens - regularly for authentication, follows and retries on failed connections. - The "readwrite()" calls and functions connected to those carried a `bool - *done` parameter to indicate that the current `SingleRequest` is over. - This may happen before `upload_done` or `download_done` bits of - `SingleRequest` are set. - - The problem with that is now `write_resp()` protocol handlers are - invoked in places where the `bool *done` cannot be passed up to the - caller. Instead of being a bool in the call chain, it needs to become a - member of `SingleRequest`, reflecting its state. - - This removes the `bool *done` parameter and adds the `done` bit to - `SingleRequest` instead. It adds `Curl_req_soft_reset()` for using a - `SingleRequest` in a follow up, clearing `done` and other - flags/counters. - - Closes #13096 - -- request: clarify message when request has been sent off - - Change the "uploaded and fine" message for requests without a body - - Reported-by: Karthikdasari0423 on github - Fixes #13093 - Closes #13095 - -Daniel Stenberg (11 Mar 2024) - -- RELEASE-NOTES: synced - -Stefan Eissing (9 Mar 2024) - -- lib: keep conn IP information together - - new struct ip_quadruple for holding local/remote addr+port - - - used in data->info and conn and cf-socket.c - - copy back and forth complete struct - - add 'secondary' to conn - - use secondary in reporting success for ftp 2nd connection - - Reported-by: DasKutti on github - Fixes #13084 - Closes #13090 - -Daniel Stenberg (8 Mar 2024) - -- scripts/managen: the new name and home for the manpage generator - - It was previously docs/cmdline-opts/gen.pl - - Closes #13089 - -- VULN-DISCLOSURE-POLICY.md: update detail about CVE requests - - curl is a CNA now - - Closes #13088 - -Stefan Eissing (8 Mar 2024) - -- lib: client reader polish - - - seek_func/seek_client, use transfer values only - - remove copies held in `struct connectdata`, use only - ever `data->set.seek_func` - - resolves possible issues in multiuse connections - - new mime post reader eliminates need to ever overwriting this - - - websockets, remove empty Curl_ws_done() function - - Closes #13079 - -Marcel Raad (8 Mar 2024) - -- lib1598: fix `CURLOPT_POSTFIELDSIZE` usage - - It requires a `long` argument. - - Closes https://github.com/curl/curl/pull/13085 - -Daniel Stenberg (8 Mar 2024) - -- docs/cmdline-opts: drop the curl.1 from the dist tarball - - Since it is no longer needed for building tool_hugehelp.c and all the - docs is available in readable markdown format in the tarball, the peeps - that don't want to build the manpage still do good. - - Removing it also fixes the complexity of out-of-tree builds when the - curl.1 exists in the source tree. - -- test1140/1173: extend wildcards to find curl.1 - - ... in its new build path. - - Also update the test scripts to be more precise in error messages to - help us understand CI errors better. - - Follow-up to f03c85635f35269f1 - Ref: #13029 - Closes #13083 - -- http2: minor tweaks to optimize two struct sizes - - - use BIT() instead of bool - - place the struct fields in (roughly) size order - - Closes #13082 - -- buildconf.bat: remove outdated groff/nroff use - - - don't try to generate the real hugehelp file, because it requires - curl.txt which needs a build - - don't attempt to do anything in a c-ares subdirectory - - Follow-up to f03c85635f35269 - Closes #13078 - -- http2: memory errors in the push callbacks are fatal - - Use the correct nghttp2 error code accordingly. - - Closes #13081 - -Viktor Szakats (7 Mar 2024) - -- mkhelp: rename variable to fix compiler warnings - - ``` - src\tool_operate.c(541,33): warning C4459: declaration of 'm' hides global de - claration [_bld\src\curl.vcxproj] - _bld\src\tool_hugehelp.c(8,27): - see declaration of 'm' - src\tool_paramhlp.c(307,14): warning C4459: declaration of 'm' hides global d - eclaration [_bld\src\curl.vcxproj] - src\tool_progress.c(118,16): warning C4459: declaration of 'm' hides global d - eclaration [_bld\src\curl.vcxproj] - src\tool_writeout.c(288,31): warning C4459: declaration of 'm' hides global d - eclaration [_bld\src\curl.vcxproj] - ``` - Ref: https://ci.appveyor.com/project/curlorg/curl/builds/49348159/job/51ee75c - d2n0wj6lc#L614 - - Reviewed-by: Daniel Stenberg - Closes #13077 - -Daniel Stenberg (7 Mar 2024) - -- KNOWN_BUGS: POP3 issue when reading small chunks - - Closes #12063 - -- RELEASE-NOTES: synced - -Robert Moreton (7 Mar 2024) - -- asyn-ares: fix data race warning - - - Store the c-ares version during global init. - - Prior to this change several threads could write the same data to a - static int variable at the same time. Though in practice it's not a - problem ThreadSanitizer may warn. - - Reported-by: Nikita Taranov - Assisted-by: Jay Satiro - - Fixes #13065 - Closes #13000 - -Stefan Eissing (7 Mar 2024) - -- hyper: implement unpausing via client reader - - Just a tidy up to contain 'ifdef' pollution of common - code parts with implementation specifics. - - - remove the ifdef hyper unpausing in easy.c - - add hyper client reader for CURL_CR_PROTOCOL phase - that implements the unpause method for calling - the hyper waker if it is set - - Closes #13075 - -- ngtcp2: no recvbuf for stream - - - write response data directly to the transfer via - `Curl_xfer_write_resp()` like we do in HTTP/2. - - Closes #13073 - -- docs/cmdline-opts/.gitignore: ignore curl.txt - - Closes #13076 - -Evgeny Grin (Karlson2k) (7 Mar 2024) - -- sha512_256: add support for GnuTLS and OpenSSL - - This is a follow-up for PR #12897. - - Add support for SHA-512/256 digest calculation by TLS backends. - Currently only OpenSSL and GnuTLS (actually, nettle) support - SHA-512/256. - - Closes #13070 - -- digest: add check for hashing error - - Closes #13072 - -Viktor Szakats (7 Mar 2024) - -- cmake: enable `ENABLE_CURL_MANUAL` by default - - Meaning `curl.1` and `src/tool_hugehelp.c` are built by default, - and `--manual` in curl tool is also enabled by default. - - This syncs behaviour with autotools. - - For a reproducible `curl.1`, `SOURCE_DATE_EPOCH` needs to be set - to a consistent date, e.g. the timestamp of `CHANGES`. - - A pre-built manual (e.g. the one distributed in the official source - tarball) will be ignored and rebuilt after this patch, unless - explicitly disabling this option. - - Fixes #13028 - Closes #13069 - -Stefan Eissing (7 Mar 2024) - -- http2: push headers better cleanup - - - provide common cleanup method for push headers - - Closes #13054 - -Daniel Stenberg (7 Mar 2024) - -- GIT-INFO: convert to markdown - - Closes #13074 - -Richard Levitte (7 Mar 2024) - -- cmake: fix libcurl.pc and curl-config library specifications - - Letting CMake figure out where libraries are located gives you full - paths. When generating libcurl.pc and curl-config, getting libraries as - full paths is unusual when one expects to get a list of -l. - - To meet expectations, an effort is made to convert the full paths into - -l, possibly with -L before it. - - Fixes #6169 - Fixes #12748 - Closes #12930 - -Daniel Stenberg (7 Mar 2024) - -- test463: HTTP with -d @file with file containing CR, LF and null byte - -- paramhlp: fix CRLF-stripping files with "-d @file" - - All CR and LF bytes should be stripped, as documented, and all other - bytes are inluded in the data. Starting now, it also excludes null bytes - as they would otherwise also cut the data short. - - Reported-by: Simon K - Fixes #13063 - Closes #13064 - -Viktor Szakats (7 Mar 2024) - -- cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled - - Prior to this change `CURL_WINDOWS_SSPI` was accidentally forced `OFF` - when building without the Schannel TLS backend. - - This in turn may have caused Kerberos, SPNEGO and SSPI features - disappearing even with `CURL_WINDOWS_SSPI=ON` set. - - This patch fixes it by using the `CURL_USE_SCHANNEL` setting as a - default for `CURL_WINDOWS_SSPI`, but allowing a manual override. - - Also update the option text to better tell its purpose. - - Thanks-to: Andreas Loew - Reviewed-by: Daniel Stenberg - Ref: #13056 - Closes #13061 - -Jay Satiro (6 Mar 2024) - -- KNOWN_BUGS: FTPS server compatibility on Windows with Schannel - - - Remove "2.12 FTPS with Schannel times out file list operation" - - - Remove "7.12 FTPS directory listing hangs on Windows with Schannel" - - - Add "7.12 FTPS server compatibility on Windows with Schannel" - - This change adds a more generic bug description that explains FTPS with - the latest curl and Schannel is not widely used and may have more bugs - than other TLS backends. - - The two removed FTPS Schannel bugs can't be reproduced any longer and - were likely fixed by 24d6c288. - - Ref: https://github.com/curl/curl/issues/5284 - Ref: https://github.com/curl/curl/issues/9161 - Ref: https://github.com/curl/curl/issues/12894 - - Closes https://github.com/curl/curl/pull/13032 - -- trace-config.md: remove the mutexed options list - - - Remove the rendered manpage message that says: - "[--trace-config] is mutually exclusive to --trace and -v, --verbose". - - Actually it can be used with either of those options, which are mutually - exclusive to each other but not to --trace-config. - - Ref: https://curl.se/docs/manpage.html#--trace-config - - Closes https://github.com/curl/curl/pull/13031 - -Daniel Stenberg (6 Mar 2024) - -- mkhelp: simplify the generated hugehelp program - - Use a plain array and puts() every line, also allows us to provide the - strings without ending newlines. - - - merge blank lines into the next one as a prefixed newline. - - turn eight consecutive spaces into a tab (since they can only be on the - left side of text) - - the newly generated tool_hugehelp is 3K lines shorter and 50K smaller - - modifies the top logo layout a little by reducing the indent - - Closes #13047 - -- docs: ascii version of manpage without nroff - - Create ASCII version of manpage without nroff - - - build src/tool_hugegelp.c from the ascii manpage - - move the the manpage and the ascii version build to docs/cmdline-opts - - remove all use of nroff from the build process - - should make the build entirely reproducible (by avoiding nroff) - - - partly reverts 2620aa9 to build libcurl option man pages one by one - in cmake because the appveyor builds got all crazy until I did - - The ASCII version of the manpage - - - is built with gen.pl, just like the manpage is - - has a right-justified column making the appearance similar to the previous - version - - uses a 4-space indent per level (instead of the old version's 7) - - does not do hyphenation of words (which nroff does) - - History - - We first made the curl build use nroff for building the hugehelp file in - December 1998, for curl 5.2. - - Closes #13047 - -Stefan Eissing (6 Mar 2024) - -- lib: add `void *ctx` to reader/writer instances - - - `struct Curl_cwriter` and `struct Curl_creader` now carry a - `void *ctx` member that points to the instance as allocated. - - using `r->ctx` and `w->ctx` as pointer to the instance specific - struct that has been allocated - - Reported-by: Rudi Heitbaum - Fixes #13035 - Closes #13059 - -- http: fix dead code in setting post client reader - - - postsize was always 0, thus the check's else never happened - after the mime client reader was introduced - - Follow-up to 0ba47146f7ff3d - Closes #13060 - -- http2: fix push discard - - - fix logic in discarding a failed pushed stream so that - stream context is properly cleaned up - - Closes #13055 - -- transfer.c: break receive loop in speed limited transfers - - - the change breaks looping in transfer.c receive for transfers that are - speed limited on having gotten *some* bytes. - - the overall speed limit timing is done in multi.c - - Reported-by: Dmitry Karpov - Bug: https://curl.se/mail/lib-2024-03/0001.html - Closes #13050 - -- mime: add client reader - - Add `mime` client reader. Encapsulates reading from mime parts, getting - their length, rewinding and unpausing. - - - remove special mime handling from sendf.c and easy.c - - add general "unpause" method to client readers - - use new reader in http/imap/smtp - - make some mime functions static that are now only used internally - - In addition: - - remove flag 'forbidchunk' as no longer needed - - Closes #13039 - -Daniel Stenberg (5 Mar 2024) - -- RELEASE-NOTES: synced - -- TODO: remove "build HTTP/3 with OpenSSL and nghttp3 using cmake" - - Follow-up to 8e741644a229c37 - -Tal Regev (5 Mar 2024) - -- cmake: add USE_OPENSSL_QUIC support - - Closes #13034 - -Stefan Eissing (5 Mar 2024) - -- TIMER_STARTTRANSFER: set the same for everyone - - - set TIMER_STARTTRANSFER on seeing the first response bytes - in the download client writer, not coming from a CONNECT - - initialized the timer the same way for all protocols - - remove explicit setting of TIMER_STARTTRANSFER in file.c - and c-hyper.c - - Closes #13052 - -Michael Kaufmann (5 Mar 2024) - -- http: better error message for HTTP/1.x response without status line - - If a response without a status line is received, and the connection is - known to use HTTP/1.x (not HTTP/0.9), report the error "Invalid status - line" instead of "Received HTTP/0.9 when not allowed". - - Closes #13045 - -Viktor Szakats (5 Mar 2024) - -- KNOWN_BUGS: fix typo - - Reviewed-by: Daniel Stenberg - Closes #13051 - -Sebastian Neubauer (5 Mar 2024) - -- smpt: fix starttls - - In cases where the connection was fast, curl sometimes failed to open a - connection. This fixes a regression of c2d973627bab12abc5486a3f3. - - The regression triggered in these steps: - - 1. Create an smtp connection - 2. Use STARTTLS - 3. Receive the response - 4. We are inside the loop in `smtp_statemachine`, calling - `smtp_state_starttls_resp` - 5. In the good flow, we exit the loop, re-enter `smtp_statemachine` and - run `smtp_perform_upgrade_tls` at the start of the function. - - In the bad flow, we stay in the while loop, calling - `Curl_pp_readresp`, which reads part of the TLS handshake and things - go wrong. - - The reason is that `Curl_pp_moredata` changed behavior and always - returns `true`, so we stay in the loop in `smtp_statemachine`. With a - slow connection `Curl_pp_readresp` cannot read new data and returns - `CURL_AGAIN`, so we leave the loop and re-enter `smtp_statemachine`. - - With a fast connection, `Curl_pp_readresp` reads new data from the tcp - connection, which is part of the TLS handshake. - - The fix is in `Curl_pp_moredata`, which needs to take the final line - into account and return `false` if only the final line is stored. - - Closes #13048 - -Stefan Eissing (5 Mar 2024) - -- lib: enhance client reader resume + rewind - - - update client reader documentation - - client reader, add rewind capabilities - - tell creader to rewind on next start - - Curl_client_reset() will keep reader for future rewind if requested - - add Curl_client_cleanup() for freeing all resources independent of - rewinds - - add Curl_client_start() to trigger rewinds - - move rewind code from multi.c to sendf.c and make part of - "cr-in"'s implementation - - http, move the "resume_from" handling into the client readers - - the setup of a HTTP request is reshuffled to follow: - * determine method, target, auth negotiation - * install the client reader(s) for the request, including crlf - conversions and "chunked" encoding - * apply ranges to client reader - * concat request headers, upgrades, cookies, etc. - * complete request by determining Content-Length of installed - readers in combination with method - * send - - add methods for client readers to - * return the overall length they will generate (or -1 when unknown) - * return the amount of data on the CLIENT level, so that - expect-100 can decide if it want to apply itself - * set a "resume_from" offset or fail if unsupported - - struct HTTP has become largely empty now - - rename `Client_reader_*` to `Curl_creader_*` - - Closes #13026 - -Viktor Szakats (5 Mar 2024) - -- openssl-quic: fix BIO leak and Windows warning - - Caused by an accidentally duplicated line in - d6825df334def106f735ce7e0c1a2ea87bddffb0. - - ``` - .../lib/vquic/curl_osslq.c:1095:30: warning: implicit conversion loses intege - r precision: 'curl_socket_t' (aka 'unsigned long long') to 'int' [-Wshorten-6 - 4-to-32] - 1095 | bio = BIO_new_dgram(ctx->q.sockfd, BIO_NOCLOSE); - | ~~~~~~~~~~~~~ ~~~~~~~^~~~~~ - 1 warning and 2 errors generated. - ``` - - Reviewed-by: Stefan Eissing - Closes #13043 - -- openssl-quic: fix unity build, casing, indentation - - - rename static functions to avoid duplicate symbols in unity mode. - - windows -> Windows/window in error message and comment. - - fix indentation. - - Reviewed-by: Stefan Eissing - Closes #13044 - -Daniel Stenberg (5 Mar 2024) - -- gen.pl: make the "manpageification" faster - - The function that replaces occurances of "--longoption" with "-Z, - --longoption" etc with the proper highlight applied, no longer loops - over the options. - - Closes #13041 - -- CONTRIBUTE: update the section on documentation format - - ... since most of it is markdown now. - - Closes #13046 - -- smtp: free a temp resource - - The returned address needs to be freed. - - Follow-up to e3905de8196d67b89df1602feb84c1f993211b20 - Spotted by Coverity - - Closes #13038 - -- _VARIABLES.md: improve the description - - Closes #13040 - -dependabot[bot] (4 Mar 2024) - -- build(deps): bump fsfe/reuse-action from 2 to 3 - - Bumps [fsfe/reuse-action](https://github.com/fsfe/reuse-action) from 2 to 3. - - [Release notes](https://github.com/fsfe/reuse-action/releases) - - [Commits](https://github.com/fsfe/reuse-action/compare/v2...v3) - - --- - updated-dependencies: - - dependency-name: fsfe/reuse-action - dependency-type: direct:production - update-type: version-update:semver-major - ... - - Signed-off-by: dependabot[bot] - -Stefan Eissing (4 Mar 2024) - -- pytest: adapt to API change - - - pytest has changed the signature of the hook pytest_report_header() - for some obscure reason and that change landed in our CI now - - - remove the changed param that we never used anyway - - Closes #13037 - -Daniel Stenberg (4 Mar 2024) - -- cookie: if psl fails, reject the cookie - - A libpsl install without data and no built-in database is now considered - bad enough to reject all cookies since they cannot be checked. It is - somewhat of a user error, but still. - - Reported-by: Dan Fandrich - Closes #13033 - -Stefan Eissing (4 Mar 2024) - -- lib: further send/upload handling polish - - - Move all the "upload_done" handling to request.c - - - add possibility to abort sending of a request - - add `Curl_req_done_sending()` for checks - - transfer.c: readwrite_upload() now clean - - - removing data->state.ulbuf and data->req.upload_fromhere - - - as well as data->req.upload_present - - set data->req.upload_done on having read all from - the client and completely flushed the send buffer - - - tftp, remove setting of data->req.upload_fromhere - - - serves no purpose as `upload_present` is not set - and the data itself is directly `sendto()` anyway - - - smtp, make upload EOB conversion a client reader - - xfer_ulbuf addition - - - add xfer_ulbuf for borrowing, similar to xfer_buf - - use in file upload - - use in c-hyper body sending - - - h1-proxy, remove init of data->state.uilbuf that is never used - - smb, add own send_buf instead of using data->state.ulbuf - - Closes #13010 - -Daniel Stenberg (4 Mar 2024) - -- RELEASE-NOTES: synced - -kpcyrd (3 Mar 2024) - -- rustls: fix two warnings related to number types - - Reported-by: Gisle Vanem - Follow-up to #12989 - Closes #13017 - -Stefan Eissing (3 Mar 2024) - -- bufq: writing into a softlimit queue cannot be partial - - - when unable to obtain a new chunk on a softlimit bufq, - this is an allocation error and needs to be reported as - such. - - writes into a soflimit bufq never must be partial success - - Reported-by: Dan Fandrich - Fixes #13020 - Closes #13023 - -Dan Fandrich (2 Mar 2024) - -- configure: Don't build shell completions when disabled - - With the recent changes to completion file building, the files were - built always and only installation was selectively disabled. Now, when - they are disabled they aren't even built, avoiding a build-time error in - environments where it's not possible to run the curl binary that was - just created (e.g. if library paths were not set up correctly). - - Follow-up to 0f7aba83c - - Reported-by: av223119 on github - Fixes #13027 - Closes #13030 - -Jay Satiro (2 Mar 2024) - -- cmdline-opts/_EXITCODES: sync with libcurl-errors - - - Add error code 100 (CURLE_TOO_LARGE) to the list of error codes that - can be returned by the curl tool. - - Closes https://github.com/curl/curl/pull/13015 - -Stefan Eissing (1 Mar 2024) - -- hyper: disable test1598 due to lack of trailer support - - Follow-up to 50838095 - - Closes #13016 - -Dan Fandrich (1 Mar 2024) - -- ftp: Mark a const buffer as const - -- appveyor: Properly skip if only CircleCI is changed - -- docs: Update minimal binary size in INSTALL.md - - Include more options to reduce binary size. - -- configure: Don't make shell completions without perl - - The code that attempted to skip building the shell completions didn't - work properly and tried to build them even if perl wasn't available. - This step, as well as the install step, is now properly skipped without - perl. - - Follow-up to 89733e2dd - - Closes #13022 - -RainRat (1 Mar 2024) - -- misc: Fix typos in docs and lib - - This fixes miscellaneous typos and duplicated words in the docs, lib - and test comments and a few user facing errorstrings. - - Author: RainRat on Github - Reviewed-by: Daniel Gustafsson - Reviewed-by: Dan Fandrich - Closes: #13019 - -Dan Fandrich (29 Feb 2024) - -- configure: build & install shell completions when enabled - - The --with-fish-functions-dir and --with-zsh-functions-dir options - currently have no effect on a normal build because the scripts/ directory - where they're used is not built. Add scripts/ to a normal build and - change the completion options to default to off to preserve the existing - behaviour. - - Closes: #12906 - -- github/labeler: improve the match patterns - -Stefan Eissing (28 Feb 2024) - -- tests: add test1598 for POST with trailers - - - test POST fields with trailers and chunked encoding - - Ref: #12938 - Closes #13009 - -Daniel Stenberg (28 Feb 2024) - -- cmdline-opts/_VERSION: provide %VERSION correctly - - ... so that it does not get included verbatim in the output. Fixes a - regression shipped in 8.6.0. - - Also fix a format mistake in form.md - - Closes #13008 - -Stefan Eissing (28 Feb 2024) - -- lib: Curl_read/Curl_write clarifications - - - replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to - clarify when and at what level they operate - - send/recv of transfer related data is now done via - `Curl_xfer_send()/Curl_xfer_recv()` which no longer has - socket/socketindex as parameter. It decides on the transfer - setup of `conn->sockfd` and `conn->writesockfd` on which - connection filter chain to operate. - - send/recv on a specific connection filter chain is done via - `Curl_conn_send()/Curl_conn_recv()` which get the socket index - as parameter. - - rename `Curl_setup_transfer()` to `Curl_xfer_setup()` for - naming consistency - - clarify that the special CURLE_AGAIN hangling to return - `CURLE_OK` with length 0 only applies to `Curl_xfer_send()` - and CURLE_AGAIN is returned by all other send() variants. - - fix a bug in websocket `curl_ws_recv()` that mixed up data - when it arrived in more than a single chunk (to be made - into a sperate PR, also) - - Added as documented [in - CLIENT-READER.md](https://github.com/curl/curl/blob/5b1f31dfbab8aef467c419c68 - aa06dc738cb75d4/docs/CLIENT-READERS.md). - - - old `Curl_buffer_send()` completely replaced by new `Curl_req_send()` - - old `Curl_fillreadbuffer()` replaced with `Curl_client_read()` - - HTTP chunked uploads are now formatted in a client reader added when - needed. - - FTP line-end conversions are done in a client reader added when - needed. - - when sending requests headers, remaining buffer space is filled with - body data for sending in "one go". This is independent of the request - body size. Resolves #12938 as now small and large requests have the - same code path. - - Changes done to test cases: - - - test513: now fails before sending request headers as this initial - "client read" triggers the setup fault. Behaves now the same as in - hyper build - - test547, test555, test1620: fix the length check in the lib code to - only fail for reads *smaller* than expected. This was a bug in the - test code that never triggered in the old implementation. - - Closes #12969 - -Daniel Gustafsson (28 Feb 2024) - -- curldown: Fix email address in Copyright - - The curldown conversion accidentally replaced daniel@haxx.se with - just daniel.se. This reverts back to the proper email address in - the curldown docs as well as in a few other stray places where it - was incorrect (while unrelated to curldown). - - Reviewed-by: Daniel Stenberg - Closes: #12997 - -Daniel Stenberg (28 Feb 2024) - -- getparam: make --ftp-ssl work again - - Follow-up to 9e4e527 which accidentally broke it - - Reported-by: Jordan Brown - Fixes #13006 - Closes #13007 - -- KNOWN_BUGS: IMAPS connection fails with rustls error - - Closes #10457 - -- KNOWN_BUGS: FTPS upload, FileZilla, GnuTLS and close_notify - - Closes #11383 - -- KNOWN_BUGS: Implicit FTPS upload timeout - - Closes #11720 - -- KNOWN_BUGS: HTTP/2 prior knowledge over proxy - - Closes #12641 - -- TODO: build HTTP/3 with OpenSSL and nghttp3 using cmake - - Closes #12988 - -- TODO: Select signature algorithms - - Closes #12982 - -- examples: use present tense in comments - - remove "will" and some other word fixes - - Closes #13003 - -- docs: more language cleanups - - - present tense - - avoid bad words - - Closes #13003 - -Daniel Gustafsson (27 Feb 2024) - -- setopt: Fix disabling all protocols - - When disabling all protocols without enabling any, the resulting - set of allowed protocols remained the default set. Clearing the - allowed set before inspecting the passed value from --proto make - the set empty even in the errorpath of no protocols enabled. - - Co-authored-by: Dan Fandrich - Reported-by: Dan Fandrich - Reviewed-by: Daniel Stenberg - Closes: #13004 - -Andreas Kiefer (27 Feb 2024) - -- fopen: fix narrowing conversion warning on 32-bit Android - - This was fixed in commit 06dc599405f, but came back in commit - 03cb1ff4d62. - - When building for 32-bit ARM or x86 Android, `st_mode` is defined as - `unsigned int` instead of `mode_t`, resulting in a - `-Wimplicit-int-conversion` clang warning because `mode_t` is - `unsigned short`. Add a cast to silence the warning, but only for - 32-bit Android builds, because other architectures and platforms are - not affected. - - Ref: https://android.googlesource.com/platform/bionic/+/refs/tags/ndk-r25c/li - bc/include/sys/stat.h#86 - Closes https://github.com/curl/curl/pull/12998 - -Stefan Eissing (27 Feb 2024) - -- lib: Curl_read/Curl_write clarifications - - - replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to - clarify when and at what level they operate - - send/recv of transfer related data is now done via - `Curl_xfer_send()/Curl_xfer_recv()` which no longer has - socket/socketindex as parameter. It decides on the transfer - setup of `conn->sockfd` and `conn->writesockfd` on which - connection filter chain to operate. - - send/recv on a specific connection filter chain is done via - `Curl_conn_send()/Curl_conn_recv()` which get the socket index - as parameter. - - rename `Curl_setup_transfer()` to `Curl_xfer_setup()` for - naming consistency - - clarify that the special CURLE_AGAIN hangling to return - `CURLE_OK` with length 0 only applies to `Curl_xfer_send()` - and CURLE_AGAIN is returned by all other send() variants. - - fix a bug in websocket `curl_ws_recv()` that mixed up data - when it arrived in more than a single chunk - - The method for sending not just raw bytes, but bytes that are either - "headers" or "body". The send abstraction stack, to to bottom, now is: - - * `Curl_req_send()`: has parameter to indicate amount of header bytes, - buffers all data. - * `Curl_xfer_send()`: knows on which socket index to send, returns - amount of bytes sent. - * `Curl_conn_send()`: called with socket index, returns amount of bytes - sent. - - In addition there is `Curl_req_flush()` for writing out all buffered - bytes. - - `Curl_req_send()` is active for requests without body, - `Curl_buffer_send()` still being used for others. This is because the - special quirks need to be addressed in future parts: - - * `expect-100` handling - * `Curl_fillreadbuffer()` needs to add directly to the new - `data->req.sendbuf` - * special body handlings, like `chunked` encodings and line end - conversions will be moved into something like a Client Reader. - - In functions of the pattern `CURLcode xxx_send(..., ssize_t *written)`, - replace the `ssize_t` with a `size_t`. It makes no sense to allow for negativ - e - values as the returned `CURLcode` already specifies error conditions. This - allows easier handling of lengths without casting. - - Closes #12964 - -Daniel Stenberg (27 Feb 2024) - -- multi: make add_handle free any multi_easy - - If the easy handle that is being added to a multi handle has previously - been used for curl_easy_perform(), there is a private multi handle here - that we can kill off. While it flushes some caches etc for the easy - handle would it be used for an easy interface transfer again after being - used in the multi stack, this cleanup simplifies behavior and uses less - memory. - - Closes #12992 - -- docs: use present tense - - avoid "will", detect "will" as a bad word in the CI - - Also line wrapped a bunch of paragraphs - - Closes #13001 - -- CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return - - ... and cleanup other language. - - Closes #12999 - -Stefan Eissing (27 Feb 2024) - -- lib: send rework - - Curl_read/Curl_write clarifications - - - replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to 1clarify - when and at what level they operate - - - send/recv of transfer related data is now done via - `Curl_xfer_send()/Curl_xfer_recv()` which no longer has - socket/socketindex as parameter. It decides on the transfer setup of - `conn->sockfd` and `conn->writesockfd` on which connection filter - chain to operate. - - - send/recv on a specific connection filter chain is done via - `Curl_conn_send()/Curl_conn_recv()` which get the socket index as - parameter. - - - rename `Curl_setup_transfer()` to `Curl_xfer_setup()` for naming - consistency - - - clarify that the special CURLE_AGAIN handling to return `CURLE_OK` - with length 0 only applies to `Curl_xfer_send()` and CURLE_AGAIN is - returned by all other send() variants. - - SingleRequest reshuffling - - - move functions into request.[ch] - - differentiate between reset and free - - add Curl_req_done() to perform last actions - - add a send `bufq` to SingleRequest for future use in keeping upload data - - Closes #12963 - -Daniel Stenberg (26 Feb 2024) - -- RELEASE-NOTES: synced - -- http_chunks: remove unused 'endptr' variable - - Closes #12996 - -Louis Solofrizzo (26 Feb 2024) - -- lib: initialize output pointers to NULL before calling strto[ff,l,ul] - - In order to make MSAN happy: - - ==2200945==WARNING: MemorySanitizer: use-of-uninitialized-value - #0 0x596f3b3ed246 in curlx_strtoofft [...]/libcurl/src/lib/strtoofft.c:23 - 9:11 - #1 0x596f3b402156 in Curl_httpchunk_read [...]/libcurl/src/lib/http_chunk - s.c:149:12 - #2 0x596f3b348550 in readwrite_data [...]/libcurl/src/lib/transfer.c:607: - 11 - [...] - - ==2202041==WARNING: MemorySanitizer: use-of-uninitialized-value - #0 0x5a3fab66a72a in Curl_parse_port [...]/libcurl/src/lib/urlapi.c:547:8 - #1 0x5a3fab650645 in parse_authority [...]/libcurl/src/lib/urlapi.c:796:1 - 2 - #2 0x5a3fab6740f6 in parseurl [...]/libcurl/src/lib/urlapi.c:1176:16 - #3 0x5a3fab664fc5 in parseurl_and_replace [...]/libcurl/src/lib/urlapi.c: - 1342:12 - [...] - - ==2202320==WARNING: MemorySanitizer: use-of-uninitialized-value - #0 0x569076a0d6b0 in ipv4_normalize [...]/libcurl/src/lib/urlapi.c:683:12 - #1 0x5690769f2820 in parse_authority [...]/libcurl/src/lib/urlapi.c:803:1 - 0 - #2 0x569076a160f6 in parseurl [...]/libcurl/src/lib/urlapi.c:1176:16 - #3 0x569076a06fc5 in parseurl_and_replace [...]/libcurl/src/lib/urlapi.c: - 1342:12 - [...] - - Signed-off-by: Louis Solofrizzo - Closes #12995 - -Stefan Eissing (26 Feb 2024) - -- lib: move client writer into own source - - Refactoring of the client writer that passes the data to the - client/application's callback functions. - - - split out into own source cw-out.[ch] from sendf.c - - - move tempwrite and tempcount from data->state into the context of the - client writer - - - redesign the 3 tempwrite dynbufs as a linked list of dynbufs. On - paused transfers, this allows to "record" interleaved HEADER/BODY - chunks to be "played back" in the same order on unpausing. - - - keep the overall size limit of all buffered data to DYN_PAUSE_BUFFER. - On exceeding that, return CURLE_TOO_LARGE instead of - CURLE_OUT_OF_MEMORY as before. - - - add method to be called when a transfer is DONE to allow writing of - any data still buffered - - - when paused, record HEADER writes exactly as they come for later - playback. HEADERs are documented to be written one-by-one. - - Closes #12898 - -- urldata: move authneg bit from conn to Curl_easy - - - from `conn->bits.authneg` to `data->req.authneg` - - this is a property of the request about to be made - and not a property of the connection - - in multiuse connections, transfer could step on each others - toes here potentially. - - Closes #12949 - -- c-hyper: add header collection writer in hyper builds - - Closes #12880 - -- http: move headers collecting to writer - - - add a client writer that does "push" response - headers written to the client if the headers api - is enabled - - remove special handling in sendf.c - - needs to be installed very early on connection - setup to catch CONNECT response headers - - Closes #12880 - -- sendf: Curl_client_write(), make passed in buf const - -Michał Antoniak (26 Feb 2024) - -- lib: remove curl_mimepart object when CURL_DISABLE_MIME - - Remove curl_mimepart object from UserDefined structure when - CURL_DISABLE_MIME flag is active. Reduce size of UserDefined structure. - - Also remove unreachable code: when CURL_DISABLE_MIME is set, httpreq can - never have HTTPREQ_POST_MIME value and the same goes for the - CURL_DISABLE_FORM_API flag and the HTTPREQ_POST_FORM value - - Closes #12948 - -kpcyrd (26 Feb 2024) - -- rustls: make curl compile with 0.12.0 - - Closes #12989 - -Daniel Stenberg (26 Feb 2024) - -- strtoofft: fix the overflow check - - ... to not rely on wrapping, since it is an undefined behavior that is - not what always might happen. This is in our private strtoff() parser - function, used only on platforms without a native version. - - Reported-by: vulnerabilityspotter on hackerone - Closes #12990 - -- libssh/libssh2: return error on too big range - - If trying to get the range 0 - 2^63 and the remote file is 2^63 bytes or - larger. - - Fixes #12983 - Closes #12984 - -Scott Talbert (24 Feb 2024) - -- setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value - - Prior to this change CURLOPT_PROXY_TLSAUTH_TYPE would return - CURLE_BAD_FUNCTION_ARGUMENT on any type other than NULL. Since there is - only one type of TLS auth and it is also the default (SRP) the TLS auth - would work anyway. - - Closes https://github.com/curl/curl/pull/12981 - -Jay Satiro (24 Feb 2024) - -- mprintf: fix format prefix I32/I64 for windows compilers - - - Support I32 & I64 (eg: %I64d) for all Win32 builds. - - Prior to this change mprintf support for the I format prefix, which is a - Microsoft extension, was dependent on the compiler used. - - When Borland compiler support was removed in fd7ef00f the prefix was - then no longer supported for that compiler; however since it's still - possible to build with Borland I'm restoring support for the prefix in - this way. - - Reported-by: Paweł Witas - - Fixes https://github.com/curl/curl/issues/12944 - Closes https://github.com/curl/curl/pull/12950 - -Daniel Stenberg (23 Feb 2024) - -- cd2nroff: gen: make `\>` in input to render as plain '>' in output - - The same (copy and pasted) fix/mistake as in gen.pl - -- gen: make `\>` in input to render as plain '>' in output - - Reported-by: Gisle Vanem - Fixes #12977 - Closes #12978 - -Fabrice Fontaine (23 Feb 2024) - -- configure.ac: find libpsl with pkg-config - - Find libpsl with pkg-config to avoid static build failures. - - Ref: http://autobuild.buildroot.org/results/1fb15e1a99472c403d0d3b1a688902f32 - e78d002 - - Signed-off-by: Fabrice Fontaine - Closes #12947 - -Daniel Stenberg (23 Feb 2024) - -- BUG-BOUNTY.md: clarify that the curl security team decides - - Closes #12975 - -- THANKS: add bug reporter from #740 - - Ref: https://github.com/curl/curl/issues/740 - -Stefan Eissing (22 Feb 2024) - -- multi: fix multi_sock handling of select_bits - - - OR the event bitmask to data->state.select_bits instead of overwriting - them. They are cleared again on use. - - Reported-by: 5533asdg on github - Fixes #12971 - Closes #12972 - -Daniel Stenberg (22 Feb 2024) - -- curlver: bump to 8.7.0 for next release - -- RELEASE-NOTES: synced - -- write-out: add '%{proxy_used}' - - Returns 1 if the previous transfer used a proxy, otherwise 0. Useful to - for example determine if a `NOPROXY` pattern matched the hostname or - not. - - Extended test 970 and 972 - -- CURLINFO_USED_PROXY: return bool whether the proxy was used - - Adds test536 to verify - - Closes #12719 - -- sha512_256: remove the cast macro, minor language/format edits - - Follow-up to cbe41d151d6a100c - - Closes #12966 - -Stefan Eissing (20 Feb 2024) - -- DoH: add trace configuration - - - refs #12397 where it is dicussed how to en-/disable verbose output - of DoH operations - - introducing `struct curl_trc_feat` to track a curl feature for - tracing - - adding `data->state.feat` optionally pointing to the feature a - transfer belongs to - - adding trace functions and verbosity checks on features - - using trace feature in DoH code - - documenting `doh` as feature for `--trace-config` - - Closes #12411 - -- websocket: fix curl_ws_recv() - - - when data arrived in several chunks, the collection into - the passed buffer always started at offset 0, overwriting - the data already there. - - adding test_20_07 to verify fix - - - debug environment var CURL_WS_CHUNK_SIZE can be used to - influence the buffer chunk size used for en-/decoding. - - Closes #12945 - -Evgeny Grin (Karlson2k) (20 Feb 2024) - -- digest: support SHA-512/256 - - Also fix the tests. New implementation tested with GNU libmicrohttpd. - The new numbers in tests are real SHA-512/256 numbers (not just some - random ;) numbers ). - -- tests: add SHA-512/256 unit test - -- SHA-512/256: implement hash algorithm - - Closes #12897 - -- curl_setup.h: add curl_uint64_t internal type - - The unsigned version of curl_off_t basically - -Daniel Stenberg (20 Feb 2024) - -- docs: dist curl*.1 and install without perl - - Drop docs/mk-ca-bundle.1 from the tarball. It can be generated at will. - - Closes #12959 - Fixes #12921 - Reported-by: Michael Forney - -Stefan Eissing (20 Feb 2024) - -- OpenSSL QUIC: adapt to v3.3.x - - - set our idle timeout as transport parameter - - query negotiated idle timeout for connection alive checks - - query number of available bidi streams on a connection - - use write_ex2 with SSL_WRITE_FLAG_CONCLUDE to signal - EOF on last chunk write, so stream close does not - require an additional QUIC packet - - Closes #12933 - -Ramiro Garcia (19 Feb 2024) - -- MANUAL.md: fix typo - - Closes #12965 - -Daniel Stenberg (19 Feb 2024) - -- BINDINGS: add mcurl, the python binding - - Ref: #12956 - Closes #12962 - -- mk-ca-bundle.md: cleanups and polish - - Closes #12958 - -- spellcheck.yml: remove .1/.3 handling, clean all man page .md files - - Since we generate all .1 and .3 files from markdown now, we can limit - the spellcheck to the markdown versions only. - - Closes #12960 - -- libcurl-docs: cleanups - - CURLMOPT_SOCKETDATA.md: fix typo - CURLMOPT_TIMERDATA.md: fix typo - CURLOPT_COOKIELIST.m: quote strings - CURLOPT_PREREQFUNCTION.md: quote variable names - CURLOPT_TCP_NODELAY.md: rephrased to please spell checker - CURLOPT_WILDCARDMATCH.md: rephrased - libcurl-tutorial.md: use correct option name - curl_global_init_mem.md: quote headers - curl_easy_getinfo.md: use correct symbol names in headers - curl_global_trace.md: quote some headers - curl_ws_meta.md: quote struct field names - libcurl-env.md: quote headers - -- cd2nroff: remove backticks from titles - -- RELEASE-NOTES: synced - -Stefan Eissing (18 Feb 2024) - -- http_chunks: fix the accounting of consumed bytes - - Prior to this change chunks were handled correctly although in verbose - mode libcurl could incorrectly warn of "Leftovers after chunking" even - if there were none. - - Reported-by: Michael Kaufmann - - Fixes https://github.com/curl/curl/issues/12937 - Closes https://github.com/curl/curl/pull/12939 - -- file: use xfer buf for file:// transfers - - - For file:// transfers use the multi handle's transfer buffer for - up- and downloads. - - Prior to this change a6c9a33 (precedes 8.6.0) changed the file:// - transfers to use a smaller stack based buffer, and that caused a - significant performance decrease in Windows. - - Bug: https://github.com/curl/curl/issues/12750#issuecomment-1920103086 - Reported-by: edmcln@users.noreply.github.com - - Closes https://github.com/curl/curl/pull/12932 - -Karthikdasari0423 (18 Feb 2024) - -- HTTP3.md: always run nghttp3 submodule init - - - For consistency change all 'build nghttp3' commands to run submodule - init after cloning, even if the branch does not have submodules. - - Follow-up to 5a4b2f93 and 4f794558. - - Closes https://github.com/curl/curl/pull/12928 - -LeeRiva (18 Feb 2024) - -- CURLOPT_POSTQUOTE.md: fix typo - - Closes https://github.com/curl/curl/pull/12926 - -Evgeny Grin (Karlson2k) (18 Feb 2024) - -- checksrc.pl: fix handling .checksrc with CRLF - - - When parsing .checksrc chomp the (CR)LF line ending. - - Prior to this change on Windows checksrc.pl would not process the - symbols in .checksrc properly, since many git repos in Windows use auto - crlf to check out files with CRLF line endings. - - Closes https://github.com/curl/curl/pull/12924 - -Richard Levitte (18 Feb 2024) - -- cmake: fix install for older CMake versions - - - Generate the docs install list by using a foreach loop instead of - LIST:TRANSFORM since older CMake can't handle the latter. - - Reported-by: Dan Fandrich - - Fixes https://github.com/curl/curl/issues/12920 - Closes https://github.com/curl/curl/pull/12922 - -Stefan Eissing (16 Feb 2024) - -- vtls: fix tls proxy peer verification - - - When verifying a proxy certificate for an ip address, use the correct - ip family. - - Prior to this change the "connection" ip family was used, which was not - necessarily the same. - - Reported-by: HsiehYuho@users.noreply.github.com - - Fixes https://github.com/curl/curl/issues/12831 - Closes https://github.com/curl/curl/pull/12931 - -Dan Fandrich (15 Feb 2024) - -- CI: Bump the Circle CI base Ubuntu image to the latest 20.04 - - The previous ones are going to be removed soon, plus the new ones - include all the fixes since then. - -Jay Satiro (13 Feb 2024) - -- transfer: improve Windows SO_SNDBUF update limit - - - Change the 1 second SO_SNDBUF update limit from per transfer to per - connection. - - Prior to this change many transfers over the same connection could cause - many SO_SNDBUF updates made to that connection per second, which was - unnecessary. - - Closes https://github.com/curl/curl/pull/12911 - -- schannel: fix hang on unexpected server close - - - Treat TLS connection close (either due to a close_notify from the - server or just closed due to receiving 0) as pending data. - - This is because in some cases schannel_recv knows the connection is - closed but has to return actual pending data so it can't return 0 or an - error to indicate no more data. In this case schannel_recv must be - called again, which only happens if readwrite_data sees that there is - still pending data. - - Prior to this change if the total size of the body that libcurl expected - to receive from the server was unknown then it was possible under some - network conditions that libcurl would hang waiting to receive more data, - when in fact a close_notify alert indicating no more data would be sent - was already processed. - - Fixes https://github.com/curl/curl/issues/12894 - Closes https://github.com/curl/curl/pull/12910 - -Daniel Stenberg (10 Feb 2024) - -- KNOWN_BUGS: FTP upload fails if remebered dir is deleted - - Closes #12181 - Closes #12923 - -Michał Antoniak (10 Feb 2024) - -- mbedtls: use mbedtls_ssl_conf_{min|max}_tls_version - - ... instead of the deprecated mbedtls_ssl_conf_{min|max}_version - - Closes #12905 - -Dan Fandrich (9 Feb 2024) - -- CI: bump to actions/cache@v4 to avoid warning diff --git a/libs/libcurl/docs/RELEASE-NOTES b/libs/libcurl/docs/RELEASE-NOTES new file mode 100644 index 0000000000..fddba01378 --- /dev/null +++ b/libs/libcurl/docs/RELEASE-NOTES @@ -0,0 +1,563 @@ +curl and libcurl 8.10.0 + + Public curl releases: 260 + Command line options: 265 + curl_easy_setopt() options: 306 + Public functions in libcurl: 94 + Contributors: 3239 + +This release includes the following changes: + + o autotools: add `--enable-windows-unicode` option [103] + o curl: --help [option] displays documentation for given cmdline option [19] + o curl: add --skip-existing [54] + o curl: for -O, use "default" as filename when the URL has none [34] + o curl: make --rate accept "number of units" [4] + o curl: make --show-headers the same as --include [6] + o curl: support --dump-header % to direct to stderr [31] + o curl: support embedding a CA bundle and --dump-ca-embed [20] + o curl: support repeated use of the verbose option; -vv etc [35] + o curl: use libuv for parallel transfers with --test-event [82] + o getinfo: add CURLINFO_POSTTRANSFER_TIME_T [87] + o mbedtls: add CURLOPT_TLS13_CIPHERS support [78] + o rustls: add support for setting TLS version and ciphers [113] + o vtls: stop offering alpn http/1.1 for http2-prior-knowledge [53] + o wolfssl: add CURLOPT_TLS13_CIPHERS support [76] + o wolfssl: add support for ssl cert blob / ssl key blob options [50] + +This release includes the following bugfixes: + + o asyn-thread: stop using GetAddrInfoExW on Windows [241] + o autotools: fix MS-DOS builds [249] + o autotools: fix typo in tests/data target [30] + o aws_sigv4: fix canon order for headers with same prefix [74] + o bearssl: fix setting tls version [203] + o bearssl: improve shutdown handling [45] + o BINDINGS: add zig binding [100] + o build: add `iphlpapi` lib for libssh on Windows [166] + o build: add `poll()` detection for cross-builds [244] + o build: add options to disable SHA-512/256 hash algo [239] + o build: check OS-native IDN first, then libidn2 [223] + o build: delete unused `REQUIRE_LIB_DEPS` [226] + o build: drop unused `NROFF` reference [253] + o build: drop unused feature-detection code for Apple `poll()` [227] + o build: generate `buildinfo.txt` for test logs [256] + o build: improve compiler version detection portability + o build: make `CURL_FORMAT_CURL_OFF_T[U]` work with mingw-w64 <=7.0.0 [207] + o build: silence C4232 MSVC warnings in vcpkg ngtcp2 builds [137] + o build: use -Wno-format-overflow [195] + o buildconf.bat: fix tool_hugehelp.c generation [173] + o cf-socket: fix pollset for listening [179] + o cf-socket: prevent KEEPALIVE_FACTOR being set to 1000 for Windows [185] + o cfilters: send flush [13] + o CHANGES: rename to CHANGES.md, no longer generated [40] + o CI: enable parallel testing in CI builds [18] + o ci: Update actions/upload-artifact digest to 89ef406 [24] + o cmake: `Libs.private` improvements [215] + o cmake: add `CURL_USE_PKGCONFIG` option [138] + o cmake: add Linux CI job, fix pytest with cmake [71] + o cmake: add math library when using wolfssl and ngtcp2 [66] + o cmake: add missing `pkg-config` hints to Find modules [158] + o cmake: add missing version detection to Find modules [170] + o cmake: add rustls [116] + o cmake: add support for versioned symbols option [51] + o cmake: add wolfSSH support [117] + o cmake: allow `pkg-config` in more envs [147] + o cmake: cleanup header paths [59] + o cmake: default `CURL_DISABLE_LDAPS` to the value of `CURL_DISABLE_LDAP` [231] + o cmake: delete MSVC warning suppression for tests/server [101] + o cmake: detect `nghttp2` via `pkg-config`, enable by default [21] + o cmake: detect and show VCPKG in platform flags [84] + o cmake: distcheck for files in CMake subdir [9] + o cmake: drop custom `CMakeOutput.log`/`CMakeError.log` logs [27] + o cmake: drop libssh CONFIG-style detection [167] + o cmake: drop no-op `tests/data/CMakeLists.txt` [26] + o cmake: drop reference to undefined variable [25] + o cmake: drop unused `HAVE_IDNA_STRERROR` [62] + o cmake: drop unused internal variable [22] + o cmake: exclude tests/http/clients builds by default [110] + o cmake: fix `GSS_VERSION` for Heimdal found via pkg-config [77] + o cmake: fix `pkg-config`-based detection in `FindGSS.cmake` [94] + o cmake: fix and tidy up c-ares builds, enable in more CI jobs [156] + o cmake: fix find rustls [148] + o cmake: fixup linking libgsasl when detected via CMake-native + o cmake: honor custom `CMAKE_UNITY_BUILD_BATCH_SIZE` [163] + o cmake: limit `pkg-config` to UNIX and MSVC+vcpkg by default [188] + o cmake: limit libidn2 `pkg-config` detection to `UNIX` [109] + o cmake: migrate dependency detections to Find modules [183] + o cmake: more small tidy-ups and fixes [80] + o cmake: rename wolfSSL and zstd config variables to uppercase [151] + o cmake: respect cflags/libdirs of native pkg-config detections [175] + o cmake: show CMake platform/compiler flags [63] + o cmake: show warning if libpsl is not found [154] + o cmake: sync code between test/example targets [234] + o cmake: sync up formatting in Find modules [129] + o cmake: TLS 1.3 warning only for bearssl and sectranp [118] + o cmake: update `curl-config.cmake.in` template var list + o cmake: update list of "advanced" variables [119] + o cmake: use numeric comparison for `HAVE_WIN32_WINNT` [69] + o cmdline-opts: language fix for expect100-timeout.md and max-time.md [192] + o configure: delete unused `CURL_DEFINE_UNQUOTED` function [224] + o configure: delete unused `HAVE_OPENSSL3` macro [225] + o configure: delete unused `m4/xc-translit.m4` [114] + o configure: detect AppleIDN [70] + o configure: fail if PSL is not disabled but not found [46] + o configure: fix WinIDN builds targeting old Windows [210] + o configure: remove USE_EXPLICIT_LIB_DEPS [199] + o configure: replace nonportable grep -o with awk [111] + o connect: always prefer ipv6 in IP eyeballing [209] + o connect: limit update IP info [191] + o cookie.md: try to articulate the two different uses this option has [92] + o curl: allow 500MB data URL encode strings [38] + o curl: find curlrc in XDG_CONFIG_HOME without leading dot [186] + o curl: fix --proxy-pinnedpubkey [91] + o curl: fix the -w urle.* variables [153] + o curl: make the progress bar detect terminal width changes [169] + o curl: warn on unsupported SSL options [106] + o Curl_rand_bytes to control env override [17] + o curl_sha512_256: fix symbol collisions with nettle library [131] + o CURLMOPT_SOCKETFUNCTION.md: expand on the easy argument [216] + o CURLOPT_XFERINFOFUNCTION: clarify the callback return codes [141] + o dist: add missing `docs/examples/CMakeLists.txt` [58] + o dist: add missing `FindNettle.cmake` [11] + o dist: add missing `lib/optiontable.pl` [115] + o dist: add missing `test_*.py` scripts [102] + o dist: drop buildconf [65] + o dist: fix reproducible build from release tarball [36] + o dmaketgz: only run 'make distclean' if Makefile exists + o docs/SSLCERTS: rewrite [174] + o docs: add description of effect of --location-trusted on cookie [157] + o docs: document the (weak) random value situation in rustls builds [252] + o docs: fix some examples in man pages + o docs: improve cipher options documentation [159] + o docs: mention "@-" in more places [67] + o docs: remove ALTSVC.md, HSTS.md, HTTP2.md and PARALLEL-TRANSFERS.md [105] + o docs: update CIPHERS.md [140] + o doh-url.md: point out DOH server IP pinning [37] + o doh: remove redundant checks [242] + o easy: fix curl_easy_upkeep for shared connection caches [52] + o escape: allow curl_easy_escape to generate 3*input length output [39] + o FEATURES.md: fix typo [180] + o ftp: always offer line end conversions [219] + o ftp: flush pingpong before response [73] + o getinfo: return zero for unsupported options (when disabled) [189] + o GHA/windows: enable MulitSSL in an MSVC job [2] + o GHA: scan git repository and detect unvetted binary files [3] + o gnutls/wolfssl: improve error message when certificate fails [125] + o gnutls: send all data [230] + o gtls: fix OCSP stapling management [206] + o haproxy: send though next filter [222] + o hash: provide asserts to verify API use [96] + o http/2: simplify eos/blocked handling [90] + o http2+h3 filters: fix ctx init [142] + o http2: fix GOAWAY message sent to server [171] + o http2: improve rate limiting of downloads [33] + o http2: improved upload eos handling [41] + o http3.md: mention how the fallback can be h1 or h2 [194] + o hyper: call Curl_req_set_upload_done() [126] + o idn: more strictly check AppleIDN errors [98] + o idn: support non-UTF-8 input under AppleIDN [99] + o INSTALL.md: MultiSSL and QUIC are mutually exclusive [7] + o KNOWN_BUGS: "special characers" in URL works with aws-sigv4 [81] + o krb5: add Linux/macOS CI tests, fix cmake GSS detection [83] + o krb5: fix `-Wcast-align` [95] + o lib: add eos flag to send methods [14] + o lib: avoid macro collisions between wolfSSL and GnuTLS headers [133] + o lib: convert some debugf()s into traces [8] + o lib: delete stray undefs for `vsnprintf`, `vsprintf` [152] + o lib: fix AIX build issues [112] + o lib: fix building with wolfSSL without DES support [134] + o lib: make SSPI global symbols use Curl_ prefix [251] + o lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name [132] + o lib: remove the final strncpy() calls [240] + o lib: remove use of RANDOM_FILE [235] + o libcurl.def: move from / into lib [238] + o libcurl.pc: add `Cflags.private` [10] + o libcurl.pc: add reference to `libgsasl` [150] + o libcurl/docs: expand on redirect following and secrets to other hosts [85] + o llist: remove direct struct accesses, use only functions [72] + o Makefile.dist: fix `ca-firefox` target [254] + o Makefile.mk: fixup enabling libidn2 [61] + o Makefile: remove 'scripts' duplicate from DIST_SUBDIRS + o maketgz: accept option to include latest commit hash [5] + o maketgz: fix RELEASE-TOOLS.md for daily tarballs [243] + o maketgz: move from / into scripts [237] + o managen: fix superfluous leading blank line in quoted sections [211] + o managen: in man output, remove the leading space from examples [198] + o managen: wordwrap long example lines in ASCII output [143] + o manpage: ensure a maximum width for the text version [75] + o max-filesize.md: mention zero disables the limit [93] + o mbedtls: add more informative logging [162] + o mbedtls: fix setting tls version [200] + o mbedtls: no longer use MBEDTLS_SSL_VERIFY_OPTIONAL [181] + o mime: avoid inifite loop in client reader [155] + o mk-ca-bundle.pl: include a link to the caextract webpage [68] + o multi: make the "general" list of easy handles a Curl_llist [97] + o multi: on socket callback error, remove socket hash entry nonetheless [149] + o ngtcp2/osslq: remove NULL pointer dereferences [213] + o ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks [79] + o openssl quic: fix memory leak [229] + o openssl: certinfo errors now fail correctly [250] + o openssl: fix the data race when sharing an SSL session between threads [221] + o openssl: improve shutdown handling [44] + o pingpong: drain the input buffer when reading responses [193] + o POP3: fix multi-line responses [168] + o pop3: use the protocol handler ->write_resp [220] + o printf: fix mingw-w64 format checks [228] + o progress: ratelimit/progress tweaks [32] + o pytests: add tests for HEAD requests in all HTTP versions [42] + o rand: only provide weak random when needed [233] + o runtests: if DISABLED cannot be read, error out [56] + o runtests: log ignored but passed tests [130] + o runtests: remove "has_textaware" [217] + o rustls: fix setting tls version [202] + o rustls: make all tests pass [1] + o schannel: avoid malloc for CAinfo_blob_digest [247] + o scorecard: tweak request measurements [139] + o sectransp: fix setting tls version [204] + o SECURITY: mention OpenSSF best practices gold badge [161] + o setopt: allow CURLOPT_INTERFACE to be set to NULL [165] + o setopt: let CURLOPT_ECH set to NULL reset to default [187] + o setopt: make CURLOPT_TFTP_BLKSIZE accept bad values [184] + o sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL [135] + o share: don't reinitialize conncache [214] + o sigpipe: init the struct so that first apply ignores [49] + o smb: convert superflous assign into assert [246] + o smtp: add tracing feature [120] + o splay: use access functions, add asserts, use Curl_timediff [121] + o spnego_gssapi: implement TLS channel bindings for openssl [146] + o src: delete `curlx_m*printf()` aliases [197] + o src: fix potential macro confusion in cmake unity builds [208] + o src: namespace symbols clashing with lib [248] + o src: replace copy of printf mappings with an include [190] + o ssh: deduplicate SSH backend includes (and fix libssh cmake unity build) [177] + o system_win32: fix typo + o test httpd: tweak cipher list [124] + o test1521: verify setting options to NULL better [182] + o test1707: output diff more for debugging differences in CI outputs + o test556: improve robustness [64] + o test579: improve robustness [60] + o test587: improve robustness [123] + o test649: improve robustness [122] + o test677: improve robustness [47] + o tests/runner: only allow [!A-Za-z0-9_-] in %if feature names [55] + o tests: constrain http pytest to tests/http directory [205] + o tests: don't mangle output if hostname or type unknown + o tests: ignore QUIT from FTP protocol comparisons [108] + o tests: provide docs as curldown, not nroff [12] + o tidy-up: misc build, tests, `lib/macos.c` [172] + o tidy-up: OS names [57] + o tool_operhlp: fix "potentially uninitialized local variable 'pc' used" [48] + o tool_paramhlp: bump maximum post data size in memory to 16GB [128] + o transfer: Curl_sendrecv() and event related improvements [164] + o transfer: remove comments, add asserts [218] + o transfer: skip EOS read when download done [196] + o url: dns_entry related improvements [16] + o url: fix connection reuse for HTTP/2 upgrades [236] + o urlapi: verify URL *decoded* hostname when set [160] + o urldata: introduce `data->mid`, a unique identifier inside a multi [127] + o urldata: remove 'scratch' from the UrlState struct [86] + o urldata: remove crlf_conversions counter [232] + o urldata: remove proxy_connect_closed bit [178] + o verify-release: shell script that verifies a release tarball [29] + o version: fix shadowing a `libssh.h` symbol [176] + o vtls: add SSLSUPP_CIPHER_LIST [107] + o vtls: fix MSVC 'cast truncates constant value' warning [23] + o vtls: fix static function name collisions between TLS backends [136] + o vtls: init ssl peer only once [15] + o websocket: introduce blocking sends [145] + o wolfssl: avoid taking cached x509 store ref if sslctx already using it [88] + o wolfssl: fix CURLOPT_SSLVERSION [144] + o wolfssl: fix setting tls version [201] + o wolfssl: improve shutdown handling [43] + o ws: flags to opcodes should ignore CURLWS_CONT flag [104] + o x509asn1: raise size limit for x509 certification information [28] + +This release includes the following known bugs: + + See docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) + +For all changes ever done in curl: + + See https://curl.se/changes.html + +Planned upcoming removals include: + + o Hyper support after February 2025 [89] + o TLS libraries not supporting TLS 1.3 + + See https://curl.se/dev/deprecate.html for details + +This release would not have looked like this without help, code, reports and +advice from friends like these: + + Aki Sakurai, Alex Snast, Antoine du Hamel, Austin Moore, + Benjamin Riefenstahl Mecom, Bo Anderson, Chris Swan, Christoph Reiter, + Dan Fandrich, Daniel Stenberg, David Sardari, dependabot[bot], + Emanuele Torre, Eric Norris, feelingseas on github, Gruber Glass, + Hiroki Kurosawa, Ionuț-Francisc Oancea, janedenone on github, Jan Venekamp, + Jason Hood, Jiacai Liu, Joe Birr-Pixton, John Haugabook, Joshix-1 on github, + Justin Maggard, Kai Pastor, kit-ty-kate on github, lolbinarycat on github, + MasterInQuestion on github, Matt Jolly, Max Faxälv, Micah Snyder, + Moritz Buhl, Pete Cordell, ralfjunker on github, Rasmus Thomsen, Ray Satiro, + Razvan Pricope, renovate[bot], Ryan Carsten Schmidt, Sam Jessup, + Sergio Durigan Junior, Slaven Rezić, Stanislav Lange, Stefan Eissing, + Steffen Kieß, Tal Regev, Tim Yuer, Venkat Krishna R, Viktor Petersson, + Viktor Szakats, XYenon, Yedaya Katsman, Yoshimasa Ohno, наб, 罗朝辉 + (57 contributors) + +References to bug reports and discussions on issues: + + [1] = https://curl.se/bug/?i=14317 + [2] = https://curl.se/bug/?i=14276 + [3] = https://curl.se/bug/?i=14333 + [4] = https://curl.se/bug/?i=14245 + [5] = https://curl.se/bug/?i=14363 + [6] = https://curl.se/bug/?i=13987 + [7] = https://curl.se/bug/?i=14308 + [8] = https://curl.se/bug/?i=14322 + [9] = https://curl.se/bug/?i=14323 + [10] = https://curl.se/bug/?i=14321 + [11] = https://curl.se/bug/?i=14285 + [12] = https://curl.se/bug/?i=14324 + [13] = https://curl.se/bug/?i=14271 + [14] = https://curl.se/bug/?i=14220 + [15] = https://curl.se/bug/?i=14152 + [16] = https://curl.se/bug/?i=14195 + [17] = https://curl.se/bug/?i=14264 + [18] = https://curl.se/bug/?i=11510 + [19] = https://curl.se/bug/?i=13997 + [20] = https://curl.se/bug/?i=14059 + [21] = https://curl.se/bug/?i=14136 + [22] = https://curl.se/bug/?i=14361 + [23] = https://curl.se/bug/?i=14341 + [24] = https://curl.se/bug/?i=14359 + [25] = https://curl.se/bug/?i=14358 + [26] = https://curl.se/bug/?i=14357 + [27] = https://curl.se/bug/?i=14356 + [28] = https://curl.se/bug/?i=14352 + [29] = https://curl.se/bug/?i=14350 + [30] = https://curl.se/bug/?i=14355 + [31] = https://curl.se/bug/?i=13992 + [32] = https://curl.se/bug/?i=14335 + [33] = https://curl.se/bug/?i=14326 + [34] = https://curl.se/bug/?i=13988 + [35] = https://curl.se/bug/?i=13977 + [36] = https://curl.se/bug/?i=14336 + [37] = https://curl.se/bug/?i=14377 + [38] = https://curl.se/bug/?i=14337 + [39] = https://curl.se/bug/?i=14339 + [40] = https://curl.se/bug/?i=14331 + [41] = https://curl.se/bug/?i=14253 + [42] = https://curl.se/bug/?i=14367 + [43] = https://curl.se/bug/?i=14376 + [44] = https://curl.se/bug/?i=14375 + [45] = https://curl.se/bug/?i=14374 + [46] = https://curl.se/bug/?i=14373 + [47] = https://curl.se/bug/?i=14455 + [48] = https://curl.se/bug/?i=14389 + [49] = https://curl.se/bug/?i=14344 + [50] = https://curl.se/bug/?i=14018 + [51] = https://curl.se/bug/?i=14349 + [52] = https://curl.se/bug/?i=12677 + [53] = https://curl.se/bug/?i=9963 + [54] = https://curl.se/bug/?i=13993 + [55] = https://curl.se/bug/?i=14403 + [56] = https://curl.se/bug/?i=14411 + [57] = https://curl.se/bug/?i=14360 + [58] = https://curl.se/bug/?i=14380 + [59] = https://curl.se/bug/?i=14416 + [60] = https://curl.se/bug/?i=14454 + [61] = https://curl.se/bug/?i=14421 + [62] = https://curl.se/bug/?i=14420 + [63] = https://curl.se/bug/?i=14417 + [64] = https://curl.se/bug/?i=14453 + [65] = https://curl.se/bug/?i=14412 + [66] = https://curl.se/bug/?i=14343 + [67] = https://curl.se/bug/?i=14402 + [68] = https://github.com/curl/curl-www/issues/374 + [69] = https://curl.se/bug/?i=14409 + [70] = https://curl.se/bug/?i=14401 + [71] = https://curl.se/bug/?i=14382 + [72] = https://curl.se/bug/?i=14485 + [73] = https://curl.se/bug/?i=14452 + [74] = https://curl.se/bug/?i=14370 + [75] = https://curl.se/bug/?i=14423 + [76] = https://curl.se/bug/?i=14385 + [77] = https://curl.se/bug/?i=14393 + [78] = https://curl.se/bug/?i=14384 + [79] = https://curl.se/bug/?i=14394 + [80] = https://curl.se/bug/?i=14450 + [81] = https://curl.se/bug/?i=13754 + [82] = https://curl.se/bug/?i=14298 + [83] = https://curl.se/bug/?i=14447 + [84] = https://curl.se/bug/?i=14451 + [85] = https://curl.se/bug/?i=14472 + [86] = https://curl.se/bug/?i=14500 + [87] = https://curl.se/bug/?i=14189 + [88] = https://curl.se/bug/?i=14442 + [89] = https://curl.se/bug/?i=14492 + [90] = https://curl.se/bug/?i=14435 + [91] = https://curl.se/bug/?i=14438 + [92] = https://curl.se/bug/?i=14491 + [93] = https://curl.se/bug/?i=14440 + [94] = https://curl.se/bug/?i=14430 + [95] = https://curl.se/bug/?i=14433 + [96] = https://curl.se/bug/?i=14503 + [97] = https://curl.se/bug/?i=14474 + [98] = https://curl.se/bug/?i=14431 + [99] = https://curl.se/bug/?i=14431 + [100] = https://curl.se/bug/?i=14437 + [101] = https://curl.se/bug/?i=14428 + [102] = https://curl.se/bug/?i=14427 + [103] = https://curl.se/bug/?i=7229 + [104] = https://curl.se/bug/?i=14397 + [105] = https://curl.se/bug/?i=14553 + [106] = https://curl.se/bug/?i=14406 + [107] = https://curl.se/bug/?i=14406 + [108] = https://curl.se/bug/?i=14404 + [109] = https://curl.se/bug/?i=14405 + [110] = https://curl.se/bug/?i=14477 + [111] = https://curl.se/bug/?i=14469 + [112] = https://curl.se/bug/?i=14464 + [113] = https://curl.se/bug/?i=14535 + [114] = https://curl.se/bug/?i=14459 + [115] = https://curl.se/bug/?i=14467 + [116] = https://curl.se/bug/?i=14534 + [117] = https://curl.se/bug/?i=14568 + [118] = https://curl.se/bug/?i=14566 + [119] = https://curl.se/bug/?i=14540 + [120] = https://curl.se/bug/?i=14531 + [121] = https://curl.se/bug/?i=14562 + [122] = https://curl.se/bug/?i=14526 + [123] = https://curl.se/bug/?i=14525 + [124] = https://curl.se/bug/?i=14502 + [125] = https://curl.se/bug/?i=14501 + [126] = https://curl.se/bug/?i=14539 + [127] = https://curl.se/bug/?i=14414 + [128] = https://curl.se/bug/?i=14521 + [129] = https://curl.se/bug/?i=14527 + [130] = https://curl.se/bug/?i=14457 + [131] = https://curl.se/bug/?i=14514 + [132] = https://curl.se/bug/?i=14513 + [133] = https://curl.se/bug/?i=14511 + [134] = https://curl.se/bug/?i=14512 + [135] = https://curl.se/bug/?i=14515 + [136] = https://curl.se/bug/?i=14516 + [137] = https://curl.se/bug/?i=14510 + [138] = https://curl.se/bug/?i=14504 + [139] = https://curl.se/bug/?i=14564 + [140] = https://curl.se/bug/?i=14460 + [141] = https://curl.se/bug/?i=14627 + [142] = https://curl.se/bug/?i=14505 + [143] = https://curl.se/bug/?i=14543 + [144] = https://curl.se/bug/?i=14480 + [145] = https://curl.se/bug/?i=14458 + [146] = https://curl.se/bug/?i=13098 + [147] = https://curl.se/bug/?i=14483 + [148] = https://curl.se/bug/?i=14567 + [149] = https://curl.se/bug/?i=14557 + [150] = https://curl.se/bug/?i=14556 + [151] = https://curl.se/bug/?i=14574 + [152] = https://curl.se/bug/?i=14631 + [153] = https://curl.se/bug/?i=14550 + [154] = https://curl.se/bug/?i=14533 + [155] = https://curl.se/bug/?i=14532 + [156] = https://curl.se/bug/?i=14541 + [157] = https://curl.se/bug/?i=14471 + [158] = https://curl.se/bug/?i=14545 + [159] = https://curl.se/bug/?i=14407 + [160] = https://curl.se/bug/?i=14656 + [161] = https://curl.se/bug/?i=14319 + [162] = https://curl.se/bug/?i=14444 + [163] = https://curl.se/bug/?i=14626 + [164] = https://curl.se/bug/?i=14561 + [165] = https://curl.se/bug/?i=14629 + [166] = https://curl.se/bug/?i=14618 + [167] = https://curl.se/bug/?i=14614 + [168] = https://curl.se/bug/?i=14677 + [169] = https://curl.se/bug/?i=14565 + [170] = https://curl.se/bug/?i=14548 + [171] = https://curl.se/bug/?i=14623 + [172] = https://curl.se/bug/?i=14558 + [173] = https://curl.se/bug/?i=14622 + [174] = https://curl.se/bug/?i=14616 + [175] = https://curl.se/bug/?i=14641 + [176] = https://curl.se/bug/?i=14617 + [177] = https://curl.se/bug/?i=14612 + [178] = https://curl.se/bug/?i=14708 + [179] = https://curl.se/mail/lib-2024-08/0023.html + [180] = https://curl.se/bug/?i=14653 + [181] = https://curl.se/bug/?i=14591 + [182] = https://curl.se/bug/?i=14634 + [183] = https://curl.se/bug/?i=14555 + [184] = https://curl.se/bug/?i=14634 + [185] = https://curl.se/bug/?i=14368 + [186] = https://curl.se/bug/?i=12129 + [187] = https://curl.se/bug/?i=14634 + [188] = https://curl.se/bug/?i=14575 + [189] = https://curl.se/bug/?i=14634 + [190] = https://curl.se/bug/?i=14648 + [191] = https://curl.se/bug/?i=14699 + [192] = https://curl.se/bug/?i=14737 + [193] = https://curl.se/bug/?i=14201 + [194] = https://curl.se/bug/?i=14736 + [195] = https://curl.se/bug/?i=14168 + [196] = https://curl.se/bug/?i=14670 + [197] = https://curl.se/bug/?i=14647 + [198] = https://curl.se/bug/?i=14735 + [199] = https://curl.se/bug/?i=14697 + [200] = https://curl.se/bug/?i=14588 + [201] = https://curl.se/bug/?i=14587 + [202] = https://curl.se/bug/?i=14586 + [203] = https://curl.se/bug/?i=14585 + [204] = https://curl.se/bug/?i=14621 + [205] = https://curl.se/bug/?i=14611 + [206] = https://curl.se/bug/?i=14642 + [207] = https://curl.se/bug/?i=14640 + [208] = https://curl.se/bug/?i=14626 + [209] = https://curl.se/bug/?i=14761 + [210] = https://curl.se/bug/?i=12606 + [211] = https://curl.se/bug/?i=14732 + [213] = https://curl.se/bug/?i=14701 + [214] = https://curl.se/bug/?i=14696 + [215] = https://curl.se/bug/?i=14668 + [216] = https://curl.se/bug/?i=14795 + [217] = https://curl.se/bug/?i=14717 + [218] = https://curl.se/bug/?i=14688 + [219] = https://curl.se/bug/?i=14717 + [220] = https://curl.se/bug/?i=14684 + [221] = https://curl.se/bug/?i=14751 + [222] = https://curl.se/bug/?i=14756 + [223] = https://curl.se/bug/?i=14674 + [224] = https://curl.se/bug/?i=14673 + [225] = https://curl.se/bug/?i=14672 + [226] = https://curl.se/bug/?i=14671 + [227] = https://curl.se/bug/?i=14718 + [228] = https://curl.se/bug/?i=14703 + [229] = https://curl.se/bug/?i=14720 + [230] = https://curl.se/bug/?i=14722 + [231] = https://curl.se/bug/?i=14758 + [232] = https://curl.se/bug/?i=14709 + [233] = https://curl.se/bug/?i=14749 + [234] = https://curl.se/bug/?i=14660 + [235] = https://curl.se/bug/?i=14749 + [236] = https://curl.se/bug/?i=14739 + [237] = https://curl.se/bug/?i=14797 + [238] = https://curl.se/bug/?i=14796 + [239] = https://curl.se/bug/?i=14753 + [240] = https://curl.se/bug/?i=14830 + [241] = https://curl.se/bug/?i=13509 + [242] = https://curl.se/bug/?i=14823 + [243] = https://curl.se/bug/?i=14820 + [244] = https://curl.se/bug/?i=14714 + [246] = https://curl.se/bug/?i=14784 + [247] = https://curl.se/bug/?i=14777 + [248] = https://curl.se/bug/?i=14785 + [249] = https://curl.se/bug/?i=14814 + [250] = https://curl.se/bug/?i=14780 + [251] = https://curl.se/bug/?i=14776 + [252] = https://curl.se/bug/?i=14770 + [253] = https://curl.se/bug/?i=14812 + [254] = https://curl.se/bug/?i=14804 + [256] = https://curl.se/bug/?i=14802 diff --git a/libs/libcurl/docs/THANKS b/libs/libcurl/docs/THANKS index 5b3d9eaeb9..89821c3944 100644 --- a/libs/libcurl/docs/THANKS +++ b/libs/libcurl/docs/THANKS @@ -278,6 +278,7 @@ atjg on github Augustus Saunders Aurélien Pierre Austin Green +Austin Moore av223119 on github Avery Fay awesomekosm on github @@ -499,6 +500,7 @@ Chris Paulson-Ellis Chris Roberts Chris Sauer Chris Smowton +Chris Swan Chris Talbot Chris Webb Chris Young @@ -698,6 +700,7 @@ David Phillips David Rosenstrauch David Ryskalczyk David Sanderson +David Sardari David Schweikert David Shaw David Strauss @@ -887,6 +890,7 @@ Eric Melville Eric Mertens Eric Murphy Eric Musser +Eric Norris Eric Rautman Eric Rescorla Eric Ridge @@ -948,6 +952,7 @@ Federico Bianchi Federico Pellegrin Fedor Karpelevitch Fedor Korotkov +feelingseas on github FeignClaims on github Feist Josselin Felipe Gasper @@ -1087,6 +1092,7 @@ Gregory Szorc Griffin Downs Grigory Entin Grisha Levit +Gruber Glass Guenole Bescon Guido Berhoerster Guilherme Puida @@ -1292,6 +1298,7 @@ Jan Venekamp Jan Verbeek Jan-Piet Mens JanB on github +janedenone on github janko-js on github Janne Blomqvist Janne Johansson @@ -1302,6 +1309,7 @@ Jari Sundell jasal82 on github Jason Baietto Jason Glasgow +Jason Hood Jason Juang Jason Lee Jason Liu @@ -1376,6 +1384,7 @@ Jesse Noller Jesse Tan jethrogb on github jhoyla on github +Jiacai Liu Jiang Wenjian Jiawen Geng Jie He @@ -1400,6 +1409,7 @@ jmdavitt on github jnbr on github Jocelyn Jaubert Jochem Broekhoff +Joe Birr-Pixton Joe Halpin Joe Malicki Joe Mason @@ -1629,6 +1639,7 @@ Kimmo Kinnunen kirbyn17 on hackerone Kirill Efimov Kirill Marchuk +kit-ty-kate on github Kjell Ericson Kjetil Jacobsen Klaus Crusius @@ -1746,6 +1757,7 @@ Lluís Batlle i Rossell locpyl-tidnyd on github Loganaden Velvindron Loic Dachary +lolbinarycat on github LoRd_MuldeR Loren Kirkby Lorenzo Miniero @@ -1954,6 +1966,7 @@ Mauro Iorio Mauro Rappa Maurício Meneghini Fauth Max Dymond +Max Faxälv Max Katsev Max Kellermann Max Khon @@ -1978,7 +1991,7 @@ Melissa Mears Melroy van den Berg Mert Yazıcıoğlu Mettgut Jamalla -Micah Snyder) +Micah Snyder Michael Afanasiev Michael Anti Michael Baentsch @@ -2083,6 +2096,7 @@ Momoka Yamamoto MonkeybreadSoftware on github moohoorama on github Morgan Willcock +Moritz Buhl Morten Minde Neergaard Mostyn Bramley-Moore Moti Avrahami @@ -2311,6 +2325,7 @@ Per Jensen Per Lundberg Per Malmberg Per Nilsson +Pete Cordell Pete Lomax Peter Bray Peter Forret @@ -2424,6 +2439,7 @@ Raito Bezarius Rajesh Naganathan Rajkumar Mandal Ralf S. Engelschall +ralfjunker on github Ralph Beckmann Ralph Langendam Ralph Mitchell @@ -2438,12 +2454,14 @@ Randy Armstrong Randy McMurchy Raphael Gozzo Rasmus Melchior Jacobsen +Rasmus Thomsen Raul Onitza-Klugman Ravi Pratap Ray Dassen Ray Pekowski Ray Satiro Razvan Cojocaru +Razvan Pricope rcombs on github Red Hat Product Security Reed Loden @@ -2622,6 +2640,7 @@ Salvatore Sorrentino Sam Deane Sam Hurst Sam James +Sam Jessup Sam Roth Sam Schanken Samanta Navarro @@ -2743,6 +2762,7 @@ Simon Liu Simon Warta simplerobot on github Siva Sivaraman +Slaven Rezić SLDiggie on github Smackd0wn Smackd0wn on github @@ -2766,6 +2786,7 @@ Stadler Stephan Stan Hu Stan van de Burgt Stanislav Ivochkin +Stanislav Lange Stanislav Zidek Stanley Wucw Stathis Kapnidis @@ -2788,6 +2809,7 @@ Stefan Tomanek Stefan Ulrich Stefan Yohansson Stefano Simonelli +Steffen Kieß Steinar H. Gunderson steini2000 on github Stepan Broz @@ -2920,6 +2942,7 @@ Tim Stack Tim Starling Tim Tassonis Tim Verhoeven +Tim Yuer Timmy Schierling Timo Lange Timo Sirainen @@ -3038,6 +3061,7 @@ Vasiliy Ulyanov Vasily Lobaskin Vasy Okhin Venkat Akella +Venkat Krishna R Venkataramana Mokkapati Vicente Garcia Victor Magierski @@ -3046,6 +3070,7 @@ Victor Vieux VictorVG on github Vijay Panghal Vikram Saxena +Viktor Petersson Viktor Szakats Vilhelm Prytz Ville Skyttä @@ -3136,6 +3161,7 @@ XmiliaH on github xnynx on github xtonik on github xwxbug on github +XYenon Xì Gà Yaakov Selkowitz Yadhu Krishna M @@ -3158,6 +3184,7 @@ yiyuaner on github Ymir1711 on github Yonggang Luo Yongkang Huang +Yoshimasa Ohno Younes El-karama youngchopin on github Yousuke Kimoto @@ -3205,6 +3232,7 @@ zzq1015 on github Štefan Kremeň Борис Верховский Коваленко Анатолий Викторович +наб Никита Дорохин ウさん 不确定 -- cgit v1.2.3