1 _ _ ____ _ 2 ___| | | | _ \| | 3 / __| | | | |_) | | 4 | (__| |_| | _ <| |___ 5 \___|\___/|_| \_\_____| 6 7 Changelog 8 9Version 8.6.0 (31 Jan 2024) 10 11Daniel Stenberg (31 Jan 2024) 12 13- RELEASE-NOTES: synced 14 15 curl 8.6.0 16 17- THANKS: new contributors from 8.5.0 18 19Jay Satiro (31 Jan 2024) 20 21- cd2nroff: use perl 'strict' and 'warnings' 22 23 - Use strict and warnings pragmas. 24 25 - If open() fails then show the reason. 26 27 - Set STDIN io layer :crlf so that input is properly read on Windows. 28 29 - When STDIN is used as input, the filename $f is now set to "STDIN". 30 31 Various error messages in single() use $f for the filename and this way 32 it is not undefined when STDIN. 33 34 Closes https://github.com/curl/curl/pull/12819 35 36Daniel Stenberg (30 Jan 2024) 37 38- cd2nroff: fix duplicate output issue 39 40 Assisted-by: Jay Satiro 41 Fixes https://github.com/curl/curl-www/issues/321 42 Closes #12818 43 44- lib: error out on multissl + http3 45 46 Since the QUIC/h3 code has no knowledge or handling of multissl it might 47 bring unintended consequences if we allow it. 48 49 configure, cmake and curl_setup.h all now reject this combination. 50 51 Assisted-by: Viktor Szakats 52 Assisted-by: Gisle Vanem 53 Ref: #12806 54 Closes #12807 55 56Patrick Monnerat (29 Jan 2024) 57 58- OS400: sync ILE/RPG binding 59 60 Also do not force git CRLF line endings on *.cmd files for OS400. 61 62 Closes #12815 63 64Viktor Szakats (28 Jan 2024) 65 66- build: delete/replace 3 more clang warning pragmas 67 68 - tool_msgs: delete redundant `-Wformat-nonliteral` suppression pragma. 69 70 - whitespace formatting in `mprintf.h`, lib518, lib537. 71 72 - lib518: fix wrong variable in `sizeof()`. 73 74 - lib518: bump variables to `rlim_t`. 75 Follow-up to e2b394106d543c4615a60795b7fdce04bd4e5090 #1469 76 77 - lib518: sync error message with lib537 78 Follow-up to 365322b8bcf9efb6a361473d227b70f2032212ce 79 80 - lib518, lib537: replace `-Wformat-nonliteral` suppression pragmas 81 by reworking test code. 82 83 Follow-up to 5b286c250829e06a135a6ba998e80beb7f43a734 #12812 84 Follow-up to aee4ebe59161d0a5281743f96e7738ad97fe1cd4 #12803 85 Follow-up to 09230127589eccc7e01c1a7217787ef8e64f3328 #12540 86 Follow-up to 3829759bd042c03225ae862062560f568ba1a231 #12489 87 88 Reviewed-by: Daniel Stenberg 89 Closes #12814 90 91Richard Levitte (27 Jan 2024) 92 93- cmake: freshen up docs/INSTALL.cmake 94 95 - Turn docs/INSTALL.cmake into a proper markdown file, 96 docs/INSTALL-CMAKE.md 97 - Move things around to divide the description into configuration, 98 building and installing sections 99 - Mention the more modern cmake options to configure, build and install, 100 but also retain the older variants as fallbacks 101 102 Closes #12772 103 104Viktor Szakats (27 Jan 2024) 105 106- build: delete/replace clang warning pragmas 107 108 - delete redundant warning suppressions for `-Wformat-nonliteral`. 109 This now relies on `CURL_PRINTF()` and it's theoratically possible 110 that this macro isn't active but the warning is. We're ignoring this 111 as a corner-case here. 112 113 - replace two pragmas with code changes to avoid the warnings. 114 115 Follow-up to aee4ebe59161d0a5281743f96e7738ad97fe1cd4 #12803 116 Follow-up to 09230127589eccc7e01c1a7217787ef8e64f3328 #12540 117 Follow-up to 3829759bd042c03225ae862062560f568ba1a231 #12489 118 119 Reviewed-by: Daniel Stenberg 120 Closes #12812 121 122Daniel Stenberg (27 Jan 2024) 123 124- RELEASE-NOTES: synced 125 126- http: only act on 101 responses when they are HTTP/1.1 127 128 For 101 responses claiming to be any other protocol, bail out. This 129 would previously trigger an assert. 130 131 Add test 1704 to verify. 132 133 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66184 134 Closes #12811 135 136Scarlett McAllister (27 Jan 2024) 137 138- _VARIABLES.md: add missing 'be' into the sentence 139 140 Closes #12809 141 142Stefan Eissing (27 Jan 2024) 143 144- mqtt, remove remaining use of data->state.buffer 145 146 Closes #12799 147 148Daniel Stenberg (27 Jan 2024) 149 150- x509asn1: switch from malloc to dynbuf 151 152 Closes #12808 153 154- x509asn1: make utf8asn1str() use dynbuf instead of malloc + memcpy 155 156 Closes #12808 157 158- x509asn1: reduce malloc in Curl_extract_certinfo 159 160 Using dynbuf 161 162 Closes #12808 163 164Jay Satiro (27 Jan 2024) 165 166- THANKS: add Alexander Bartel and Brennan Kinney 167 168 They reported and investigated #10259 which was fixed by 7b2d98df. 169 170 Ref: https://github.com/curl/curl/issues/10259 171 172Daniel Stenberg (26 Jan 2024) 173 174- krb5: add prototype to silence clang warnings on mvsnprintf() 175 176 "error: format string is not a string literal" 177 178 Follow-up to 09230127589eccc7 which made the warning appear 179 180 Assisted-by: Viktor Szakats 181 Closes #12803 182 183- x509asn1: remove code for WANT_VERIFYHOST 184 185 No code ever sets this anymore since we dropped gskit 186 187 Follow-up to 78d6232f1f326b9ab4d 188 189 Closes #12804 190 191- socks: reduce the buffer size to 600 (from 8K) 192 193 This is malloc'ed memory and it does not more. Test 742 helps us verify 194 this. 195 196 Closes #12789 197 198Stefan Eissing (26 Jan 2024) 199 200- file+ftp: use stack buffers instead of data->state.buffer 201 202 Closes #12789 203 204- vtls: receive max buffer 205 206 - do not only receive one TLS record, but try to fill 207 the passed buffer 208 - consider <4K remaning space is "filled". 209 210 Closes #12801 211 212Daniel Stenberg (26 Jan 2024) 213 214- docs: do not start lines/sentences with So, But nor And 215 216 Closes #12802 217 218- docs: remove spurious ampersands from markdown 219 220 They were leftovers from the nroff conversion. 221 222 Follow-up to eefcc1bda4bccd800f5a5 223 224 Closes #12800 225 226Patrick Monnerat (26 Jan 2024) 227 228- sasl: make login option string override http auth 229 230 - Use http authentication mechanisms as a default, not a preset. 231 232 Consider http authentication options which are mapped to SASL options as 233 a default (overriding the hardcoded default mask for the protocol) that 234 is ignored if a login option string is given. 235 236 Prior to this change, if some HTTP auth options were given, sasl mapped 237 http authentication options to sasl ones but merged them with the login 238 options. 239 240 That caused problems with the cli tool that sets the http login option 241 CURLAUTH_BEARER as a side-effect of --oauth2-bearer, because this flag 242 maps to more than one sasl mechanisms and the latter cannot be cleared 243 individually by the login options string. 244 245 New test 992 checks this. 246 247 Fixes https://github.com/curl/curl/issues/10259 248 Closes https://github.com/curl/curl/pull/12790 249 250Stefan Eissing (26 Jan 2024) 251 252- socks: use own buffer instead of data->state.buffer 253 254 Closes #12788 255 256Daniel Stenberg (26 Jan 2024) 257 258- socks: fix generic output string to say SOCKS instead of SOCKS4 259 260 ... since it was also logged for SOCKS5. 261 262 Closes #12797 263 264- test742: test SOCKS5 with max length user, password and hostname 265 266 Adjusted the socksd server accordingly to allow for configuring that 267 long user name and password. 268 269 Closes #12797 270 271Stefan Eissing (25 Jan 2024) 272 273- ssh: use stack scratch buffer for seeks 274 275 - instead of data->state.buffer 276 277 Closes #12794 278 279Daniel Stenberg (25 Jan 2024) 280 281- krb5: access the response buffer correctly 282 283 As the pingpong code no longer uses the download buffer. 284 285 Folllow-up to c2d973627bab12ab 286 Pointed-out-by: Stefan Eissing 287 Closes #12796 288 289Stefan Eissing (25 Jan 2024) 290 291- mqtt: use stack scratch buffer for recv+publish 292 293 - instead of data->state.buffer 294 295 Closes #12792 296 297- telnet, use stack scratch buffer for do 298 299 - instead of data->state.buffer 300 301 Closes #12793 302 303- http, use stack scratch buffer 304 305 - instead of data->state.buffer 306 307 Closes #12791 308 309- ntlm_wb: do not use data->state.buf any longer 310 311 Closes #12787 312 313- gitignore: the generated `libcurl-symbols.md` 314 315 Closes #12795 316 317Daniel Stenberg (25 Jan 2024) 318 319- tool: fix the listhelp generation command 320 321 The previous command line to generate the tool_listhelp.c source file 322 broke with 2494b8dd5175cee7. 323 324 Make 'make listhelp' invoked in src/ generate it. Also update the 325 comment in the file to mention the right procedure. 326 327 Closes #12786 328 329- http: check for "Host:" case insensitively 330 331 When checking if the user wants to replace the header, the check should 332 be case insensitive. 333 334 Adding test 461 to verify 335 336 Found-by: Dan Fandrich 337 Ref: #12782 338 Closes #12784 339 340Tatsuhiro Tsujikawa (25 Jan 2024) 341 342- configure: add libngtcp2_crypto_boringssl detection 343 344 If OpenSSL is found to be BoringSSL or AWS-LC, and ngtcp2 is requested, 345 try to detect libngtcp2_crypto_boringssl. 346 347 Reported-by: ウさん 348 Fixes #12724 349 Closes #12769 350 351Daniel Stenberg (25 Jan 2024) 352 353- http: remove comment reference to a removed solution 354 355 Follow-up to 58974d25d 356 357 Closes #12785 358 359Stefan Eissing (25 Jan 2024) 360 361- pytest: Scorecard tracking CPU and RSS 362 363 Closes #12765 364 365Graham Campbell (25 Jan 2024) 366 367- GHA: bump ngtcp2, gnutls, mod_h2, quiche 368 369 - ngtcp2 to v1.2.0 370 - gnutls to 3.8.3 371 - mod_h2 to 2.0.26 372 - quiche to 0.20.0 373 374 Closes #12778 375 Closes #12779 376 Closes #12780 377 Closes #12781 378 379Daniel Stenberg (25 Jan 2024) 380 381- ftpserver.pl: send 213 SIZE response without spurious newline 382 383- pingpong: stop using the download buffer 384 385 The pingpong logic now uses its own dynbuf for receiving command 386 response data. 387 388 When the "final" response header for a commanad has been received, that 389 final line is left first in the recvbuf for the protocols to parse at 390 will. If there is additional data behind the final response line, the 391 'overflow' counter is indicate how many bytes. 392 393 Closes #12757 394 395- gen.pl: remove bold from .IP used for ## 396 397 Reported-by: Viktor Szakats 398 Fixes #12776 399 Closes #12777 400 401Viktor Szakats (24 Jan 2024) 402 403- cmake: rework options to enable curl and libcurl docs 404 405 Rework CMake options for building/using curl tool and libcurl manuals. 406 407 - rename `ENABLE_MANUAL` to `ENABLE_CURL_MANUAL`, meaning: 408 to build man page and built-in manual for curl tool. 409 410 - rename `BUILD_DOCS` to `BUILD_LIBCURL_DOCS`, meaning: 411 to build man pages for libcurl. 412 413 - `BUILD_LIBCURL_DOCS` now works without having to enable 414 `ENABLE_CURL_MANUAL` too. 415 416 - drop support for existing CMake-level `USE_MANUAL` option to avoid 417 confusion. (It used to work with the effect of current 418 `ENABLE_CURL_MANUAL`, but only by accident.) 419 420 Assisted-by: Richard Levitte 421 Ref: #12771 422 Closes #12773 423 424Daniel Stenberg (24 Jan 2024) 425 426- urlapi: remove assert 427 428 This assert triggers wrongly when CURLU_GUESS_SCHEME and 429 CURLU_NO_AUTHORITY are both set and the URL is a single path. 430 431 I think this assert has played out its role. It was introduced in a 432 rather big refactor. 433 434 Follow-up to 4cfa5bcc9a 435 436 Reported-by: promptfuzz_ on hackerone 437 Closes #12775 438 439Patrick Monnerat (24 Jan 2024) 440 441- tests: avoid int/size_t conversion size/sign warnings 442 443 Closes #12768 444 445Daniel Stenberg (24 Jan 2024) 446 447- GHA: add a job scanning for "bad words" in markdown 448 449 This means words, phrases or things we have decided not to use - words that 450 are spelled right according to the dictionary but we want to avoid. In the 451 name of consistency and better documentation. 452 453 Closes #12764 454 455Viktor Szakats (23 Jan 2024) 456 457- cmake: speed up curldown processing, enable by default 458 459 - cmake: enable `BUILD_DOCS` by default (this controls converting and 460 installing `.3` files from `.md` sources) 461 462 - cmake: speed up generating `.3` files by using a single command per 463 directory, instead of a single command per file. This reduces external 464 commands by about a thousand. (There remains some CMake logic kicking 465 in resulting in 500 -one per file- external `-E touch_nocreate` calls.) 466 467 - cd2nroff: add ability to process multiple input files. 468 469 - cd2nroff: add `-k` option to use the source filename to form the 470 output filename. (instead of the default in-file `Title:` line.) 471 472 Follow-up to 3f08d80b2244524646ce86915c585509ac54fb4c 473 Follow-up to ea0b575dab86a3c44dd1d547dc500276266aa382 #12753 474 Follow-up to eefcc1bda4bccd800f5a56a0fe17a2f44a96e88b #12730 475 476 Closes #12762 477 478Richard Levitte (23 Jan 2024) 479 480- docs: install curl.1 with cmake as well 481 482 Closes #12759 483 484Daniel Stenberg (23 Jan 2024) 485 486- osslq: remove the TLS library from the version output 487 488 Since we only support using a single TLS library at any one time, we 489 know that the TLS library for QUIC is the same that is also shown for 490 regular TLS. 491 492 Fixes #12763 493 Reported-by: Viktor Szakats 494 Closes #12767 495 496Stefan Eissing (23 Jan 2024) 497 498- CI: remove unnecessary OpenSSL 3 option `enable-tls1_3` 499 500 .. and switch OpenSSL 3 libdir from lib64 to lib for consistency. 501 502 Closes https://github.com/curl/curl/pull/12758 503 504- GHA: bump nghttp2 version to v1.59.0 505 506 - Switch to v1.59.0 for GHA CI jobs that use a specific nghttp2-version. 507 508 Closes https://github.com/curl/curl/pull/12766 509 510Daniel Stenberg (23 Jan 2024) 511 512- RELEASE-NOTES: synced 513 514- docs/cmdline: change to .md for cmdline docs 515 516 - switch all invidual files documenting command line options into .md, 517 as the documentation is now markdown-looking. 518 519 - made the parser treat 4-space indents as quotes 520 521 - switch to building the curl.1 manpage using the "mainpage.idx" file, 522 which lists the files to include to generate it, instead of using the 523 previous page-footer/headers. Also, those files are now also .md 524 ones, using the same format. I gave them underscore prefixes to make 525 them sort separately: 526 _NAME.md, _SYNOPSIS.md, _DESCRIPTION.md, _URL.md, _GLOBBING.md, 527 _VARIABLES.md, _OUTPUT.md, _PROTOCOLS.md, _PROGRESS.md, _VERSION.md, 528 _OPTIONS.md, _FILES.md, _ENVIRONMENT.md, _PROXYPREFIX.md, 529 _EXITCODES.md, _BUGS.md, _AUTHORS.md, _WWW.md, _SEEALSO.md 530 531 - updated test cases accordingly 532 533 Closes #12751 534 535dependabot[bot] (23 Jan 2024) 536 537- CI: bump actions/cache from 3 to 4 538 539 Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4. 540 - [Release notes](https://github.com/actions/cache/releases) 541 - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) 542 - [Commits](https://github.com/actions/cache/compare/v3...v4) 543 544 --- 545 updated-dependencies: 546 - dependency-name: actions/cache 547 dependency-type: direct:production 548 update-type: version-update:semver-major 549 ... 550 551 Signed-off-by: dependabot[bot] <support@github.com> 552 Closes #12756 553 554Daniel Stenberg (23 Jan 2024) 555 556- openssl: when verifystatus fails, remove session id from cache 557 558 To prevent that it gets used in a subsequent transfer that skips the 559 verifystatus check since that check can't be done when the session id is 560 reused. 561 562 Reported-by: Hiroki Kurosawa 563 Closes #12760 564 565Viktor Szakats (23 Jan 2024) 566 567- cmake: add option to disable building docs 568 569Richard Levitte (23 Jan 2024) 570 571- cmake: use curldown to build man pages 572 573 This throws away the previous HTML and PDF producers, to mimic what 574 Makefile.am does as faithfully as possible. 575 576 Closes #12753 577 578Daniel Stenberg (23 Jan 2024) 579 580- mksymbolsmanpage.pl: provide references to where the symbol is used 581 582- docs: introduce "curldown" for libcurl man page format 583 584 curldown is this new file format for libcurl man pages. It is markdown 585 inspired with differences: 586 587 - Each file has a set of leading headers with meta-data 588 - Supports a small subset of markdown 589 - Uses .md file extensions for editors/IDE/GitHub to treat them nicely 590 - Generates man pages very similar to the previous ones 591 - Generates man pages that still convert nicely to HTML on the website 592 - Detects and highlights mentions of curl symbols automatically (when 593 their man page section is specified) 594 595 tools: 596 597 - cd2nroff: converts from curldown to nroff man page 598 - nroff2cd: convert an (old) nroff man page to curldown 599 - cdall: convert many nroff pages to curldown versions 600 - cd2cd: verifies and updates a curldown to latest curldown 601 602 This setup generates .3 versions of all the curldown versions at build time. 603 604 CI: 605 606 Since the documentation is now technically markdown in the eyes of many 607 things, the CI runs many more tests and checks on this documentation, 608 including proselint, link checkers and tests that make sure we capitalize the 609 first letter after a period... 610 611 Closes #12730 612 613Viktor Szakats (22 Jan 2024) 614 615- libssh2: use `libssh2_session_callback_set2()` with v1.11.1 616 617 To avoid a local hack to pass function pointers and to avoid 618 deprecation warnings when building with libssh2 v1.11.1 or newer: 619 ``` 620 lib/vssh/libssh2.c:3324:5: warning: 'libssh2_session_callback_set' is depreca 621 ted: since libssh2 1.11.1. Use libssh2_session_callback_set2() [-Wdeprecated- 622 declarations] 623 lib/vssh/libssh2.c:3326:5: warning: 'libssh2_session_callback_set' is depreca 624 ted: since libssh2 1.11.1. Use libssh2_session_callback_set2() [-Wdeprecated- 625 declarations] 626 ``` 627 Ref: https://github.com/curl/curl-for-win/actions/runs/7609484879/job/2072082 628 1100#step:3:4982 629 630 Ref: https://github.com/libssh2/libssh2/pull/1285 631 Ref: https://github.com/libssh2/libssh2/commit/c0f69548be902147ce014ffa40b8db 632 3cf1d4b0b4 633 Reviewed-by: Daniel Stenberg 634 Closes #12754 635 636Daniel Stenberg (22 Jan 2024) 637 638- transfer: make the select_bits_paused condition check both directions 639 640 If there is activity in a direction that is not paused, return false. 641 642 Reported-by: Sergey Bronnikov 643 Bug: https://curl.se/mail/lib-2024-01/0049.html 644 Closes #12740 645 646Stefan Eissing (22 Jan 2024) 647 648- http3: initial support for OpenSSL 3.2 QUIC stack 649 650 - HTTP/3 for curl using OpenSSL's own QUIC stack together 651 with nghttp3 652 - configure with `--with-openssl-quic` to enable curl to 653 build this. This requires the nghttp3 library 654 - implementation with the following restrictions: 655 * macOS has to use an unconnected UDP socket due to an 656 issue in OpenSSL's datagram implementation 657 See https://github.com/openssl/openssl/issues/23251 658 This makes connections to non-reponsive servers hang. 659 * GET requests will send the indicator that they have 660 no body in a separate QUIC packet. This may result 661 in processing delays or Transfer-Encodings on proxied 662 requests 663 * uploads that encounter blocks will use 100% cpu as 664 detection of these flow control issue is not working 665 (we have not figured out to pry that from OpenSSL). 666 667 Closes #12734 668 669Viktor Szakats (22 Jan 2024) 670 671- cmake: fix `ENABLE_MANUAL` option 672 673 Fix the `ENABLE_MANUAL` option. Set it to default to `OFF`. 674 675 Before this patch `ENABLE_MANUAL=ON` was a no-op, even though it was the 676 option designed to enable building and using the built-in curl manual. 677 (`USE_MANUAL=ON` option worked for this instead, by accident). 678 679 Ref: https://github.com/curl/curl/pull/12730#issuecomment-1902572409 680 Closes #12749 681 682Mohammadreza Hendiani (19 Jan 2024) 683 684- TODO: update broken link to ratelimit-headers draft 685 686 Closes #12741 687 688Daniel Stenberg (19 Jan 2024) 689 690- cmake: when USE_MANUAL=YES, build the curl.1 man page 691 692 Fixes KNOWN_BUG 15.4 693 694 Closes #12742 695 696- cmdline-opts/write-out.d: remove spurious double quotes 697 698Stefan Eissing (19 Jan 2024) 699 700- rtsp: Convert assertion into debug log 701 702 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65934 703 704 - write excess bytes to the client where the standard excess bytes 705 checks will report any wrongness and fail the transfer 706 707 Fixes #12738 708 Closes #12739 709 710Daniel Stenberg (19 Jan 2024) 711 712- headers: remove assert from Curl_headers_push 713 714 The fuzzer managed to reach the function without a terminating CR or LF 715 so let's handle it normally. While there, remove the goto. 716 717 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65839 718 719 Closes #12721 720 721- curl_easy_getinfo.3: remove the wrong time value count 722 723 It said "six" time values but they are eight by now. Remove the mention 724 of the amount. 725 726 Closes #12727 727 728Viktor Szakats (18 Jan 2024) 729 730- mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls` 731 732 - Silence warning in mbedTLS v3.5.1 public headers: 733 ``` 734 ./mbedtls/_x64-linux-musl/usr/include/psa/crypto_extra.h:489:14: warning: r 735 edundant redeclaration of 'psa_set_key_domain_parameters' [-Wredundant-decls] 736 ./mbedtls/_x64-linux-musl/usr/include/psa/crypto_struct.h:354:14: note: pre 737 vious declaration of 'psa_set_key_domain_parameters' was here 738 ``` 739 Ref: https://github.com/libssh2/libssh2/commit/ecec68a2c13a9c63fe8c2dc457ae 740 785a513e157c 741 Ref: https://github.com/libssh2/libssh2/pull/1226 742 743 - Fix compiler warnings seen with gcc 9.2.0 + cmake unity: 744 ``` 745 ./curl/lib/vtls/mbedtls.c: In function 'mbedtls_bio_cf_read': 746 ./curl/lib/vtls/mbedtls.c:189:11: warning: null pointer dereference [-Wnull 747 -dereference] 748 189 | nread = Curl_conn_cf_recv(cf->next, data, (char *)buf, blen, &res 749 ult); 750 | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 751 ~~~~ 752 ./curl/lib/vtls/mbedtls.c: In function 'mbedtls_bio_cf_write': 753 ./curl/lib/vtls/mbedtls.c:168:14: warning: null pointer dereference [-Wnull 754 -dereference] 755 168 | nwritten = Curl_conn_cf_send(cf->next, data, (char *)buf, blen, & 756 result); 757 | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 758 ~~~~~~~ 759 ``` 760 761 - delete stray `#else`. 762 763 Closes #12720 764 765Daniel Stenberg (17 Jan 2024) 766 767- docs: cleanup nroff format use 768 769 - remove use of .BI for code snippet 770 - stop using .br, just do a blank line 771 - remove use of .PP 772 - remove use for .sp 773 - remove backslash in .IP 774 - use .IP instead of .TP 775 776 Closes #12731 777 778Stefan Eissing (17 Jan 2024) 779 780- test2307: fix expected failure code after ws refactoring 781 782 Fixes #12722 783 Closes #12728 784 785Jay Satiro (17 Jan 2024) 786 787- cf-socket: show errno in tcpkeepalive error messages 788 789 - If the socket keepalive options (TCP_KEEPIDLE, etc) cannot be set 790 then show the errno in the verbose error messages. 791 792 Ref: https://github.com/curl/curl/discussions/12715#discussioncomment-8151652 793 794 Closes https://github.com/curl/curl/pull/12726 795 796- tool_getparam: stop supporting `@filename` style for --cookie 797 798 The `@filename` style was never documented for --cookie <data|filename> 799 but prior to this change curl would accept it anyway and always treat a 800 @ prefixed string as a filename. 801 802 That's a problem if the string also contains a = sign because then it is 803 documented to be interpreted as a cookie string and not a filename. 804 805 Example: 806 807 `--cookie @foo=bar` 808 809 Before: Interpreted as load cookies from filename foo=bar. 810 811 After: Interpreted as cookie `@foo=bar` (name `@foo` and value `bar`). 812 813 Other curl options with a data/filename option-value use the `@filename` 814 to distinguish filenames which is probably how this happened. The 815 --cookie option has never been documented that way. 816 817 Ref: https://curl.se/docs/manpage.html#-b 818 819 Closes https://github.com/curl/curl/pull/12645 820 821Stefan Eissing (16 Jan 2024) 822 823- websockets: refactor decode chain 824 825 - use client writer stack for decoding frames 826 - move websocket protocol handler to ws.c 827 828 Closes #12713 829 830- websockets: check for negative payload lengths 831 832 - in en- and decoding, check the websocket frame payload lengths for 833 negative values (from curl_off_t) and error the operation in that case 834 - add test 2307 to verify 835 836 Closes #12707 837 838Daniel Stenberg (16 Jan 2024) 839 840- docs: mention env vars not used by schannel 841 842 Ref: #12704 843 844 Co-authored-by: Jay Satiro <raysatiro@yahoo.com> 845 846 Closes #12711 847 848- tool_operate: make --remove-on-error only remove "real" files 849 850 Reported-by: Harry Sintonen 851 Assisted-by: Dan Fandrich 852 853 Closes #12710 854 855Jay Wu (16 Jan 2024) 856 857- url: don't set default CA paths for Secure Transport backend 858 859 As the default for this backend is the native CA store. 860 861 Closes #12704 862 863Lin Sun (16 Jan 2024) 864 865- asyn-ares: with modern c-ares, use its default timeout 866 867 Closes #12703 868 869Daniel Stenberg (15 Jan 2024) 870 871- tool_operate: stop setting the file comment on Amiga 872 873 - the URL is capped at 80 cols, which ruins it if longer 874 - it does not strip off URL credentials 875 - it is done unconditonally, not on --xattr 876 - we don't have Amiga in the CI which makes fixing it blindly fragile 877 878 Someone who builds and tests on Amiga can add it back correctly in a 879 future if there is a desire. 880 881 Reported-by: Harry Sintonen 882 Closes #12709 883 884Stefan Eissing (15 Jan 2024) 885 886- rtsp: deal with borked server responses 887 888 - enforce a response body length of 0, if the 889 response has no Content-lenght. This is according 890 to the RTSP spec. 891 - excess bytes in a response body are forwarded to 892 the client writers which will report and fail the 893 transfer 894 895 Follow-up to d7b6ce6 896 Fixes #12701 897 Closes #12706 898 899Daniel Stenberg (14 Jan 2024) 900 901- version: show only the libpsl version, not its dependencies 902 903 The libpsl version output otherwise also includes version number for its 904 dependencies, like IDN lib, but since libcurl does not use libpsl's IDN 905 functionality those components are not important. 906 907 Ref: https://github.com/curl/curl-for-win/issues/63 908 Closes #12700 909 910Brad Harder (14 Jan 2024) 911 912- curl.h: CURLOPT_DNS_SERVERS is only available with c-ares 913 914 Closes #12695 915 916Daniel Stenberg (14 Jan 2024) 917 918- cmdline-opts/gen.pl: error on initital blank line 919 920 After the "---" separator, there should be no blank line and this script 921 now errors out if one is detected. 922 923 Ref: #12696 924 Closes #12698 925 926- cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper 927 928 Follow-up to 693cd1679361828a which was incomplete 929 930 Ref #12680 931 Closes #12697 932 933- curl_multi_fdset.3: remove mention of null pointer support 934 935 ... since this funtion has not supported null pointer fd_set arguments since 936 at least 2006. (That's when I stopped my git blame journey) 937 938 Fixes #12691 939 Reported-by: sfan5 on github 940 Closes #12692 941 942Mark Huang (14 Jan 2024) 943 944- docs/cmdline: remove unnecessary line breaks 945 946 Closes #12696 947 948Daniel Stenberg (14 Jan 2024) 949 950- transfer: remove warning: Value stored to 'blen' is never read 951 952 Detected by scan-build 953 954 Follow-up from 1cd2f0072f 955 956 Closes #12693 957 958Stefan Eissing (13 Jan 2024) 959 960- lib: replace readwrite with write_resp 961 962 This clarifies the handling of server responses by folding the code for 963 the complicated protocols into their protocol handlers. This concerns 964 mainly HTTP and its bastard sibling RTSP. 965 966 The terms "read" and "write" are often used without clear context if 967 they refer to the connect or the client/application side of a 968 transfer. This PR uses "read/write" for operations on the client side 969 and "send/receive" for the connection, e.g. server side. If this is 970 considered useful, we can revisit renaming of further methods in another 971 PR. 972 973 Curl's protocol handler `readwrite()` method been changed: 974 975 ```diff 976 - CURLcode (*readwrite)(struct Curl_easy *data, struct connectdata *conn, 977 - const char *buf, size_t blen, 978 - size_t *pconsumed, bool *readmore); 979 + CURLcode (*write_resp)(struct Curl_easy *data, const char *buf, size_t ble 980 n, 981 + bool is_eos, bool *done); 982 ``` 983 984 The name was changed to clarify that this writes reponse data to the 985 client side. The parameter changes are: 986 987 * `conn` removed as it always operates on `data->conn` 988 * `pconsumed` removed as the method needs to handle all data on success 989 * `readmore` removed as no longer necessary 990 * `is_eos` as indicator that this is the last call for the transfer 991 response (end-of-stream). 992 * `done` TRUE on return iff the transfer response is to be treated as 993 finished 994 995 This change affects many files only because of updated comments in 996 handlers that provide no implementation. The real change is that the 997 HTTP protocol handlers now provide an implementation. 998 999 The HTTP protocol handlers `write_resp()` implementation will get passed 1000 **all** raw data of a server response for the transfer. The HTTP/1.x 1001 formatted status and headers, as well as the undecoded response 1002 body. `Curl_http_write_resp_hds()` is used internally to parse the 1003 response headers and pass them on. This method is public as the RTSP 1004 protocol handler also uses it. 1005 1006 HTTP/1.1 "chunked" transport encoding is now part of the general 1007 *content encoding* writer stack, just like other encodings. A new flag 1008 `CLIENTWRITE_EOS` was added for the last client write. This allows 1009 writers to verify that they are in a valid end state. The chunked 1010 decoder will check if it indeed has seen the last chunk. 1011 1012 The general response handling in `transfer.c:466` happens in function 1013 `readwrite_data()`. This mainly operates now like: 1014 1015 ``` 1016 static CURLcode readwrite_data(data, ...) 1017 { 1018 do { 1019 Curl_xfer_recv_resp(data, buf) 1020 ... 1021 Curl_xfer_write_resp(data, buf) 1022 ... 1023 } while(interested); 1024 ... 1025 } 1026 ``` 1027 1028 All the response data handling is implemented in 1029 `Curl_xfer_write_resp()`. It calls the protocol handler's `write_resp()` 1030 implementation if available, or does the default behaviour. 1031 1032 All raw response data needs to pass through this function. Which also 1033 means that anyone in possession of such data may call 1034 `Curl_xfer_write_resp()`. 1035 1036 Closes #12480 1037 1038Daniel Stenberg (13 Jan 2024) 1039 1040- RELEASE-NOTES: synced 1041 1042- TODO: TFTP doesn't convert LF to CRLF for mode=netascii 1043 1044 Closes #12655 1045 Closes #12690 1046 1047- gen: do italics/bold for a range of letters, not just single word 1048 1049 Previously it would match only on a sequence of non-space, which made it 1050 miss to highlight for example "public suffix list". 1051 1052 Updated the recent cookie.d edit from 5da57193b732 to use bold instead 1053 of italics. 1054 1055 Closes #12689 1056 1057- docs: describe and highlight super cookies 1058 1059 Reported-by: Yadhu Krishna M 1060 1061 Closes #12687 1062 1063- configure: when enabling QUIC, check that TLS supports QUIC 1064 1065 Most importantly perhaps is when using OpenSSL that the used 1066 build/flavor has the QUIC API: the vanilla OpenSSL does not, only 1067 BoringSSL, libressl, AWS-LC and quictls do. 1068 1069 Ref: https://github.com/curl/curl/commit/5d044ad9480a9f556f4b6a252d7533b1ba7f 1070 e57e#r136780413 1071 1072 Closes #12683 1073 1074Stefan Eissing (11 Jan 2024) 1075 1076- vquic: extract TLS setup into own source 1077 1078 - separate ngtcp2 specific parts out 1079 - provide callback during init to allow ngtcp2 to apply its defaults 1080 1081 Closes #12678 1082 1083Sergey Markelov (11 Jan 2024) 1084 1085- multi: remove total timer reset in file_do() while fetching file:// 1086 1087 The total timer is properly reset in MSTATE_INIT. MSTATE_CONNECT starts 1088 with resetting the timer that is a start point for further multi states. 1089 If file://, MSTATE_DO calls file_do() that should not reset the total 1090 timer. Otherwise, the total time is always less than the pre-transfer 1091 and the start transfer times. 1092 1093 Closes #12682 1094 1095Daniel Stenberg (11 Jan 2024) 1096 1097- http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT 1098 1099 Extended test 80 to verify this. 1100 1101 Reported-by: Stefan Eissing 1102 Fixes #12680 1103 Closes #12681 1104 1105- sectransp: do verify_cert without memdup for blobs 1106 1107 Since the information is then already stored in memory, this can avoid 1108 an extra set of malloc + free calls. 1109 1110 Closes #12679 1111 1112- hsts: remove assert for zero length domain 1113 1114 A zero length domain can happen if the HSTS parser is given invalid 1115 input data which is not unheard of and is done by the fuzzer. 1116 1117 Follow-up from cfe7902111ae547873 1118 1119 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65661 1120 1121 Closes #12676 1122 1123- headers: make sure the trailing newline is not stored 1124 1125 extended test1940 to verify blank header fields too 1126 1127 Bug: https://curl.se/mail/lib-2024-01/0019.html 1128 Reported-by: Dmitry Karpov 1129 Closes #12675 1130 1131- curl_easy_header.3: tiny language fix 1132 1133 Closes #12672 1134 1135- examples/range.c: add 1136 1137 Closes #12671 1138 1139- examples/netrc.c: add 1140 1141 Closes #12671 1142 1143- examples/ipv6.c: new example showing IPv6-only internet transfer 1144 1145 Closes #12671 1146 1147- examples/address-scope.c: renamed from ipv6.c 1148 1149 It shows address scope use really 1150 1151 Closes #12671 1152 1153Stefan Eissing (9 Jan 2024) 1154 1155- multi: pollset adjust, init with FIRSTSOCKET during connect 1156 1157 - `conn->sockfd` is set by `Curl_setup_transfer()`, but that 1158 is called *after* the connection has been established 1159 - use `conn->sock[FIRSTSOCKET]` instead 1160 1161 Follow-up to a0f94800d507de 1162 Closes #12664 1163 1164Daniel Stenberg (9 Jan 2024) 1165 1166- WEBSOCKET.md: remove dead link 1167 1168- CI: spellcheck/appveyor: invoke configure --without-libpsl 1169 1170 Follow-up to 2998874bb61ac6 1171 1172- cmdline/docs/*.d: switch to using ## instead of .IP 1173 1174 To make the editing easier. To write and to read. 1175 1176 Closes #12667 1177 1178- gen.pl: support ## for doing .IP in table-like lists 1179 1180 Warn on use of .RS/.IP/.RE 1181 1182 Closes #12667 1183 1184Jay Satiro (9 Jan 2024) 1185 1186- cookie.d: Document use of empty string to enable cookie engine 1187 1188 - Explain that --cookie "" can be used to enable the cookie engine 1189 without reading any initial cookies. 1190 1191 As is documented in CURLOPT_COOKIEFILE. 1192 1193 Ref: https://curl.se/libcurl/c/CURLOPT_COOKIEFILE.html 1194 1195 Bug: https://github.com/curl/curl/issues/12643#issuecomment-1879844420 1196 Reported-by: janko-js@users.noreply.github.com 1197 1198 Closes https://github.com/curl/curl/pull/12646 1199 1200Daniel Stenberg (9 Jan 2024) 1201 1202- setopt: use memdup0 when cloning COPYPOSTFIELDS 1203 1204 Closes #12651 1205 1206- telnet: use dynbuf instad of malloc for escape buffer 1207 1208 Previously, send_telnet_data() would malloc + free a buffer every time 1209 for escaping IAC codes. Now, it reuses a dynbuf for this purpose. 1210 1211 Closes #12652 1212 1213- CI: install libpsl or configure --without-libpsl in builds 1214 1215 As a follow-up to the stricted libpsl check in configure 1216 1217- configure: make libpsl detection failure cause error 1218 1219 To force users to explictily disable it if they really don't want it 1220 used and make it harder to accidentally miss it. 1221 1222 --without-libpsl is the option to use if PSL is not wanted. 1223 1224 Closes #12661 1225 1226- RELEASE-NOTES: synced 1227 1228- pop3: replace calloc + memcpy with memdup0 1229 1230 ... and make sure to return error on out of memory. 1231 1232 Closes #12650 1233 1234- lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT 1235 1236 Closes #12658 1237 1238- mime: use memdup0 instead of malloc + memcpy 1239 1240 Closes #12649 1241 1242- tool_getparam: move the --rate logic into set_rate() 1243 1244- tool_getparam: switch to an enum for every option 1245 1246 To make the big switch much easier to read/understand and to make it 1247 easier to add new options. 1248 1249- tool_getparam: build post data using dynbuf (more) 1250 1251- tool_getparam: replace malloc + copy by dynbuf for --data 1252 1253- tool_getparam: make data_urlencode avoid direct malloc 1254 1255 use aprintf() instead 1256 1257- tool_getparam: move the --url-query logic into url_query() 1258 1259 This function is not doing post at all so it was always weirdly placed. 1260 1261- tool_getparam: move the --data logic into set_data() 1262 1263- tool_getparam: unify the cmdline switch() into a single one 1264 1265 - easier to follow, easier to modify, easier to extend, possibly slightly 1266 faster 1267 1268 - each case now has the long option as a comment 1269 1270- tool_getparam: bsearch cmdline options 1271 1272 - the option names are now alpha sorted and lookup is a lot faster 1273 1274 - use case sensitive matching. It was previously case insensitive, but that 1275 was not documented nor tested. 1276 1277 - remove "partial match" feature. It was not documented, not tested and 1278 was always fragile as existing use could break when we add a new 1279 option 1280 1281 - lookup short options via a table 1282 1283 Closes #12631 1284 1285Gabe (8 Jan 2024) 1286 1287- COPYING: update copyright year 1288 1289 Closes #12654 1290 1291Stefan Eissing (8 Jan 2024) 1292 1293- url: init conn->sockfd and writesockfd to CURL_SOCKET_BAD 1294 1295 Also add more tracing to test 19 1296 1297 Follow-up to a0f9480 1298 1299 Fixes #12657 1300 Closes #12659 1301 1302Daniel Stenberg (8 Jan 2024) 1303 1304- connect: remove margin from eyeballer alloc 1305 1306 Presumably leftovers from debugging 1307 1308 Closes #12647 1309 1310- ftp: only consider entry path if it has a length 1311 1312 Follow-up from 8edcfedc1a144f438bd1cdf814a0016cb 1313 1314 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65631 1315 1316 Avoids a NULL pointer deref. 1317 1318 Closes #12648 1319 1320Stefan Eissing (7 Jan 2024) 1321 1322- transfer: adjust_pollset improvements 1323 1324 - let `multi_getsock()` initialize the pollset in what the 1325 transfer state requires in regards to SEND/RECV 1326 - change connection filters `adjust_pollset()` implementation 1327 to react on the presence of POLLIN/-OUT in the pollset and 1328 no longer check CURL_WANT_SEND/CURL_WANT_RECV 1329 - cf-socket will no longer add POLLIN on its own 1330 - http2 and http/3 filters will only do adjustments if the 1331 passed pollset wants to POLLIN/OUT for the transfer on 1332 the socket. This is similar to the HTTP/2 proxy filter 1333 and works in stacked filters. 1334 1335 Closes #12640 1336 1337Daniel Stenberg (6 Jan 2024) 1338 1339- ftp: use memdup0 to store the OS from a SYST 215 response 1340 1341 avoid malloc + direct buffer fiddle 1342 1343 Closes #12639 1344 1345- ftp: use dynbuf to store entrypath 1346 1347 avoid direct malloc 1348 1349 Closes #12638 1350 1351Lealem Amedie (6 Jan 2024) 1352 1353- wolfssl: load certificate *chain* for PEM client certs 1354 1355 Closes #12634 1356 1357Stefan Eissing (4 Jan 2024) 1358 1359- http: adjust_pollset fix 1360 1361 do not add a socket for POLLIN when the transfer does not want to send 1362 (for example is paused). 1363 1364 Follow-up to 47f5b1a 1365 1366 Reported-by: bubbleguuum on github 1367 Fixes #12632 1368 Closes #12633 1369 1370Daniel Stenberg (3 Jan 2024) 1371 1372- tool: make parser reject blank arguments if not supported 1373 1374 Already in the getstr() function that clones the input argument. 1375 1376 Closes #12620 1377 1378dependabot[bot] (3 Jan 2024) 1379 1380- build(deps): bump github/codeql-action from 2 to 3 1381 1382 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 1383 to 3. 1384 - [Release notes](https://github.com/github/codeql-action/releases) 1385 - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) 1386 - [Commits](https://github.com/github/codeql-action/compare/v2...v3) 1387 1388 --- 1389 updated-dependencies: 1390 - dependency-name: github/codeql-action 1391 dependency-type: direct:production 1392 update-type: version-update:semver-major 1393 ... 1394 1395 Signed-off-by: dependabot[bot] <support@github.com> 1396 1397 Closes #12625 1398 1399- build(deps): bump actions/checkout from 3 to 4 1400 1401 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. 1402 - [Release notes](https://github.com/actions/checkout/releases) 1403 - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) 1404 - [Commits](https://github.com/actions/checkout/compare/v3...v4) 1405 1406 --- 1407 updated-dependencies: 1408 - dependency-name: actions/checkout 1409 dependency-type: direct:production 1410 update-type: version-update:semver-major 1411 ... 1412 1413 Signed-off-by: dependabot[bot] <support@github.com> 1414 1415 Closes #12624 1416 1417- build(deps): bump actions/upload-artifact from 3 to 4 1418 1419 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) f 1420 rom 3 to 4. 1421 - [Release notes](https://github.com/actions/upload-artifact/releases) 1422 - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4) 1423 1424 --- 1425 updated-dependencies: 1426 - dependency-name: actions/upload-artifact 1427 dependency-type: direct:production 1428 update-type: version-update:semver-major 1429 ... 1430 1431 Signed-off-by: dependabot[bot] <support@github.com> 1432 1433 Closes #12627 1434 1435- build(deps): bump actions/download-artifact from 3 to 4 1436 1437 Bumps [actions/download-artifact](https://github.com/actions/download-artifac 1438 t) from 3 to 4. 1439 - [Release notes](https://github.com/actions/download-artifact/releases) 1440 - [Commits](https://github.com/actions/download-artifact/compare/v3...v4) 1441 1442 --- 1443 updated-dependencies: 1444 - dependency-name: actions/download-artifact 1445 dependency-type: direct:production 1446 update-type: version-update:semver-major 1447 ... 1448 1449 Signed-off-by: dependabot[bot] <support@github.com> 1450 1451 Closes #12626 1452 1453Stefan Eissing (3 Jan 2024) 1454 1455- http3/quiche: fix result code on a stream reset 1456 1457 - fixes pytest failures in test 07_22 1458 - aligns CURLcode values on stream reset with ngtcp2 1459 1460 Closes #12629 1461 1462Daniel Stenberg (2 Jan 2024) 1463 1464- setopt: clear mimepost when formp is freed 1465 1466 A precaution to avoid a possibly dangling pointer left behind. 1467 1468 Reported-by: Thomas Ferguson 1469 Fixes #12608 1470 Closes #12621 1471 1472Andy Alt (2 Jan 2024) 1473 1474- CI: Add dependabot.yml 1475 1476 This will cause dependabot to open a PR when various actions are 1477 updated, provided that the action maintainer has issued a release. 1478 1479 Closes #12623 1480 1481Gisle Vanem (2 Jan 2024) 1482 1483- content_encoding: change return code to typedef'ed enum 1484 1485 ... to work around a clang ubsan warning. 1486 1487 Fixes #12618 1488 Closes #12622 1489 1490Daniel Stenberg (2 Jan 2024) 1491 1492- tool: prepend output_dir in header callback 1493 1494 When Content-Disposition parsing is used and an output dir is prepended, 1495 make sure to store that new file name correctly so that it can be used 1496 for setting the file timestamp when --remote-time is used. 1497 1498 Extended test 3012 to verify. 1499 1500 Co-Authored-by: Jay Satiro 1501 Reported-by: hgdagon on github 1502 Fixes #12614 1503 Closes #12617 1504 1505- test1254: fix typo in name plus shorten it 1506 1507- RELEASE-NOTES: synced 1508 1509Viktor Szakats (2 Jan 2024) 1510 1511- schannel: fix `-Warith-conversion` gcc 13 warning 1512 1513 ``` 1514 lib/vtls/schannel.c:1201:22: warning: conversion to 'unsigned int' from 'int' 1515 may change the sign of the result [-Warith-conversion] 1516 1201 | *extension_len = *list_len + 1517 | ^ 1518 ``` 1519 1520 Closes #12616 1521 1522- asyn-thread: silence `-Wcast-align` warning for Windows 1523 1524 Seen with llvm/clang 17: 1525 ``` 1526 lib/asyn-thread.c:310:5: warning: cast from 'PCHAR' (aka 'char *') to 'struct 1527 thread_sync_data *' increases required alignment from 1 to 8 [-Wcast-align] 1528 310 | CONTAINING_RECORD(overlapped, struct thread_sync_data, w8.overlap 1529 ped); 1530 | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1531 ~~~~ 1532 .../llvm-mingw/aarch64-w64-mingw32/include/winnt.h:717:48: note: expanded fro 1533 m macro 'CONTAINING_RECORD' 1534 717 | #define CONTAINING_RECORD(address,type,field) ((type *)((PCHAR)(addre 1535 ss) - (ULONG_PTR)(&((type *)0)->field))) 1536 | ^~~~~~~~~~~~~~~~~~~~~~ 1537 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1538 ``` 1539 1540 Follow-up to a6bbc87f9e9ffb46a1801dfb983e7534825ed56b #12482 1541 1542 Ref: https://github.com/curl/curl/pull/12482#issuecomment-1873017261 1543 Closes #12615 1544 1545Daniel Stenberg (2 Jan 2024) 1546 1547- tool_listhelp: regenerate after recent .d updates 1548 1549 Makes it survive test 1478 1550 1551 Closes #12612 1552 1553- test1478: verify src/tool_listhelp.c 1554 1555 Verify that the source file on disk is identical to the output of gen.pl 1556 listhelp, as otherwise they are out of sync and need attention. 1557 1558 Closes #12612 1559 1560- testutil: make runtests support %include 1561 1562 Using this instruction, a test case can include the contents of a file 1563 into the test during the preprocessing. 1564 1565 Closes #12612 1566 1567- runtests: for mode="text" on <stdout>, fix newlines on both parts 1568 1569 Closes #12612 1570 1571Jay Satiro (2 Jan 2024) 1572 1573- quiche: return CURLE_HTTP3 on send to invalid stream 1574 1575 Prior to this change if a send failed on a stream in an invalid state 1576 (according to quiche) and not marked as closed (according to libcurl) 1577 then the send function would return CURLE_SEND_ERROR. 1578 1579 We already have similar code for ngtcp2 to return CURLE_HTTP3 in this 1580 case. 1581 1582 Caught by test test_07_upload.py: test_07_22_upload_parallel_fail. 1583 1584 Fixes https://github.com/curl/curl/issues/12590 1585 Closes https://github.com/curl/curl/pull/12597 1586 1587Daniel Stenberg (1 Jan 2024) 1588 1589- cmdline-opts: update availability for the *-ca-native options 1590 1591 Closes #12613 1592 1593Patrick Monnerat (31 Dec 2023) 1594 1595- openldap: fix STARTTLS 1596 1597 It was not working anymore since introduction of connection filters. 1598 1599 Also do not attempt to recover from a failing TLS negotiation with 1600 CURLUSESSL_TRY. 1601 1602 Closes #12610 1603 1604Daniel Stenberg (31 Dec 2023) 1605 1606- haproxy-clientip.d: document the arg 1607 1608 The arg keyword was missing and therefore not present in the man page. 1609 1610 Closes #12611 1611 1612annalee (29 Dec 2023) 1613 1614- configure: fix no default int compile error in ipv6 detection 1615 1616 Closes #12607 1617 1618Dan Fandrich (28 Dec 2023) 1619 1620- CI: Fix use of any-glob-to-all-files in the labeler 1621 1622 Despite its name, this atom acts like one-glob-to-all-files and a 1623 different syntax with braces must be used to get 1624 any-glob-to-all-files semantics. Unfortunately, this makes the file 1625 completely unreadable. 1626 1627 Ref: https://github.com/actions/labeler/issues/731 1628 1629Daniel Stenberg (29 Dec 2023) 1630 1631- CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER 1632 1633- CURLINFO_REFERER.3: clarify that it is the *request* header 1634 1635 That libcurl itself sent in the most recent request 1636 1637 Closes #12605 1638 1639Jay Satiro (28 Dec 2023) 1640 1641- system_win32: fix a function pointer assignment warning 1642 1643 - Use CURLX_FUNCTION_CAST to suppress a function pointer assignment 1644 warning. 1645 1646 a6bbc87f added lookups of some Windows API functions and then cast them 1647 like `*(FARPROC*)&Curl_funcname = address`. Some versions of gcc warn 1648 about that as breaking strict-aliasing rules so this PR changes those 1649 assignments to use CURLX_FUNCTION_CAST. 1650 1651 Bug: https://github.com/curl/curl/pull/12581#issuecomment-1869804317 1652 Reported-by: Marcel Raad 1653 1654 Closes https://github.com/curl/curl/pull/12602 1655 1656- verify-examples.pl: fail verification on unescaped backslash 1657 1658 - Check that all backslashes in EXAMPLE are properly escaped. 1659 1660 eg manpage must always use `\\n` never `\n`. 1661 1662 This is because the manpage requires we always double blackslash to show 1663 a single backslash. Prior to this change an erroneous single backslash 1664 would pass through and compile even though it would not show correctly 1665 in the manpage. 1666 1667 Co-authored-by: Daniel Stenberg 1668 1669 Ref: https://github.com/curl/curl/pull/12588 1670 1671 Closes https://github.com/curl/curl/pull/12589 1672 1673- vtls: fix missing multissl version info 1674 1675 - Fix erroneous buffer copy logic from ff74cef5. 1676 1677 Prior to this change the MultiSSL version info returned to the user 1678 was empty. 1679 1680 Closes https://github.com/curl/curl/pull/12599 1681 1682Daniel Stenberg (27 Dec 2023) 1683 1684- KNOWN_BUGS: [RTSP] Some methods do not support response bodies 1685 1686 Closes #12414 1687 1688Patrick Monnerat (27 Dec 2023) 1689 1690- openldap: fix an LDAP crash 1691 1692 Reported-by: Ozan Cansel 1693 Fixes #12593 1694 Closes #12600 1695 1696Daniel Stenberg (27 Dec 2023) 1697 1698- getinfo: CURLINFO_QUEUE_TIME_T 1699 1700 Returns the time, in microseconds, during which this transfer was held 1701 in a waiting queue before it started "for real". A transfer might be put 1702 in a queue if after getting started, it cannot create a new connection 1703 etc due to set conditions and limits imposed by the application. 1704 1705 Ref: #12293 1706 Closes #12368 1707 1708- RELEASE-NOTES: synced 1709 1710Jay Satiro (26 Dec 2023) 1711 1712- examples/sendrecv: fix comment line length 1713 1714 Caught by checksrc. 1715 1716Haydar Alaidrus (23 Dec 2023) 1717 1718- CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example 1719 1720 - Escape inner quotes with two backslashes. 1721 1722 Two backslashes escapes the backslash for the man page and will show as 1723 a single backslash. 1724 1725 eg: "{\\"name\\": \\"daniel\\"}" shows as "{\"name\": \"daniel\"}". 1726 1727 Closes https://github.com/curl/curl/pull/12588 1728 1729Viktor Szakats (23 Dec 2023) 1730 1731- appveyor: tidy-ups 1732 1733 - replace two remaining backslashes with forward slashes. 1734 - tidy up the way we form and pass `TFLAGS`. 1735 1736 Follow-up to 2d4d0c1fd32f5cc3f946c407c8eccd5477b287df #12572 1737 1738 Closes #12582 1739 1740Stefan Eissing (22 Dec 2023) 1741 1742- transfer: fix upload rate limiting, add test cases 1743 1744 - add test cases for rate limiting uploads for all 1745 http versions 1746 - fix transfer loop handling of limits. Signal a re-receive 1747 attempt only on exhausting maxloops without an EAGAIN 1748 - fix `data->state.selectbits` forcing re-receive to also 1749 set re-sending when transfer is doing this. 1750 1751 Reported-by: Karthikdasari0423 on github 1752 Fixes #12559 1753 Closes #12586 1754 1755Daniel Stenberg (22 Dec 2023) 1756 1757- mbedtls: free the entropy when threaded 1758 1759 The entropy_free was never done for threaded builds, causing a small 1760 (fixed) memory leak. 1761 1762 Reported-by: RevaliQaQ on github 1763 Fixes #12584 1764 Closes #12585 1765 1766Stefan Eissing (22 Dec 2023) 1767 1768- http2: improved on_stream_close/data_done handling 1769 1770 - there seems to be a code path that cleans up easy handles without 1771 triggering DONE or DETACH events to the connection filters. This 1772 would explain wh nghttp2 still holds stream user data 1773 - add GOOD check to easy handle used in on_close_callback to 1774 prevent crashes, ASSERTs in debug builds. 1775 - NULL the stream user data early before submitting RST 1776 - add checks in on_stream_close() to identify UNGOOD easy handles 1777 1778 Reported-by: Hans-Christian Egtvedt 1779 Fixes #10936 1780 Closes #12562 1781 1782Daniel Stenberg (22 Dec 2023) 1783 1784- mprintf: overhaul and bugfixes 1785 1786 In a test case using lots of snprintf() calls using many commonly used 1787 %-codes per call, this version is around 30% faster than previous 1788 version. 1789 1790 It also fixes the #12561 bug which made it not behave correctly when 1791 given unknown %-sequences. Fixing that flaw required a different take on 1792 the problem, which resulted in the new two-arrays model. 1793 1794 lib557: extended - Verify the #12561 fix and test more printf features 1795 1796 unit1398: fix test: It used a <num>$ only for one argument, which is not 1797 supported. 1798 1799 Fixes #12561 1800 Closes #12563 1801 1802Viktor Szakats (21 Dec 2023) 1803 1804- appveyor: replace PowerShell with bash + parallel autotools 1805 1806 PowerShell works (after a steep development curve), but one property of 1807 it stuck and kept causing unresolvable usability issues: With 1808 `$ErrorActionPreference=Stop`, it does abort on failures, but shows only 1809 the first line of the error message. In `Continue` mode, it shows the 1810 full error message, but doesn't stop on all errors. Another issue is 1811 PowerShell considering any stderr output as if the command failed (this 1812 has been improved in 7.2 (2021-Nov), but fixed versions aren't running 1813 in CI and will not be for a long time in all test images.) 1814 1815 Thus, we're going with bash. 1816 1817 Also: 1818 - use `-j2` with autotools tests, making them finish 5-15 minutes per 1819 job faster. 1820 - omit `POSIX_PATH_PREFIX`. 1821 - use `WINDIR`. 1822 - prefer forward slashes. 1823 1824 Follow-up to: 75078a415d9c769419aed4153d3d525a8eba95af #11999 1825 Ref: #12444 1826 1827 Fixes #12560 1828 Closes #12572 1829 1830Pavel Pavlov (21 Dec 2023) 1831 1832- asyn-thread: use GetAddrInfoExW on >= Windows 8 1833 1834 For doing async DNS resolution instead of starting a thread for each 1835 request. 1836 1837 Fixes #12481 1838 Closes #12482 1839 1840Daniel Stenberg (21 Dec 2023) 1841 1842- strerror: repair get_winsock_error() 1843 1844 It would try to read longer than the provided string and crash. 1845 1846 Follow-up to ff74cef5d4a0cf60106517a1c7384 1847 Reported-by: calvin2021y on github 1848 Fixes #12578 1849 Closes #12579 1850 1851- CURLOPT_SSH_*_KEYFILE: clarify 1852 1853 Closes #12554 1854 1855ivanfywang (21 Dec 2023) 1856 1857- ngtcp2: put h3 at the front of alpn 1858 1859 Closes #12576 1860 1861Daniel Stenberg (21 Dec 2023) 1862 1863- test460: verify a command line using --expand with no argument 1864 1865 This verifies the fix for #12565 1866 1867- tool_getparam: do not try to expand without an argument 1868 1869 This would lead to a segfault. 1870 1871 Fixes #12565 1872 Reported-by: Geeknik Labs 1873 Closes #12575 1874 1875- RELEASE-NOTES: synced 1876 1877 Bumped version to 8.6.0 because of changes 1878 1879- Makefile.am: fix the MSVC project generation 1880 1881 It made the vcxproj files not get included in dist tarballs. 1882 1883 Regression since 74423b5df4c8117891eb89 (8.5.0) 1884 1885 Reported-by: iAroc on github 1886 Fixes #12564 1887 Closes #12567 1888 1889zengwei2000 (21 Dec 2023) 1890 1891- altsvc: free 'as' when returning error 1892 1893 Closes #12570 1894 1895 Signed-off-by: zengwei <zengwei1@uniontech.com> 1896 1897Viktor Szakats (20 Dec 2023) 1898 1899- build: fix `-Wconversion`/`-Wsign-conversion` warnings 1900 1901 Fix remaining warnings in examples and tests which are not suppressed 1902 by the pragma in `lib/curl_setup.h`. 1903 1904 Silence a toolchain issue causing warnings in `FD_SET()` calls with 1905 older Cygwin/MSYS2 builds. Likely fixed on 2020-08-03 by: 1906 https://cygwin.com/git/?p=newlib-cygwin.git;a=commitdiff;h=5717262b8ecfed0f7f 1907 ab63e2c09c78991e36f9dd 1908 1909 Follow-up to 2dbe75bd7f3c36837aa06fd87a442bdf3fb7faef #12492 1910 1911 Closes #12557 1912 1913- build: fix some `-Wsign-conversion`/`-Warith-conversion` warnings 1914 1915 - enable `-Wsign-conversion` warnings, but also setting them to not 1916 raise errors. 1917 - fix `-Warith-conversion` warnings seen in CI. 1918 These are triggered by `-Wsign-converion` and causing errors unless 1919 explicitly silenced. It makes more sense to fix them, there just a few 1920 of them. 1921 - fix some `-Wsign-conversion` warnings. 1922 - hide `-Wsign-conversion` warnings with a `#pragma`. 1923 - add macro `CURL_WARN_SIGN_CONVERSION` to unhide them on a per-build 1924 basis. 1925 - update a CI job to unhide them with the above macro: 1926 https://github.com/curl/curl/actions/workflows/linux.yml -> OpenSSL -O3 1927 1928 Closes #12492 1929 1930- cmake: tidy-up `OtherTests.cmake` 1931 1932 - make more obvious which detection uses which prep steps. 1933 - merge and streamline conditions. 1934 - these should not alter detection results. 1935 1936 Also align log output messages from 1937 `Macros.cmake` / `curl_internal_test` with rest of the build. 1938 1939 Closes #12551 1940 1941- appveyor: switch to out-of-tree builds 1942 1943 With cmake and autotools. 1944 1945 Closes #12550 1946 1947Daniel Stenberg (19 Dec 2023) 1948 1949- DEPRECATE.md: mention that NTLM_WB no longer works 1950 1951 Ref: #12479 1952 Closes #12553 1953 1954- CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add 1955 1956 Proposed-by: Yifei Kong 1957 Ref: https://curl.se/mail/lib-2023-11/0023.html 1958 Closes #12369 1959 1960Viktor Szakats (18 Dec 2023) 1961 1962- build: more `-Wformat` fixes 1963 1964 - memdebug: update to not trigger `-Wformat-nonliteral` warnings. 1965 - imap: mark `imap_sendf()` with `CURL_PRINTF()`. 1966 - tool_msgs: mark static function with `CURL_PRINTF()`. 1967 1968 Follow-up to 3829759bd042c03225ae862062560f568ba1a231 #12489 1969 1970 Closes #12540 1971 1972- windows: delete redundant headers 1973 1974 `winsock2.h` pulls in `windows.h`. `ws2tcpip.h` pulls in `winsock2.h`. 1975 `winsock2.h` and `ws2tcpip.h` are also pulled by `curl/curl.h`. 1976 1977 Keep only those headers that are not already included, or the code under 1978 it uses something from that specific header. 1979 1980 Closes #12539 1981 1982- cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE` 1983 1984 Also add missing include to `OtherTests.cmake`. It didn't cause an issue 1985 because the parent already included this earlier by chance. 1986 1987 Closes #12537 1988 1989Daniel Stenberg (18 Dec 2023) 1990 1991- runner.pm: fix perl warning when running tests 1992 1993 Use of uninitialized value $runner::gdbthis in numeric eq (==) at runner. 1994 pm 1995 1996 Follow-up from 3dcf301752a09d9 1997 1998 Closes #12549 1999 2000- runtests: support -gl. Like -g but for lldb. 2001 2002 Follow-up to 63b5748 2003 2004 Invokes the test case via lldb instead of gdb. Since using gdb is such a 2005 pain on mac, using lldb is sometimes less quirky. 2006 2007 Closes #12547 2008 2009- curl.h: add CURLE_TOO_LARGE 2010 2011 A new error code to be used when an internal field grows too large, like 2012 when a dynbuf reaches its maximum. Previously it would return 2013 CURLE_OUT_OF_MEMORY for this, which is highly misleading. 2014 2015 Ref: #12268 2016 Closes #12269 2017 2018- CI/circleci: disable MQTT in the HTTP-only build 2019 2020 And remove the use of configure options that don't actually exist 2021 2022 Closes #12546 2023 2024Yedaya Katsman (18 Dec 2023) 2025 2026- tests: respect $TMPDIR when creating unix domain sockets 2027 2028 When running on termux, where $TMPDIR isn't /tmp, running the tests 2029 failed, since the server config tried creating sockets in /tmp, without 2030 checking the temp dir config. Use the TMPDIR variable that makes it find 2031 the correct directory everywhere [0] 2032 2033 [0] https://perldoc.perl.org/File::Temp#tempfile 2034 2035 Closes #12545 2036 2037Viktor Szakats (17 Dec 2023) 2038 2039- ssh: fix namespace of two local macros 2040 2041 Avoid using the libssh and libssh2 macro namespaces by prefixing 2042 these local macro names with `CURL_`. 2043 2044 Follow-up to 413a0fedd02c8c6df1d294534b8c6e306fcca7a2 #12346 2045 2046 Reviewed-by: Daniel Stenberg 2047 Closes #12544 2048 2049- cmake: whitespace tidy-up in `OtherTests.cmake` 2050 2051 Closes #12538 2052 2053Mark Sinkovics (16 Dec 2023) 2054 2055- cmake: fix generation for system name iOS 2056 2057 This PR fixes a problem that happens during CMake configuration when 2058 the `CMAKE_SYSTEM_NAME` set to `iOS` and not `Darwin`. This value is 2059 available (as far as I remember) version 3.14. The final solution 2060 (thanks to @vszakats) is to use `APPLE` which contains all the Apple 2061 platforms https://cmake.org/cmake/help/latest/variable/APPLE.html. 2062 2063 This issue was found when during vcpkg installation. Running command 2064 `vcpkg install curl:arm64-ios` and `vcpkg install curl:x64-ios` failed 2065 with message: 2066 ``` 2067 CMake Error: try_run() invoked in cross-compiling mode, please set the follow 2068 ing cache variables appropriately: 2069 HAVE_H_ERRNO_ASSIGNABLE_EXITCODE (advanced) 2070 ``` 2071 After this fix, I was able to compile the compile the binary without 2072 any issue. 2073 2074 In addition to that fix, this PR also contains an simplification to 2075 check if the platform is not APPLE. 2076 2077 Co-authored-by: Viktor Szakats 2078 Closes #12515 2079 2080Daniel Stenberg (16 Dec 2023) 2081 2082- RELEASE-NOTES: synced 2083 2084Baruch Siach (16 Dec 2023) 2085 2086- gnutls: fix build with --disable-verbose 2087 2088 infof() parameters must be defined event with --disable-verbose since 2089 commit dac293cfb702 ("lib: apache style infof and trace 2090 macros/functions"). 2091 2092 Move also 'ptr' definition under !CURL_DISABLE_VERBOSE_STRINGS. 2093 2094 Fixes the following build failure: 2095 2096 In file included from ../lib/sendf.h:29, 2097 from vtls/gtls.c:44: 2098 vtls/gtls.c: In function 'Curl_gtls_verifyserver': 2099 vtls/gtls.c:841:34: error: 'version' undeclared (first use in this function); 2100 did you mean 'session'? 2101 841 | gnutls_protocol_get_name(version), ptr); 2102 | ^~~~~~~ 2103 2104 Closes #12505 2105 2106Viktor Szakats (16 Dec 2023) 2107 2108- build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}` 2109 2110 Stop setting `HAVE_GSSHEIMDAL`, `HAVE_GSSMIT` and `HAVE_HEIMDAL`. 2111 There was no place in the build system or source code that used them. 2112 2113 Reviewed-by: Daniel Stenberg 2114 Closes #12506 2115 2116- build: remove redundant `CURL_PULL_*` settings 2117 2118 These macros were not propagated to the source code from CMake. 2119 2120 autotools set only one of them (`CURL_PULL_SYS_POLL_H`), initially to 2121 address an AIX issue [1]. This later broke when introducing `system.h` 2122 [2] without the logic it enabled. A subsequent fix [3] re-added the 2123 logic, and also enabled it for AIX before its use, directly in 2124 `system.h`. 2125 2126 [1] 2012-11-23: 665adcd4b7bcdb7deb638cdc499fbe71f8d777f2 2127 [2] 2017-03-29: 9506d01ee50d5908138ebad0fd9fbd39b66bd64d #1373 2128 [3] 2017-08-25: 8a84fcc4b59e8b78d2acc6febf44a43d6bc81b59 #1828 #1833 2129 2130 Reviewed-by: Daniel Stenberg 2131 Closes #12502 2132 2133- system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers 2134 2135 Align mingw with the other Windows compilers and use the `int` type for 2136 `CURL_TYPEOF_CURL_SOCKLEN_T` (and thus for `curl_socklent_t`). This 2137 makes it unnecessary to make a mingw-specific trick and pull all Windows 2138 headers early just for this type definition. This type is specific to 2139 Windows, not to the compiler. mingw-w64's Windows header maps it to 2140 `int` too. 2141 2142 With this we also delete all remaining uses of `CURL_PULL_WS2TCPIP_H`. 2143 2144 [ The official solution is to use `socklen_t` for all Windows compilers. 2145 In this case we may want to update `curl/curl.h` to pull in Windows 2146 headers before `system.h`. ] 2147 2148 Reviewed-by: Daniel Stenberg 2149 Reviewed-by: Jay Satiro 2150 Closes #12501 2151 2152- windows: simplify detecting and using system headers 2153 2154 - autotools, cmake: assume that if we detect Windows, `windows.h`, 2155 `winsock2.h` and `ws2tcpip.h` do exist. 2156 - lib: fix 3 outlier `#if` conditions to use `USE_WINSOCK` instead of 2157 looking for `winsock2.h`. 2158 - autotools: merge 3 Windows check methods into one. 2159 - move Watt-32 and lwIP socket support to `setup-win32.h` from 2160 `config-win32.h`. It opens up using these with all build tools. Also 2161 merge logic with Windows Sockets. 2162 - fix to assume Windows sockets with the mingw32ce toolchain. 2163 Follow-up to: 2748c64d605b19fb419ae56810ad8da36487a2d4 2164 - cmake: delete unused variable `signature_call_conv` since 2165 eb33ccd5332435fa50f1758e5debb869c6942b7f. 2166 - autotools: simplify `CURL_CHECK_WIN32_LARGEFILE` detection. 2167 - examples/externalsocket: fix header order. 2168 - cmake/OtherTests.cmake: delete Windows-specific `_source_epilogue` 2169 that wasn't used anymore. 2170 - cmake/OtherTests.cmake: set `WIN32_LEAN_AND_MEAN` for test 2171 `SIZEOF_STRUCT_SOCKADDR_STORAGE`. 2172 2173 After this patch curl universally uses `_WIN32` to guard 2174 Windows-specific logic. It guards Windows Sockets-specific logic with 2175 `USE_WINSOCK` (this might need further work). 2176 2177 Reviewed-by: Jay Satiro 2178 Closes #12495 2179 2180- build: enable missing OpenSSF-recommended warnings, with fixes 2181 2182 https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening 2183 -Guide-for-C-and-C++.html 2184 as of 2023-11-29 [1]. 2185 2186 Enable new recommended warnings (except `-Wsign-conversion`): 2187 2188 - enable `-Wformat=2` for clang (in both cmake and autotools). 2189 - add `CURL_PRINTF()` internal attribute and mark functions accepting 2190 printf arguments with it. This is a copy of existing 2191 `CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible 2192 with redefinting the `printf` symbol: 2193 https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94 2194 - fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for 2195 mingw-w64 and enable it on this platform. 2196 - enable `-Wimplicit-fallthrough`. 2197 - enable `-Wtrampolines`. 2198 - add `-Wsign-conversion` commented with a FIXME. 2199 - cmake: enable `-pedantic-errors` the way we do it with autotools. 2200 Follow-up to d5c0351055d5709da8f3e16c91348092fdb481aa #2747 2201 - lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format 2202 checks. Previously it was always disabled due to the internal `printf` 2203 macro. 2204 2205 Fix them: 2206 2207 - fix bug where an `set_ipv6_v6only()` call was missed in builds with 2208 `--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`. 2209 - add internal `FALLTHROUGH()` macro. 2210 - replace obsolete fall-through comments with `FALLTHROUGH()`. 2211 - fix fallthrough markups: Delete redundant ones (showing up as 2212 warnings in most cases). Add missing ones. Fix indentation. 2213 - silence `-Wformat-nonliteral` warnings with llvm/clang. 2214 - fix one `-Wformat-nonliteral` warning. 2215 - fix new `-Wformat` and `-Wformat-security` warnings. 2216 - fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its 2217 definition to `lib/curl_setup.h` allowing use in `tests/server`. 2218 - lib: fix two wrongly passed string arguments in log outputs. 2219 Co-authored-by: Jay Satiro 2220 - fix new `-Wformat` warnings on mingw-w64. 2221 2222 [1] https://github.com/ossf/wg-best-practices-os-developers/blob/56c0fde3895b 2223 fc55c8a973ef49a2572c507b2ae1/docs/Compiler-Hardening-Guides/Compiler-Options- 2224 Hardening-Guide-for-C-and-C%2B%2B.md 2225 2226 Closes #12489 2227 2228- Makefile.mk: drop Windows support 2229 2230 And DLL-support with it. This leaves `Makefile.mk` for MS-DOS and Amiga. 2231 2232 We recommend CMake instead. With unity mode it's much faster, and about 2233 the same without. 2234 2235 Ref: https://github.com/curl/curl/pull/12221#issuecomment-1783761806 2236 Reviewed-by: Daniel Stenberg 2237 Closes #12224 2238 2239Daniel Stenberg (16 Dec 2023) 2240 2241- cmdline-docs: use .IP consistently 2242 2243 Remove use of .TP and some .B. The idea is to reduce nroff syntax as 2244 much as possible and to use it consistently. Ultimately, we should be 2245 able to introduce our own easier-to-use-and-read syntax/formatting and 2246 convert on generation time. 2247 2248 Closes #12535 2249 2250Tatsuhiko Miyagawa (16 Dec 2023) 2251 2252- http: fix off-by-one error in request method length check 2253 2254 It should allow one more byte. 2255 2256 Closes #12534 2257 2258Daniel Stenberg (15 Dec 2023) 2259 2260- curl: show ipfs and ipns as supported "protocols" 2261 2262 They are accepted schemes in URLs passed to curl (the tool, not the 2263 library). 2264 2265 Also makes curl-config show the same list. 2266 2267 Co-Authored-by: Jay Satiro 2268 Reported-by: Chara White 2269 Bug: https://curl.se/mail/archive-2023-12/0026.html 2270 Closes #12508 2271 2272- Revert "urldata: move async resolver state from easy handle to connectdata" 2273 2274 This reverts commit 56a4db2e4e2bcb9a0dcb75b83560a78ef231fcc8 (#12198) 2275 2276 We want the c-ares channel to be held in the easy handle, not per 2277 connection - for performance. 2278 2279 Closes #12524 2280 2281Viktor Szakats (15 Dec 2023) 2282 2283- openssl: re-match LibreSSL deinit with init 2284 2285 Earlier we switched to use modern initialization with LibreSSL v2.7.0 2286 and up, but did not touch deinitialization [1]. Fix it in this patch. 2287 2288 Regression from bec0c5bbf34369920598678161d2df8bea0e243b #11611 2289 2290 [1] https://github.com/curl/curl/pull/11611#issuecomment-1668654014 2291 2292 Reported-by: Mike Hommey 2293 Reviewed-by: Daniel Stenberg 2294 Fixes #12525 2295 Closes #12526 2296 2297Daniel Stenberg (14 Dec 2023) 2298 2299- libssh: supress warnings without version check 2300 2301 Define unconditionally. 2302 2303 Follow-up from d21bd2190c46ad7fa 2304 2305 Closes #12523 2306 2307- hostip: return error immediately when Curl_ip2addr() fails 2308 2309 Closes #12522 2310 2311Theo (14 Dec 2023) 2312 2313- libssh: improve the deprecation warning dismissal 2314 2315 Previous code was compiler dependant, and dismissed all deprecation warnings 2316 indiscriminately. 2317 2318 libssh provides a way to disable the deprecation warnings for libssh only, an 2319 d 2320 naturally this is the preferred way. 2321 2322 This commit uses that, to prevent the erroneous hiding of potential, unrelate 2323 d 2324 deprecation warnings. 2325 2326 Fixes #12519 2327 Closes #12520 2328 2329Daniel Stenberg (14 Dec 2023) 2330 2331- test1474: removed 2332 2333 The test was already somewhat flaky and disabled on several platforms, 2334 and after 1da640abb688 even more unstable. 2335 2336- readwrite_data: loop less 2337 2338 This function is made to loop in order to drain incoming data 2339 faster. Completely removing the loop has a measerably negative impact on 2340 transfer speeds. 2341 2342 Downsides with the looping include 2343 2344 - it might call the progress callback much more seldom. Especially if 2345 the write callback is slow. 2346 2347 - rate limiting becomes less exact 2348 2349 - a single transfer might "starve out" other parallel transfers 2350 2351 - QUIC timers for other connections can't be maintained correctly 2352 2353 The long term fix should be to remove the loop and optimize coming back 2354 to avoid the transfer speed penalty. 2355 2356 This fix lower the max loop count to reduce the starvation problem, and 2357 avoids the loop completely for when rate-limiting is in progress. 2358 2359 Ref: #12488 2360 Ref: https://curl.se/mail/lib-2023-12/0012.html 2361 Closes #12504 2362 2363Stefan Eissing (14 Dec 2023) 2364 2365- lib: eliminate `conn->cselect_bits` 2366 2367 - use `data->state.dselect_bits` everywhere instead 2368 - remove `bool *comeback` parameter as non-zero 2369 `data->state.dselect_bits` will indicate that IO is 2370 incomplete. 2371 2372 Closes #12512 2373 2374- connect: refactor `Curl_timeleft()` 2375 2376 - less local vars, "better" readability 2377 - added documentation 2378 2379 Closes #12518 2380 2381Dmitry Karpov (14 Dec 2023) 2382 2383- cookie: avoid fopen with empty file name 2384 2385 Closes #12514 2386 2387Viktor Szakats (13 Dec 2023) 2388 2389- tests/server: delete workaround for old-mingw 2390 2391 mingw-w64 1.0 comes with w32api v3.12, thus doesn't need this. 2392 2393 Follow-up to 38029101e2d78ba125732b3bab6ec267b80a0e72 #11625 2394 2395 Reviewed-by: Jay Satiro 2396 Closes #12510 2397 2398- cmake: delete obsolete TODOs more [ci skip] 2399 2400 - manual completed: 898b012a9bf388590c4be7f526815b5ab74feca1 #1288 2401 - soname completed: 5de6848f104d7cb0017080e31216265ac19d0dde #10023 2402 - bunch of others that are completed 2403 - `NTLM_WB_ENABLED` is implemented in a basic form, and now also 2404 scheduled for removal, so a TODO at this point isn't useful. 2405 2406 And this 'to-check' item: 2407 2408 Q: "The cmake build selected to run gcc with -fPIC on my box while the 2409 plain configure script did not." 2410 2411 A: With CMake, since 2ebc74c36a19a1700af394c16855ce144d9878e3 #11546 2412 and fc9bfb14520712672b4784e8b48256fb29204011 #11627, we explicitly 2413 enable PIC for libcurl shared lib. Or when building libcurl for 2414 shared and static lib in a single pass. We do this by default for 2415 Windows or when enabled by the user via `SHARE_LIB_OBJECT`. 2416 Otherwise we don't touch this setting. Meaning the default set by 2417 CMake (if any) or the toolchain is used. On Debian Bookworm, this 2418 means that PIC is disabled for static libs by default. Some platforms 2419 (like macOS), has PIC enabled by default. 2420 autotools supports the double-pass mode only, and in that case 2421 CMake seems to match PIC behaviour now (as tested on Linux with gcc.) 2422 2423 Follow-up to 5d5dfdbd1a6c40bd75e982b66f49e1fa3a7eeae7 #12500 2424 2425 Reviewed-by: Jay Satiro 2426 Closes #12509 2427 2428Stefan Eissing (12 Dec 2023) 2429 2430- CLIENT-WRITERS: design and use documentation 2431 2432 Closes #12507 2433 2434Viktor Szakats (12 Dec 2023) 2435 2436- cmake: delete obsolete TODO items [ci skip] 2437 2438 There is always room for improvement, but CMake is up to par now with 2439 autotools, so there is no longer a good reason to keep around these 2440 inline TODO items. 2441 2442 Answering one of questions: 2443 2444 Q: "The gcc command line use neither -g nor any -O options. As a 2445 developer, I also treasure our configure scripts's --enable-debug 2446 option that sets a long range of "picky" compiler options." 2447 2448 A: CMake offers the `CMAKE_BUILD_TYPE` variable to control debug info 2449 and optimization level. E.g.: 2450 - `Release` = `-O3` + no debug info 2451 - `MinSizeRel` = `-Os` + no debug info 2452 - `Debug` = `-O0` + debug info 2453 2454 https://stackoverflow.com/questions/48754619/what-are-cmake-build-type-deb 2455 ug-release-relwithdebinfo-and-minsizerel/59314670#59314670 2456 https://cmake.org/cmake/help/latest/manual/cmake-buildsystem.7.html#defaul 2457 t-and-custom-configurations 2458 2459 For picky warnings we have the `PICKY_COMPILER` options, enabled by 2460 default. 2461 2462 Closes #12500 2463 2464Stefan Eissing (11 Dec 2023) 2465 2466- CONNECTION-FILTERS: update documentation 2467 2468 Closes #12497 2469 2470Daniel Stenberg (11 Dec 2023) 2471 2472- lib: reduce use of strncpy 2473 2474 - bearssl: select cipher without buffer copies 2475 - http_aws_sigv4: avoid strncpy, require exact timestamp length 2476 - http_aws_sigv4: use memcpy isntead of strncpy 2477 - openssl: avoid strncpy calls 2478 - schannel: check for 1.3 algos without buffer copies 2479 - strerror: avoid strncpy calls 2480 - telnet: avoid strncpy, return error on too long inputs 2481 - vtls: avoid strncpy in multissl_version() 2482 2483 Closes #12499 2484 2485- CI/distcheck: run full tests 2486 2487 To be able to detect missing files better, this now runs the full CI 2488 test suite. If done before, it would have detected #12462 before 2489 release. 2490 2491 Closes #12503 2492 2493- docs: clean up Protocols: for cmdline options 2494 2495 ... and some other minor polish. 2496 2497 Closes #12496 2498 2499- cmdline/gen: fix the sorting of the man page options 2500 2501 They were previously sorted based on the file names, which use a .d 2502 extension, making "data" get placed after "data-binary" etc. Making the 2503 sort ignore the extention fixes the ordering. 2504 2505 Reported-by: Boris Verkhovskiy 2506 Bug: https://curl.se/mail/archive-2023-12/0014.html 2507 Closes #12494 2508 2509Daniel Gustafsson (9 Dec 2023) 2510 2511- doh: remove unused local variable 2512 2513 The nurl variable is no longer used during probing following 2514 a refactoring, so remove. 2515 2516 Closes #12491 2517 2518Jay Satiro (8 Dec 2023) 2519 2520- build: fix Windows ADDRESS_FAMILY detection 2521 2522 - Include winsock2.h for Windows ADDRESS_FAMILY detection. 2523 2524 Prior to this change cmake detection didn't work because it included 2525 ws2def.h by itself, which is missing needed types from winsock2.h. 2526 2527 Prior to this change autotools detection didn't work because it did not 2528 include any Windows header. 2529 2530 In both cases libcurl would fall back on unsigned short as the address 2531 family type, which is the same as ADDRESS_FAMILY. 2532 2533 Co-authored-by: Viktor Szakats 2534 2535 Closes https://github.com/curl/curl/pull/12441 2536 2537Daniel Stenberg (8 Dec 2023) 2538 2539- lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding 2540 2541 Since the copy does not stop at a null byte, let's not call it anything 2542 that makes you think it works like the common strndup() function. 2543 2544 Based on feedback from Jay Satiro, Stefan Eissing and Patrick Monnerat 2545 2546 Closes #12490 2547 2548- convsrctest.pl: removed: not used, not shipped in tarballs 2549 2550- tests: rename tests scripts to the test number 2551 2552 It is hard to name the scripts sensibly. Lots of them are similarly 2553 named and the name did not tell which test that used them. 2554 2555 The new approach is rather to name them based on the test number that 2556 runs them. Also helps us see which scripts are for individual tests 2557 rather than for general test infra. 2558 2559 - badsymbols.pl -> test1167.pl 2560 - check-deprecated.pl -> test1222.pl 2561 - check-translatable-options.pl -> test1544.pl 2562 - disable-scan.pl -> test1165.pl 2563 - error-codes.pl -> test1175.pl 2564 - errorcodes.pl -> test1477.pl 2565 - extern-scan.pl -> test1135.pl 2566 - manpage-scan.pl -> test1139.pl 2567 - manpage-syntax.pl -> test1173.pl 2568 - markdown-uppercase.pl -> test1275.pl 2569 - mem-include-scan.pl -> test1132.pl 2570 - nroff-scan.pl -> test1140.pl 2571 - option-check.pl -> test1276.pl 2572 - options-scan.pl -> test971.pl 2573 - symbol-scan.pl -> test1119.pl 2574 - version-scan.pl -> test1177.pl 2575 2576 Closes #12487 2577 2578Michał Antoniak (8 Dec 2023) 2579 2580- sendf: fix compiler warning with CURL_DISABLE_HEADERS_API 2581 2582 fix MSVC warning C4189: 'htype': local variable is initialized but not 2583 referenced - when CURL_DISABLE_HEADERS_API is defined. 2584 2585 Closes #12485 2586 2587Viktor Szakats (8 Dec 2023) 2588 2589- tidy-up: whitespace 2590 2591 Closes #12484 2592 2593Stefan Eissing (7 Dec 2023) 2594 2595- test_02_download: fix paramters to test_02_27 2596 2597 - it is a special client that only ever uses http/2 2598 2599 Closes #12467 2600 2601Michał Antoniak (7 Dec 2023) 2602 2603- vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY 2604 2605 Closes #12459 2606 2607Daniel Stenberg (7 Dec 2023) 2608 2609- lib: strndup/memdup instead of malloc, memcpy and null-terminate 2610 2611 - bufref: use strndup 2612 - cookie: use strndup 2613 - formdata: use strndup 2614 - ftp: use strndup 2615 - gtls: use aprintf instead of malloc + strcpy * 2 2616 - http: use strndup 2617 - mbedtls: use strndup 2618 - md4: use memdup 2619 - ntlm: use memdup 2620 - ntlm_sspi: use strndup 2621 - pingpong: use memdup 2622 - rtsp: use strndup instead of malloc, memcpy and null-terminate 2623 - sectransp: use strndup 2624 - socks_gssapi.c: use memdup 2625 - vtls: use dynbuf instead of malloc, snprintf and memcpy 2626 - vtls: use strdup instead of malloc + memcpy 2627 - wolfssh: use strndup 2628 2629 Closes #12453 2630 2631- strdup: remove the memchr check from Curl_strndup 2632 2633 It makes it possible to clone a binary chunk of data. 2634 2635 Closes #12453 2636 2637- ftp: handle the PORT parsing without allocation 2638 2639 Also reduces amount of *cpy() calls. 2640 2641 Closes #12456 2642 2643- RELEASE-NOTES: synced 2644 2645 Bumped to 8.5.1 2646 2647- url: for disabled protocols, mention if found in redirect 2648 2649 To help users better understand where the URL (and denied scheme) comes 2650 from. Also removed "in libcurl" from the message, since the disabling 2651 can be done by the application. 2652 2653 The error message now says "not supported" or "disabled" depending on 2654 why it was denied: 2655 2656 Protocol "hej" not supported 2657 Protocol "http" disabled 2658 2659 And in redirects: 2660 2661 Protocol "hej" not supported (in redirect) 2662 Protocol "http" disabled (in redirect) 2663 2664 Reported-by: Mauricio Scheffer 2665 Fixes #12465 2666 Closes #12469 2667 2668Stefan Eissing (6 Dec 2023) 2669 2670- sectransp_ make TLSCipherNameForNumber() available in non-verbose config 2671 2672 Reported-by: Cajus Pollmeier 2673 Closes #12476 2674 Fixes #12474 2675 2676YX Hao (6 Dec 2023) 2677 2678- lib: fix variable undeclared error caused by `infof` changes 2679 2680 `--disable-verbose` yields `CURL_DISABLE_VERBOSE_STRINGS` defined. 2681 `infof` isn't `Curl_nop_stmt` anymore: dac293c. 2682 2683 Follow-up to dac293c 2684 2685 Closes #12470 2686 2687Viktor Szakats (6 Dec 2023) 2688 2689- tidy-up: fix yamllint whitespace issues in labeler.yml 2690 2691 Follow-up to bda212911457c6fadfbba50be61afc4ca513fa56 #12466 2692 2693 Reviewed-by: Dan Fandrich 2694 Closes #12475 2695 2696- tidy-up: fix yamllint whitespace issues 2697 2698 Closes #12466 2699 2700Chris Sauer (6 Dec 2023) 2701 2702- cmake: fix typo 2703 2704 Follow-up to aace27b 2705 Closes #12464 2706 2707Daniel Stenberg (6 Dec 2023) 2708 2709- dist: add tests/errorcodes.pl to the tarball 2710 2711 Used by test 1477 2712 2713 Reported-by: Xi Ruoyao 2714 Follow-up to 0ca3a4ec9a7 2715 Fixes #12462 2716 Closes #12463 2717 2718Dan Fandrich (6 Dec 2023) 2719 2720- github/labeler: update a missed key in the v5 upgrade 2721 2722 Follow-up to ce03fe3ba 2723 2724Version 8.5.0 (6 Dec 2023) 2725 2726Daniel Stenberg (6 Dec 2023) 2727 2728- RELEASE-NOTES: synced 2729 2730 The curl 8.5.0 release. 2731 2732Dan Fandrich (5 Dec 2023) 2733 2734- github/labeler: switch from the beta to labeler v5 2735 2736 Some keys were renamed and the dot option was made default. 2737 2738 Closes #12458 2739 2740Daniel Stenberg (5 Dec 2023) 2741 2742- DEPRECATE: remove NTLM_WB in June 2024 2743 2744 Ref: https://curl.se/mail/lib-2023-12/0010.html 2745 2746 Closes #12451 2747 2748Jacob Hoffman-Andrews (4 Dec 2023) 2749 2750- rustls: implement connect_blocking 2751 2752 Closes #11647 2753 2754Daniel Stenberg (4 Dec 2023) 2755 2756- examples/rtsp-options.c: add 2757 2758 Just a bare bones RTSP example using CURLOPT_RTSP_SESSION_ID and 2759 CURLOPT_RTSP_REQUEST set to CURL_RTSPREQ_OPTIONS. 2760 2761 Closes #12452 2762 2763Stefan Eissing (4 Dec 2023) 2764 2765- ngtcp2: ignore errors on unknown streams 2766 2767 - expecially in is_alive checks on connections, we might 2768 see incoming packets on streams already forgotten and closed, 2769 leading to errors reported by nghttp3. Ignore those. 2770 2771 Closes #12449 2772 2773Daniel Stenberg (4 Dec 2023) 2774 2775- docs: make all examples in all libcurl man pages compile 2776 2777 Closes #12448 2778 2779- checksrc.pl: support #line instructions 2780 2781 makes it identify the correct source file and line 2782 2783- GHA/man-examples: verify libcurl man page examples 2784 2785- verify-examples.pl: verify that all man page examples compile clean 2786 2787- RELEASE-NOTES: synced 2788 2789Graham Campbell (2 Dec 2023) 2790 2791- http3: bump ngtcp2 and nghttp3 versions 2792 2793 nghttp3 v1.1.0 2794 ngtcp2 v1.1.0 2795 2796 In docs and CI 2797 2798 Closes #12446 2799 2800- CI/quiche: use `3.1.4+quic` consistently in CI workflows 2801 2802 Closes #12447 2803 2804Viktor Szakats (2 Dec 2023) 2805 2806- test1545: disable deprecation warnings 2807 2808 Fixes: 2809 https://ci.appveyor.com/project/curlorg/curl/builds/48631551/job/bhx74e0i66yr 2810 p6pk#L1205 2811 2812 Same with details: 2813 https://ci.appveyor.com/project/curlorg/curl/builds/48662893/job/ol8a78q9gmil 2814 b6wt#L1263 2815 ``` 2816 tests/libtest/lib1545.c:38:3: error: 'curl_formadd' is deprecated: since 7.56 2817 .0. Use curl_mime_init() [-Werror=deprecated-declarations] 2818 38 | curl_formadd(&m_formpost, &lastptr, CURLFORM_COPYNAME, "file", 2819 | ^~~~~~~~~~~~ 2820 [...] 2821 ``` 2822 2823 Follow-up to 07a3cd83e0456ca17dfd8c3104af7cf45b7a1ff5 #12421 2824 2825 Fixes #12445 2826 Closes #12444 2827 2828Daniel Stenberg (2 Dec 2023) 2829 2830- INSTALL: update list of ports and CPU archs 2831 2832- symbols-in-versions: the CLOSEPOLICY options are deprecated 2833 2834 The were used with the CURLOPT_CLOSEPOLICY option, which *never* worked. 2835 2836z2_ (1 Dec 2023) 2837 2838- build: fix builds that disable protocols but not digest auth 2839 2840 - Build base64 functions if digest auth is not disabled. 2841 2842 Prior to this change if some protocols were disabled but not digest auth 2843 then a build error would occur due to missing base64 functions. 2844 2845 Fixes https://github.com/curl/curl/issues/12440 2846 Closes https://github.com/curl/curl/pull/12442 2847 2848Michał Antoniak (1 Dec 2023) 2849 2850- connect: reduce number of transportation providers 2851 2852 Use only the ones necessary - the ones that are built-in. Saves a few 2853 bytes in the resulting code. 2854 2855 Closes #12438 2856 2857David Benjamin (1 Dec 2023) 2858 2859- vtls: consistently use typedef names for OpenSSL structs 2860 2861 The foo_st names don't appear in OpenSSL public API documentation. The 2862 FOO typedefs are more common. This header was already referencing 2863 SSL_CTX via <openssl/ssl.h>. There is a comment about avoiding 2864 <openssl/x509v3.h>, but OpenSSL actually declares all the typedefs in 2865 <openssl/ossl_typ.h>, which is already included by <openssl/ssl.h> (and 2866 every other OpenSSL header), so just use that. Though I've included it 2867 just to be explicit. 2868 2869 (I'm also fairly sure including <openssl/ssl.h> already triggers the 2870 Schannel conflicts anyway. The comment was probably just out of date.) 2871 2872 Closes #12439 2873 2874Lau (1 Dec 2023) 2875 2876- libcurl-security.3: fix typo 2877 2878 Fixed minimal typo. 2879 2880 Closes #12437 2881 2882Stefan Eissing (1 Dec 2023) 2883 2884- ngtcp2: fix races in stream handling 2885 2886 - fix cases where ngtcp2 invokes callbacks on streams that 2887 nghttp3 has already forgotten. Ignore the NGHTTP3_ERR_STREAM_NOT_FOUND 2888 in these cases as it is normal behaviour. 2889 2890 Closes #12435 2891 2892Emanuele Torre (1 Dec 2023) 2893 2894- tool_writeout_json: fix JSON encoding of non-ascii bytes 2895 2896 char variables if unspecified can be either signed or unsigned depending 2897 on the platform according to the C standard; in most platforms, they are 2898 signed. 2899 2900 This meant that the *i<32 waas always true for bytes with the top bit 2901 set. So they were always getting encoded as \uXXXX, and then since they 2902 were also signed negative, they were getting extended with 1s causing 2903 '\xe2' to be expanded to \uffffffe2, for example: 2904 2905 $ curl --variable 'v=“' --expand-write-out '{{v:json}}\n' file:///dev/nul 2906 l 2907 \uffffffe2\uffffff80\uffffff9c 2908 2909 I fixed this bug by making the code use explicitly unsigned char* 2910 variables instead of char* variables. 2911 2912 Test 268 verifies 2913 2914 Reported-by: iconoclasthero 2915 Closes #12434 2916 2917Stefan Eissing (1 Dec 2023) 2918 2919- cf-socket: TCP trace output local address used in connect 2920 2921 Closes #12427 2922 2923Jay Satiro (1 Dec 2023) 2924 2925- CURLINFO_PRETRANSFER_TIME_T.3: fix time explanation 2926 2927 - Change CURLINFO_PRETRANSFER_TIME_T explanation to say that it 2928 includes protocol-specific instructions that trigger a transfer. 2929 2930 Prior to this change it explicitly said that it did not include those 2931 instructions in the time, but that is incorrect. 2932 2933 The change is a copy of the fixed explanation already in 2934 CURLINFO_PRETRANSFER_TIME, fixed by ec8dcd7b. 2935 2936 Reported-by: eeverettrbx@users.noreply.github.com 2937 2938 Fixes https://github.com/curl/curl/issues/12431 2939 Closes https://github.com/curl/curl/pull/12432 2940 2941Daniel Stenberg (30 Nov 2023) 2942 2943- multi: during ratelimit multi_getsock should return no sockets 2944 2945 ... as there is nothing to wait for then, it just waits. Otherwise, this 2946 causes much more CPU work and updates than necessary during ratelimit 2947 periods. 2948 2949 Ref: https://curl.se/mail/lib-2023-11/0056.html 2950 Closes #12430 2951 2952Dmitry Karpov (30 Nov 2023) 2953 2954- transfer: abort pause send when connection is marked for closing 2955 2956 This handles cases of some bi-directional "upgrade" scenarios 2957 (i.e. WebSockets) where sending is paused until some "upgrade" handshake 2958 is completed, but server rejects the handshake and closes the 2959 connection. 2960 2961 Closes #12428 2962 2963Daniel Stenberg (28 Nov 2023) 2964 2965- RELEASE-NOTES: synced 2966 2967- openssl: when a session-ID is reused, skip OCSP stapling 2968 2969 Fixes #12399 2970 Reported-by: Alexey Larikov 2971 Closes #12418 2972 2973- test1545: test doing curl_formadd twice with missing file 2974 2975 Reproduces #12410 2976 Verifies the fix 2977 Closes #12421 2978 2979- Curl_http_body: cleanup properly when Curl_getformdata errors 2980 2981 Reported-by: yushicheng7788 on github 2982 Based-on-work-by: yushicheng7788 on github 2983 Fixes #12410 2984 Closes #12421 2985 2986- test1477: verify that libcurl-errors.3 and public headers are synced 2987 2988 The script errorcodes.pl extracts all error codes from all headers and 2989 checks that they are all documented, then checks that all documented 2990 error codes are also specified in a header file. 2991 2992 Closes #12424 2993 2994- libcurl-errors.3: sync with current public headers 2995 2996 Closes #12424 2997 2998Stefan Eissing (28 Nov 2023) 2999 3000- test459: fix for parallel runs 3001 3002 - change warniing message to work better with varying filename 3003 length. 3004 - adapt test output check to new formatting 3005 3006 Follow-up to 97ccc4479f77ba3191c6 3007 Closes #12423 3008 3009Daniel Stenberg (27 Nov 2023) 3010 3011- tool_cb_prg: make the carriage return fit for wide progress bars 3012 3013 When the progress bar was made max width (256 columns), the fly() 3014 function attempted to generate its output buffer too long so that the 3015 trailing carriage return would not fit and then the output would show 3016 wrongly. The fly function is called when the expected total transfer is 3017 unknown, which could be one or more progress calls before the actual 3018 progress meter get shown when the expected transfer size is provided. 3019 3020 This new take also replaces the msnprintf() call with a much simpler 3021 memset() for speed. 3022 3023 Reported-by: Tim Hill 3024 Fixes #12407 3025 Closes #12415 3026 3027- tool_parsecfg: make warning output propose double-quoting 3028 3029 When the config file parser detects a word that *probably* should be 3030 quoted, mention double-quotes as a possible remedy. 3031 3032 Test 459 verifies. 3033 3034 Proposed-by: Jiehong on github 3035 Fixes #12409 3036 Closes #12412 3037 3038Jay Satiro (26 Nov 2023) 3039 3040- curl.rc: switch out the copyright symbol for plain ASCII 3041 3042 .. like we already do for libcurl.rc. 3043 3044 libcurl.rc copyright symbol used to cause a "non-ascii 8-bit codepoint" 3045 warning so it was switched to ascii. 3046 3047 Ref: https://github.com/curl/curl/commit/1ca62bb5#commitcomment-133474972 3048 3049 Suggested-by: Robert Southee 3050 3051 Closes https://github.com/curl/curl/pull/12403 3052 3053Daniel Stenberg (26 Nov 2023) 3054 3055- conncache: use the closure handle when disconnecting surplus connections 3056 3057 Use the closure handle for disconnecting connection cache entries so 3058 that anything that happens during the disconnect is not stored and 3059 associated with the 'data' handle which already just finished a transfer 3060 and it is important that details from the unrelated disconnect does not 3061 taint meta-data in the data handle. 3062 3063 Like storing the response code. 3064 3065 This also adjust test 1506. Unfortunately it also removes a key part of 3066 the test that verifies that a connection is closed since when this 3067 output vanishes (because the closure handle is used), we don't know 3068 exactly that the connection actually gets closed in this test... 3069 3070 Reported-by: ohyeaah on github 3071 Fixes #12367 3072 Closes #12405 3073 3074- RELEASE-NOTES: synced 3075 3076Stefan Eissing (24 Nov 2023) 3077 3078- quic: make eyeballers connect retries stop at weird replies 3079 3080 - when a connect immediately goes into DRAINING state, do 3081 not attempt retries in the QUIC connection filter. Instead, 3082 return CURLE_WEIRD_SERVER_REPLY 3083 - When eyeballing, interpret CURLE_WEIRD_SERVER_REPLY as an 3084 inconclusive answer. When all addresses have been attempted, 3085 rewind the address list once on an inconclusive answer. 3086 - refs #11832 where connects were retried indefinitely until 3087 the overall timeout fired 3088 3089 Closes #12400 3090 3091Daniel Stenberg (24 Nov 2023) 3092 3093- CI: verify libcurl function SYNPOSIS sections 3094 3095 With the .github/scripits/verify-synopsis.pl script 3096 3097 Closes #12402 3098 3099- docs/libcurl: SYNSOPSIS cleanup 3100 3101 - use the correct include file 3102 - make sure they are declared as in the header file 3103 - fix minor nroff syntax mistakes (missing .fi) 3104 3105 These are verified by verify-synopsis.pl, which extracts the SYNPOSIS 3106 code and runs it through gcc. 3107 3108 Closes #12402 3109 3110- sendf: fix comment typo 3111 3112- fopen: allocate the dir after fopen 3113 3114 Move the allocation of the directory name down to after the fopen() call 3115 to allow that shortcut code path to avoid a superfluous malloc+free 3116 cycle. 3117 3118 Follow-up to 73b65e94f35311 3119 3120 Closes #12398 3121 3122Stefan Eissing (24 Nov 2023) 3123 3124- transfer: cleanup done+excess handling 3125 3126 - add `SingleRequest->download_done` as indicator that 3127 all download bytes have been received 3128 - remove `stop_reading` bool from readwrite functions 3129 - move excess body handling into client download writer 3130 3131 Closes #12371 3132 3133Daniel Stenberg (23 Nov 2023) 3134 3135- fopen: create new file using old file's mode 3136 3137 Because the function renames the temp file to the target name as a last 3138 step, if the file was previously owned by a different user, not ORing 3139 the old mode could otherwise end up creating a file that was no longer 3140 readable by the original owner after save. 3141 3142 Reported-by: Loïc Yhuel 3143 Fixes #12299 3144 Closes #12395 3145 3146- test1476: require proxy 3147 3148 Follow-up from 323df4261c3542 3149 3150 Closes #12394 3151 3152- fopen: create short(er) temporary file name 3153 3154 Only using random letters in the name plus a ".tmp" extension. Not by 3155 appending characters to the final file name. 3156 3157 Reported-by: Maksymilian Arciemowicz 3158 3159 Closes #12388 3160 3161Stefan Eissing (23 Nov 2023) 3162 3163- tests: git ignore generated second-hsts.txt file 3164 3165 File is generated in test lib1900 3166 3167 Follow-up to 7cb03229d9e9c5 3168 3169 Closes #12393 3170 3171Viktor Szakats (23 Nov 2023) 3172 3173- openssl: enable `infof_certstack` for 1.1 and LibreSSL 3.6 3174 3175 Lower the barrier to enable `infof_certstack()` from OpenSSL 3 to 3176 OpenSSL 1.1.x, and LibreSSL 3.6 or upper. 3177 3178 With the caveat, that "group name" and "type name" are missing from 3179 the log output with these TLS backends. 3180 3181 Follow-up to b6e6d4ff8f253c8b8055bab9d4d6a10f9be109f3 #12030 3182 3183 Reviewed-by: Daniel Stenberg 3184 Closes #12385 3185 3186Daniel Stenberg (23 Nov 2023) 3187 3188- urldata: fix typo in comment 3189 3190- CI: codespell 3191 3192 The list of words to ignore is in the file 3193 .github/scripts/codespell-ignore.txt 3194 3195 Closes #12390 3196 3197- lib: fix comment typos 3198 3199 Five separate ones, found by codespell 3200 3201 Closes #12390 3202 3203- test1476: verify cookie PSL mixed case 3204 3205- cookie: lowercase the domain names before PSL checks 3206 3207 Reported-by: Harry Sintonen 3208 3209 Closes #12387 3210 3211Viktor Szakats (23 Nov 2023) 3212 3213- openssl: fix building with v3 `no-deprecated` + add CI test 3214 3215 - build quictls with `no-deprecated` in CI to have test coverage for 3216 this OpenSSL 3 configuration. 3217 3218 - don't call `OpenSSL_add_all_algorithms()`, `OpenSSL_add_all_digests()`. 3219 The caller code is meant for OpenSSL 3, while these two functions were 3220 only necessary before OpenSSL 1.1.0. They are missing from OpenSSL 3 3221 if built with option `no-deprecated`, causing build errors: 3222 ``` 3223 vtls/openssl.c:4097:3: error: call to undeclared function 'OpenSSL_add_all_ 3224 algorithms'; ISO C99 and later do not support implicit function declaration 3225 s [-Wimplicit-function-declaration] 3226 vtls/openssl.c:4098:3: error: call to undeclared function 'OpenSSL_add_all_ 3227 digests'; ISO C99 and later do not support implicit function declarations [ 3228 -Wimplicit-function-declaration] 3229 ``` 3230 Ref: https://ci.appveyor.com/project/curlorg/curl-for-win/builds/48587418?f 3231 ullLog=true#L7667 3232 3233 Regression from b6e6d4ff8f253c8b8055bab9d4d6a10f9be109f3 #12030 3234 Bug: https://github.com/curl/curl/issues/12380#issuecomment-1822944669 3235 Reviewed-by: Alex Bozarth 3236 3237 - vquic/curl_ngtcp2: fix using `SSL_get_peer_certificate` with 3238 `no-deprecated` quictls 3 builds. 3239 Do it by moving an existing solution for this from `vtls/openssl.c` 3240 to `vtls/openssl.h` and adjusting caller code. 3241 ``` 3242 vquic/curl_ngtcp2.c:1950:19: error: implicit declaration of function 'SSL_g 3243 et_peer_certificate'; did you mean 'SSL_get1_peer_certificate'? [-Wimplicit 3244 -function-declaration] 3245 ``` 3246 Ref: https://github.com/curl/curl/actions/runs/6960723097/job/18940818625#s 3247 tep:24:1178 3248 3249 - curl_ntlm_core: fix `-Wunused-parameter`, `-Wunused-variable` and 3250 `-Wunused-function` when trying to build curl with NTLM enabled but 3251 without the necessary TLS backend (with DES) support. 3252 3253 Closes #12384 3254 3255- curl.h: delete Symbian OS references 3256 3257 curl deprecated Symbian OS in 3d64031fa7a80ac4ae3fd09a5939196268b92f81 3258 via #5989. Delete references to it from public headers, because there 3259 is no fresh release to use those headers with. 3260 3261 Reviewed-by: Dan Fandrich 3262 Reviewed-by: Jay Satiro 3263 Closes #12378 3264 3265- windows: use built-in `_WIN32` macro to detect Windows 3266 3267 Windows compilers define `_WIN32` automatically. Windows SDK headers 3268 or build env defines `WIN32`, or we have to take care of it. The 3269 agreement seems to be that `_WIN32` is the preferred practice here. 3270 Make the source code rely on that to detect we're building for Windows. 3271 3272 Public `curl.h` was using `WIN32`, `__WIN32__` and `CURL_WIN32` for 3273 Windows detection, next to the official `_WIN32`. After this patch it 3274 only uses `_WIN32` for this. Also, make it stop defining `CURL_WIN32`. 3275 3276 There is a slight chance these break compatibility with Windows 3277 compilers that fail to define `_WIN32`. I'm not aware of any obsolete 3278 or modern compiler affected, but in case there is one, one possible 3279 solution is to define this macro manually. 3280 3281 grepping for `WIN32` remains useful to discover Windows-specific code. 3282 3283 Also: 3284 3285 - extend `checksrc` to ensure we're not using `WIN32` anymore. 3286 3287 - apply minor formatting here and there. 3288 3289 - delete unnecessary checks for `!MSDOS` when `_WIN32` is present. 3290 3291 Co-authored-by: Jay Satiro 3292 Reviewed-by: Daniel Stenberg 3293 3294 Closes #12376 3295 3296Stefan Eissing (22 Nov 2023) 3297 3298- url: ConnectionExists revisited 3299 3300 - have common pattern of `if not match, continue` 3301 - revert pages long if()s to return early 3302 - move dead connection check to later since it may 3303 be relatively expensive 3304 - check multiuse also when NOT building with NGHTTP2 3305 - for MULTIUSE bundles, verify that the inspected 3306 connection indeed supports multiplexing when in use 3307 (bundles may contain a mix of connection, afaict) 3308 3309 Closes #12373 3310 3311Daniel Stenberg (22 Nov 2023) 3312 3313- CURLMOPT_MAX_CONCURRENT_STREAMS: make sure the set value is within range 3314 3315 ... or use the default value. 3316 3317 Also clarify the documentation language somewhat. 3318 3319 Closes #12382 3320 3321- urldata: make maxconnects a 32 bit value 3322 3323 "2^32 idle connections ought to be enough for anybody" 3324 3325 Closes #12375 3326 3327- FEATURES: update the URL phrasing 3328 3329 The URL is length limited since a while back so "no limit" simply is not 3330 true anymore. Mention the URL RFC standard used instead. 3331 3332 Closes #12383 3333 3334- wolfssh: remove redundant static prototypes 3335 3336 vssh/wolfssh.c:346:18: error: redundant redeclaration of ‘wscp_recv’ [-We 3337 rror=redundant-decls] 3338 3339 Closes #12381 3340 3341- setopt: remove superfluous use of ternary expressions 3342 3343 Closes #12374 3344 3345- mime: store "form escape" as a single bit 3346 3347 Closes #12374 3348 3349- setopt: check CURLOPT_TFTP_BLKSIZE range on set 3350 3351 ... instead of later when the transfer is about to happen. 3352 3353 Closes #12374 3354 3355Viktor Szakats (21 Nov 2023) 3356 3357- build: add more picky warnings and fix them 3358 3359 Enable more picky compiler warnings. I've found these options in the 3360 nghttp3 project when implementing the CMake quick picky warning 3361 functionality for it [1]. 3362 3363 `-Wunused-macros` was too noisy to keep around, but fixed a few issues 3364 it revealed while testing. 3365 3366 - autotools: reflect the more precisely-versioned clang warnings. 3367 Follow-up to 033f8e2a08eb1d3102f08c4d8c8e85470f8b460e #12324 3368 - autotools: sync between clang and gcc the way we set `no-multichar`. 3369 - autotools: avoid setting `-Wstrict-aliasing=3` twice. 3370 - autotools: disable `-Wmissing-noreturn` for MSYS gcc targets [2]. 3371 It triggers in libtool-generated stub code. 3372 3373 - lib/timeval: delete a redundant `!MSDOS` guard from a `WIN32` branch. 3374 3375 - lib/curl_setup.h: delete duplicate declaration for `fileno`. 3376 Added in initial commit ae1912cb0d494b48d514d937826c9fe83ec96c4d 3377 (1999-12-29). This suggests this may not be needed anymore, but if 3378 it does, we may restore this for those specific (non-Windows) systems. 3379 - lib: delete unused macro `FTP_BUFFER_ALLOCSIZE` since 3380 c1d6fe2aaa5a26e49a69a4f2495b3cc7a24d9394. 3381 - lib: delete unused macro `isxdigit_ascii` since 3382 f65f750742068f579f4ee6d8539ed9d5f0afcb85. 3383 - lib/mqtt: delete unused macro `MQTT_HEADER_LEN`. 3384 - lib/multi: delete unused macro `SH_READ`/`SH_WRITE`. 3385 - lib/hostip: add `noreturn` function attribute via new `CURL_NORETURN` 3386 macro. 3387 - lib/mprintf: delete duplicate declaration for `Curl_dyn_vprintf`. 3388 - lib/rand: fix `-Wunreachable-code` and related fallouts [3]. 3389 - lib/setopt: fix `-Wunreachable-code-break`. 3390 - lib/system_win32 and lib/timeval: fix double declarations for 3391 `Curl_freq` and `Curl_isVistaOrGreater` in CMake UNITY mode [4]. 3392 - lib/warnless: fix double declarations in CMake UNITY mode [5]. 3393 This was due to force-disabling the header guard of `warnless.h` to 3394 to reapply it to source code coming after `warnless.c` in UNITY 3395 builds. This reapplied declarations too, causing the warnings. 3396 Solved by adding a header guard for the lines that actually need 3397 to be reapplied. 3398 - lib/vauth/digest: fix `-Wunreachable-code-break` [6]. 3399 - lib/vssh/libssh2: fix `-Wunreachable-code-break` and delete redundant 3400 block. 3401 - lib/vtls/sectransp: fix `-Wunreachable-code-break` [7]. 3402 - lib/vtls/sectransp: suppress `-Wunreachable-code`. 3403 Detected in `else` branches of dynamic feature checks, with results 3404 known at compile-time, e.g. 3405 ```c 3406 if(SecCertificateCopySubjectSummary) /* -> true */ 3407 ``` 3408 Likely fixable as a separate micro-project, but given SecureTransport 3409 is deprecated anyway, let's just silence these locally. 3410 - src/tool_help: delete duplicate declaration for `helptext`. 3411 - src/tool_xattr: fix `-Wunreachable-code`. 3412 - tests: delete duplicate declaration for `unitfail` [8]. 3413 - tests: delete duplicate declaration for `strncasecompare`. 3414 - tests/libtest: delete duplicate declaration for `gethostname`. 3415 Originally added in 687df5c8c39c370a59999b9afc0917d808d978b7 3416 (2010-08-02). 3417 Got complicated later: c49e9683b85ba9d12cbb6eebc4ab2c8dba68fbdc 3418 If there are still systems around with warnings, we may restore the 3419 prototype, but limited for those systems. 3420 - tests/lib2305: delete duplicate declaration for 3421 `libtest_debug_config`. 3422 - tests/h2-download: fix `-Wunreachable-code-break`. 3423 3424 [1] https://github.com/ngtcp2/nghttp3/blob/a70edb08e954d690e8fb2c1df999b5a056 3425 f8bf9f/cmake/PickyWarningsC.cmake 3426 [2] https://ci.appveyor.com/project/curlorg/curl/builds/48553586/job/3qkgjaui 3427 qla5fj45?fullLog=true#L1675 3428 [3] https://github.com/curl/curl/actions/runs/6880886309/job/18716044703?pr=1 3429 2331#step:7:72 3430 https://github.com/curl/curl/actions/runs/6883016087/job/18722707368?pr=1 3431 2331#step:7:109 3432 [4] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrr 3433 iklpf1ut#L204 3434 [5] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrr 3435 iklpf1ut#L218 3436 [6] https://github.com/curl/curl/actions/runs/6880886309/job/18716042927?pr=1 3437 2331#step:7:290 3438 [7] https://github.com/curl/curl/actions/runs/6891484996/job/18746659406?pr=1 3439 2331#step:9:1193 3440 [8] https://github.com/curl/curl/actions/runs/6882803986/job/18722082562?pr=1 3441 2331#step:33:1870 3442 3443 Closes #12331 3444 3445Daniel Stenberg (21 Nov 2023) 3446 3447- transfer: avoid unreachable expression 3448 3449 If curl_off_t and size_t have the same size (which is common on modern 3450 64 bit systems), a condition cannot occur which Coverity pointed 3451 out. Avoid the warning by having the code conditionally only used if 3452 curl_off_t actually is larger. 3453 3454 Follow-up to 1cd2f0072fa482e25baa2 3455 3456 Closes #12370 3457 3458Stefan Eissing (21 Nov 2023) 3459 3460- transfer: readwrite improvements 3461 3462 - changed header/chunk/handler->readwrite prototypes to accept `buf`, 3463 `blen` and a `pconsumed` pointer. They now get the buffer to work on 3464 and report back how many bytes they consumed 3465 - eliminated `k->str` in SingleRequest 3466 - improved excess data handling to properly calculate with any body data 3467 left in the headerb buffer 3468 - eliminated `k->badheader` enum to only be a bool 3469 3470 Closes #12283 3471 3472Daniel Stenberg (21 Nov 2023) 3473 3474- RELEASE-NOTES: synced 3475 3476Jiří Hruška (21 Nov 2023) 3477 3478- transfer: avoid calling the read callback again after EOF 3479 3480 Regression since 7f43f3dc5994d01b12 (7.84.0) 3481 3482 Bug: https://curl.se/mail/lib-2023-11/0017.html 3483 3484 Closes #12363 3485 3486Daniel Stenberg (21 Nov 2023) 3487 3488- doh: provide better return code for responses w/o addresses 3489 3490 Previously it was wrongly returning CURLE_OUT_OF_MEMORY when the 3491 response did not contain any addresses. Now it more accurately returns 3492 CURLE_COULDNT_RESOLVE_HOST. 3493 3494 Reported-by: lRoccoon on github 3495 3496 Fixes #12365 3497 Closes #12366 3498 3499Stefan Eissing (21 Nov 2023) 3500 3501- HTTP/2, HTTP/3: handle detach of onoing transfers 3502 3503 - refs #12356 where a UAF is reported when closing a connection 3504 with a stream whose easy handle was cleaned up already 3505 - handle DETACH events same as DONE events in h2/h3 filters 3506 3507 Fixes #12356 3508 Reported-by: Paweł Wegner 3509 Closes #12364 3510 3511Viktor Szakats (20 Nov 2023) 3512 3513- autotools: stop setting `-std=gnu89` with `--enable-warnings` 3514 3515 Do not alter the C standard when building with `--enable-warnings` when 3516 building with gcc. 3517 3518 On one hand this alters warning results compared to a default build. 3519 On the other, it may produce different binaries, which is unexpected. 3520 3521 Also fix new warnings that appeared after removing `-std=gnu89`: 3522 3523 - include: fix public curl headers to use the correct printf mask for 3524 `CURL_FORMAT_CURL_OFF_T` and `CURL_FORMAT_CURL_OFF_TU` with mingw-w64 3525 and Visual Studio 2013 and newer. This fixes the printf mask warnings 3526 in examples and tests. E.g. [1] 3527 3528 - conncache: fix printf format string [2]. 3529 3530 - http2: fix potential null pointer dereference [3]. 3531 (seen on Slackware with gcc 11.) 3532 3533 - libssh: fix printf format string in SFTP code [4]. 3534 Also make MSVC builds compatible with old CRT versions. 3535 3536 - libssh2: fix printf format string in SFTP code for MSVC. 3537 Applying the same fix as for libssh above. 3538 3539 - unit1395: fix `argument is null` and related issues [5]: 3540 - stop calling `strcmp()` with NULL to avoid undefined behaviour. 3541 - fix checking results if some of them were NULL. 3542 - do not pass NULL to printf `%s`. 3543 3544 - ci: keep a build job with `-std=gnu89` to continue testing for 3545 C89-compliance. We can apply this to other gcc jobs as needed. 3546 Ref: b23ce2cee7329bbf425f18b49973b7a5f23dfcb4 (2022-09-23) #9542 3547 3548 [1] https://dev.azure.com/daniel0244/curl/_build/results?buildId=18581&view=l 3549 ogs&jobId=ccf9cc6d-2ef1-5cf2-2c09-30f0c14f923b 3550 [2] https://github.com/curl/curl/actions/runs/6896854263/job/18763831142?pr=1 3551 2346#step:6:67 3552 [3] https://github.com/curl/curl/actions/runs/6896854253/job/18763839238?pr=1 3553 2346#step:30:214 3554 [4] https://github.com/curl/curl/actions/runs/6896854253/job/18763838007?pr=1 3555 2346#step:29:895 3556 [5] https://github.com/curl/curl/actions/runs/6896854253/job/18763836775?pr=1 3557 2346#step:33:1689 3558 3559 Closes #12346 3560 3561- autotools: fix/improve gcc and Apple clang version detection 3562 3563 - Before this patch we expected `n.n` `-dumpversion` output, but Ubuntu 3564 may return `n-win32` (also with `-dumpfullversion`). Causing these 3565 errors and failing to enable picky warnings: 3566 ``` 3567 ../configure: line 23845: test: : integer expression expected 3568 ``` 3569 Ref: https://github.com/libssh2/libssh2/actions/runs/6263453828/job/1700789 3570 3718#step:5:143 3571 3572 Fix that by stripping any dash-suffix and handling a dotless (major-only) 3573 version number by assuming `.0` in that case. 3574 3575 `9.3-posix`, `9.3-win32`, `6`, `9.3.0`, `11`, `11.2`, `11.2.0` 3576 Ref: https://github.com/mamedev/mame/pull/9767 3577 3578 - fix Apple clang version detection for releases between 3579 'Apple LLVM version 7.3.0' and 'Apple LLVM version 10.0.1' where the 3580 version was under-detected as 3.7 llvm/clang equivalent. 3581 3582 - fix Apple clang version detection for 'Apple clang version 11.0.0' 3583 and newer where the Apple clang version was detected, instead of its 3584 llvm/clang equivalent. 3585 3586 - display detected clang/gcc/icc compiler version. 3587 3588 Via libssh2: 3589 - https://github.com/libssh2/libssh2/commit/00a3b88c51cdb407fbbb347a2e38c5c7d 3590 89875ad 3591 https://github.com/libssh2/libssh2/pull/1187 3592 - https://github.com/libssh2/libssh2/commit/89ccc83c7da73e7ca3a112e3500081319 3593 42b592e 3594 https://github.com/libssh2/libssh2/pull/1232 3595 3596 Closes #12362 3597 3598- autotools: delete LCC compiler support bits 3599 3600 Follow-up to fd7ef00f4305a2919e6950def1cf83d0110a4acd #12222 3601 3602 Closes #12357 3603 3604- cmake: add test for `DISABLE` options, add `CURL_DISABLE_HEADERS_API` 3605 3606 - tests: verify CMake `DISABLE` options. 3607 3608 Make an exception for 2 CMake-only ones, and one more that's 3609 using a different naming scheme, also in autotools and source. 3610 3611 - cmake: add support for `CURL_DISABLE_HEADERS_API`. 3612 3613 Suggested-by: Daniel Stenberg 3614 Ref: https://github.com/curl/curl/pull/12345#pullrequestreview-1736238641 3615 3616 Closes #12353 3617 3618Jacob Hoffman-Andrews (20 Nov 2023) 3619 3620- hyper: temporarily remove HTTP/2 support 3621 3622 The current design of the Hyper integration requires rebuilding the 3623 Hyper clientconn for each request. However, building the clientconn 3624 requires resending the HTTP/2 connection preface, which is incorrect 3625 from a protocol perspective. That in turn causes servers to send GOAWAY 3626 frames, effectively degrading performance to "no connection reuse" in 3627 the best case. It may also be triggering some bugs where requests get 3628 dropped entirely and reconnects take too long. 3629 3630 This doesn't rule out HTTP/2 support with Hyper, but it may take a 3631 redesign of the Hyper integration in order to make things work. 3632 3633 Closes #12191 3634 3635Jay Satiro (20 Nov 2023) 3636 3637- schannel: fix unused variable warning 3638 3639 Bug: https://github.com/curl/curl/pull/12349#issuecomment-1818000846 3640 Reported-by: Viktor Szakats 3641 3642 Closes https://github.com/curl/curl/pull/12361 3643 3644Daniel Stenberg (19 Nov 2023) 3645 3646- url: find scheme with a "perfect hash" 3647 3648 Instead of a loop to scan over the potentially 30+ scheme names, this 3649 uses a "perfect hash" table. This works fine because the set of schemes 3650 is known and cannot change in a build. The hash algorithm and table size 3651 is made to only make a single scheme index per table entry. 3652 3653 The perfect hash is generated by a separate tool (scripts/schemetable.c) 3654 3655 Closes #12347 3656 3657- scripts: add schemetable.c 3658 3659 This tool generates a scheme-matching table. 3660 3661 It iterates over a number of different initial and shift values in order 3662 to find the hash algorithm that needs the smallest possible table. 3663 3664 The generated hash function, table and table size then needs to be used 3665 by the url.c:Curl_getn_scheme_handler() function. 3666 3667Stefan Eissing (19 Nov 2023) 3668 3669- vtls/vquic, keep peer name information together 3670 3671 - add `struct ssl_peer` to keep hostname, dispname and sni 3672 for a filter 3673 - allocate `sni` for use in VTLS backend 3674 - eliminate `Curl_ssl_snihost()` and its use of the download buffer 3675 - use ssl_peer in SSL and QUIC filters 3676 3677 Closes #12349 3678 3679Viktor Szakats (18 Nov 2023) 3680 3681- build: always revert `#pragma GCC diagnostic` after use 3682 3683 Before this patch some source files were overriding gcc warning options, 3684 but without restoring them at the end of the file. In CMake UNITY builds 3685 these options spilled over to the remainder of the source code, 3686 effecitvely disabling them for a larger portion of the codebase than 3687 intended. 3688 3689 `#pragma clang diagnostic` didn't have such issue in the codebase. 3690 3691 Reviewed-by: Marcel Raad 3692 Closes #12352 3693 3694- tidy-up: casing typos, delete unused Windows version aliases 3695 3696 - cmake: fix casing of `UnixSockets` to match the rest of the codebase. 3697 3698 - curl-compilers.m4: fix casing in a comment. 3699 3700 - setup-win32: delete unused Windows version constant aliases. 3701 3702 Reviewed-by: Marcel Raad 3703 Closes #12351 3704 3705- keylog: disable if unused 3706 3707 Fully disable keylog code if there is no TLS or QUIC subsystem using it. 3708 3709 Closes #12350 3710 3711- cmake: add `CURL_DISABLE_BINDLOCAL` option 3712 3713 To match similar autotools option. 3714 3715 Default is `ON`. 3716 3717 Reviewed-by: Daniel Stenberg 3718 Closes #12345 3719 3720- url: fix `-Wzero-length-array` with no protocols 3721 3722 Fixes: 3723 ``` 3724 ./lib/url.c:178:56: warning: use of an empty initializer is a C2x extension [ 3725 -Wc2x-extensions] 3726 178 | static const struct Curl_handler * const protocols[] = { 3727 | ^ 3728 ./lib/url.c:178:56: warning: zero size arrays are an extension [-Wzero-length 3729 -array] 3730 ``` 3731 3732 Closes #12344 3733 3734- url: fix builds with `CURL_DISABLE_HTTP` 3735 3736 Fixes: 3737 ``` 3738 ./lib/url.c:456:35: error: no member named 'formp' in 'struct UrlState' 3739 456 | Curl_mime_cleanpart(data->state.formp); 3740 | ~~~~~~~~~~~ ^ 3741 ``` 3742 3743 Regression from 74b87a8af13a155c659227f5acfa78243a8b2aa6 #11682 3744 3745 Closes #12343 3746 3747- http: fix `-Wunused-parameter` with no auth and no proxy 3748 3749 ``` 3750 lib/http.c:734:26: warning: unused parameter 'proxy' [-Wunused-parameter] 3751 bool proxy) 3752 ^ 3753 ``` 3754 3755 Reviewed-by: Marcel Raad 3756 Closes #12338 3757 3758Daniel Stenberg (16 Nov 2023) 3759 3760- TODO: Some TLS options are not offered for HTTPS proxies 3761 3762 Closes #12286 3763 Closes #12342 3764 3765- RELEASE-NOTES: synced 3766 3767- duphandle: make dupset() not return with pointers to old alloced data 3768 3769 As the blob pointers are to be duplicated, the function must not return 3770 mid-function with lingering pointers to the old handle's allocated data, 3771 as that would lead to double-free in OOM situations. 3772 3773 Make sure to clear all destination pointers first to avoid this risk. 3774 3775 Closes #12337 3776 3777Viktor Szakats (16 Nov 2023) 3778 3779- http: fix `-Wunused-variable` compiler warning 3780 3781 Fix compiler warnings in builds with disabled auths, NTLM and SPNEGO. 3782 3783 E.g. with `CURL_DISABLE_BASIC_AUTH` + `CURL_DISABLE_BEARER_AUTH` + 3784 `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_NEGOTIATE_AUTH` + 3785 `CURL_DISABLE_NTLM` on non-Windows. 3786 3787 ``` 3788 ./curl/lib/http.c:737:12: warning: unused variable 'result' [-Wunused-variabl 3789 e] 3790 CURLcode result = CURLE_OK; 3791 ^ 3792 ./curl/lib/http.c:995:18: warning: variable 'availp' set but not used [-Wunus 3793 ed-but-set-variable] 3794 unsigned long *availp; 3795 ^ 3796 ./curl/lib/http.c:996:16: warning: variable 'authp' set but not used [-Wunuse 3797 d-but-set-variable] 3798 struct auth *authp; 3799 ^ 3800 ``` 3801 3802 Regression from e92edfbef64448ef461117769881f3ed776dec4e #11490 3803 3804 Fixes #12228 3805 Closes #12335 3806 3807Jay Satiro (16 Nov 2023) 3808 3809- tool: support bold headers in Windows 3810 3811 - If virtual terminal processing is enabled in Windows then use ANSI 3812 escape codes Esc[1m and Esc[22m to turn bold on and off. 3813 3814 Suggested-by: Gisle Vanem 3815 3816 Ref: https://github.com/curl/curl/discussions/11770 3817 3818 Closes https://github.com/curl/curl/pull/12321 3819 3820Viktor Szakats (15 Nov 2023) 3821 3822- build: fix libssh2 + `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_AWS` 3823 3824 Builds with libssh2 + `-DCURL_DISABLE_DIGEST_AUTH=ON` + 3825 `-DCURL_DISABLE_AWS=ON` in combination with either Schannel on Windows, 3826 or `-DCURL_DISABLE_NTLM=ON` on other operating systems failed while 3827 compiling due to a missing HMAC declaration. 3828 3829 The reason is that HMAC is required by `lib/sha256.c` which publishes 3830 `Curl_sha256it()` which is required by `lib/vssh/libssh2.c` when 3831 building for libssh2 v1.8.2 (2019-05-25) or older. 3832 3833 Make sure to compile the HMAC bits for a successful build. 3834 3835 Both HMAC and `Curl_sha256it()` rely on the same internals, so splitting 3836 them into separate sources isn't practical. 3837 3838 Fixes: 3839 ``` 3840 [...] 3841 In file included from ./curl/_x64-win-ucrt-cmake-llvm-bld/lib/CMakeFiles/libc 3842 url_object.dir/Unity/unity_0_c.c:310: 3843 ./curl/lib/sha256.c:527:42: error: array has incomplete element type 'const s 3844 truct HMAC_params' 3845 527 | const struct HMAC_params Curl_HMAC_SHA256[] = { 3846 | ^ 3847 ./curl/lib/curl_sha256.h:34:21: note: forward declaration of 'struct HMAC_par 3848 ams' 3849 [...] 3850 ``` 3851 3852 Regression from e92edfbef64448ef461117769881f3ed776dec4e #11490 3853 3854 Fixes #12273 3855 Closes #12332 3856 3857Daniel Stenberg (15 Nov 2023) 3858 3859- duphandle: also free 'outcurl->cookies' in error path 3860 3861 Fixes memory-leak when OOM mid-function 3862 3863 Use plain free instead of safefree, since the entire struct is 3864 freed below. 3865 3866 Remove some free calls that is already freed in Curl_freeset() 3867 3868 Closes #12329 3869 3870Viktor Szakats (15 Nov 2023) 3871 3872- config-win32: set `HAVE_SNPRINTF` for mingw-w64 3873 3874 It's available in all mingw-w64 releases. We already pre-fill this 3875 detection in CMake. 3876 3877 Closes #12325 3878 3879- sasl: fix `-Wunused-function` compiler warning 3880 3881 In builds with disabled auths. 3882 3883 ``` 3884 lib/curl_sasl.c:266:17: warning: unused function 'get_server_message' [-Wunus 3885 ed-function] 3886 static CURLcode get_server_message(struct SASL *sasl, struct Curl_easy *data, 3887 ^ 3888 1 warning generated. 3889 ``` 3890 Ref: https://github.com/curl/trurl/actions/runs/6871732122/job/18689066151#st 3891 ep:3:3822 3892 3893 Reviewed-by: Daniel Stenberg 3894 Closes #12326 3895 3896- build: picky warning updates 3897 3898 - cmake: sync some picky gcc warnings with autotools. 3899 - cmake, autotools: add `-Wold-style-definition` for clang too. 3900 - cmake: more precise version info for old clang options. 3901 - cmake: use `IN LISTS` syntax in `foreach()`. 3902 3903 Reviewed-by: Daniel Stenberg 3904 Reviewed-by: Marcel Raad 3905 Closes #12324 3906 3907Daniel Stenberg (15 Nov 2023) 3908 3909- urldata: move cookielist from UserDefined to UrlState 3910 3911 1. Because the value is not strictly set with a setopt option. 3912 3913 2. Because otherwise when duping a handle when all the set.* fields are 3914 first copied and an error happens (think out of memory mid-function), 3915 the function would easily free the list *before* it was deep-copied, 3916 which could lead to a double-free. 3917 3918 Closes #12323 3919 3920Viktor Szakats (14 Nov 2023) 3921 3922- autotools: avoid passing `LDFLAGS` twice to libcurl 3923 3924 autotools passes `LDFLAGS` automatically linker commands. curl's 3925 `lib/Makefile.am` customizes libcurl linker flags. In that 3926 customization, it added `LDFLAGS` to the custom flags. This resulted in 3927 passing `LDFLAGS` _twice_ to the `libtool` command. 3928 3929 Most of the time this is benign, but some `LDFLAGS` options can break 3930 the build when passed twice. One such example is passing `.o` files, 3931 e.g. `crt*.o` files necessary when customizing the C runtime, e.g. for 3932 MUSL builds. 3933 3934 Passing them twice resulted in duplicate symbol errors: 3935 ``` 3936 libtool: link: clang-15 --target=aarch64-unknown-linux-musl [...] /usr/lib/a 3937 arch64-linux-musl/crt1.o [...] /usr/lib/aarch64-linux-musl/crt1.o [...] 3938 ld.lld-15: error: duplicate symbol: _start 3939 >>> defined at crt1.c 3940 >>> /usr/lib/aarch64-linux-musl/crt1.o:(.text+0x0) 3941 >>> defined at crt1.c 3942 >>> /usr/lib/aarch64-linux-musl/crt1.o:(.text+0x0) 3943 [...] 3944 clang: error: linker command failed with exit code 1 (use -v to see invocatio 3945 n) 3946 ``` 3947 3948 This behaviour came with commit 1a593191c2769a47b8c3e4d9715ec9f6dddf5e36 3949 (2013-07-23) as a fix for bug https://curl.haxx.se/bug/view.cgi?id=1217. 3950 The patch was a works-for-me hack that ended up merged in curl: 3951 https://sourceforge.net/p/curl/bugs/1217/#06ef 3952 With the root cause remaining unclear. 3953 3954 Perhaps the SUNPro 12 linker was sensitive to `-L` `-l` order, requiring 3955 `-L` first? This would be unusual and suggests a bug in either the 3956 linker or in `libtool`. 3957 3958 The curl build does pass the list of detected libs via its own 3959 `LIBCURL_LIBS` variable, which ends up before `LDFLAGS` on the `libtool` 3960 command line, but it's the job of `libtool` to ensure that even 3961 a peculiar linker gets the options in the expected order. Also because 3962 autotools passes `LDFLAGS` last, making it hardly possible to pass 3963 anything after it. 3964 3965 Perhaps in the 10 years since this issue, this already got a fix 3966 upstream. 3967 3968 This patch deletes `LDFLAGS` from our customized libcurl options, 3969 leaving a single copy of them as passed by autotools automatically. 3970 3971 Reverts 1a593191c2769a47b8c3e4d9715ec9f6dddf5e36 3972 Closes #12310 3973 3974- autotools: accept linker flags via `CURL_LDFLAGS_{LIB,BIN}` 3975 3976 To allow passing `LDFLAGS` specific to libcurl (`CURL_LDFLAGS_LIB`) and 3977 curl tool (`CURL_LDFLAGS_BIN`). 3978 3979 This makes it possible to build libcurl and curl with a single 3980 invocation with lib- and tool-specific custom linker flags. 3981 3982 Such flag can be enabling `.map` files, a `.def` file for libcurl DLL, 3983 controlling static/shared, incl. requesting a static curl tool (with 3984 `-static-libtool-libs`) while building both shared and static libcurl. 3985 3986 curl-for-win uses the above and some more. 3987 3988 These options are already supported in `Makefile.mk`. CMake has built-in 3989 variables for this. 3990 3991 Closes #12312 3992 3993Jay Satiro (14 Nov 2023) 3994 3995- tool_cb_hdr: add an additional parsing check 3996 3997 - Don't dereference the past-the-end element when parsing the server's 3998 Content-disposition header. 3999 4000 As 'p' is advanced it can point to the past-the-end element and prior 4001 to this change 'p' could be dereferenced in that case. 4002 4003 Technically the past-the-end element is not out of bounds because dynbuf 4004 (which manages the header line) automatically adds a null terminator to 4005 every buffer and that is not included in the buffer length passed to 4006 the header callback. 4007 4008 Closes https://github.com/curl/curl/pull/12320 4009 4010Philip Heiduck (14 Nov 2023) 4011 4012- .cirrus.yml: freebsd 14 4013 4014 ensure curl works on latest freebsd version 4015 4016 Closes #12053 4017 4018Daniel Stenberg (13 Nov 2023) 4019 4020- easy: in duphandle, init the cookies for the new handle 4021 4022 ... not the source handle. 4023 4024 Closes #12318 4025 4026- duphandle: use strdup to clone *COPYPOSTFIELDS if size is not set 4027 4028 Previously it would unconditionally use the size, which is set to -1 4029 when strlen is requested. 4030 4031 Updated test 544 to verify. 4032 4033 Closes #12317 4034 4035- RELEASE-NOTES: synced 4036 4037- curl_easy_duphandle.3: clarify how HSTS and alt-svc are duped 4038 4039 Closes #12315 4040 4041- urldata: move hstslist from 'set' to 'state' 4042 4043 To make it work properly with curl_easy_duphandle(). This, because 4044 duphandle duplicates the entire 'UserDefined' struct by plain copy while 4045 'hstslist' is a linked curl_list of file names. This would lead to a 4046 double-free when the second of the two involved easy handles were 4047 closed. 4048 4049 Closes #12315 4050 4051- test1900: verify duphandle with HSTS using multiple files 4052 4053 Closes #12315 4054 4055Goro FUJI (13 Nov 2023) 4056 4057- http: allow longer HTTP/2 request method names 4058 4059 - Increase the maximum request method name length from 11 to 23. 4060 4061 For HTTP/1.1 and earlier there's not a specific limit in libcurl for 4062 method length except that it is limited by the initial HTTP request 4063 limit (DYN_HTTP_REQUEST). Prior to fc2f1e54 HTTP/2 was treated the same 4064 and there was no specific limit. 4065 4066 According to Internet Assigned Numbers Authority (IANA) the longest 4067 registered method is UPDATEREDIRECTREF which is 17 characters. 4068 4069 Also there are unregistered methods used by some companies that are 4070 longer than 11 characters. 4071 4072 The limit was originally added by 61f52a97 but not used until fc2f1e54. 4073 4074 Ref: https://www.iana.org/assignments/http-methods/http-methods.xhtml 4075 4076 Closes https://github.com/curl/curl/pull/12311 4077 4078Jay Satiro (12 Nov 2023) 4079 4080- CURLOPT_CAINFO_BLOB.3: explain what CURL_BLOB_COPY does 4081 4082 - Add an explanation of the CURL_BLOB_COPY flag to CURLOPT_CAINFO_BLOB 4083 and CURLOPT_PROXY_CAINFO_BLOB docs. 4084 4085 All the other _BLOB option docs already have the same explanation. 4086 4087 Closes https://github.com/curl/curl/pull/12277 4088 4089Viktor Szakats (11 Nov 2023) 4090 4091- tidy-up: dedupe Windows system libs in cmake 4092 4093 Reviewed-by: Daniel Stenberg 4094 Closes #12307 4095 4096Junho Choi (11 Nov 2023) 4097 4098- ci: test with latest quiche release (0.19.0) 4099 4100 Closes #12180 4101 4102- quiche: use quiche_conn_peer_transport_params() 4103 4104 In recent quiche, transport parameter API is separated 4105 with quiche_conn_peer_transport_params(). 4106 (https://github.com/cloudflare/quiche/pull/1575) 4107 It breaks with bulding with latest(post 0.18.0) quiche. 4108 4109 Closes #12180 4110 4111Daniel Stenberg (11 Nov 2023) 4112 4113- Makefile: generate the VC 14.20 project files at dist-time 4114 4115 Follow-up to 28287092cc5a6d6ef8 (#12282) 4116 4117 Closes #12290 4118 4119Sam James (11 Nov 2023) 4120 4121- misc: fix -Walloc-size warnings 4122 4123 GCC 14 introduces a new -Walloc-size included in -Wextra which gives: 4124 4125 ``` 4126 src/tool_operate.c: In function ‘add_per_transfer’: 4127 src/tool_operate.c:213:5: warning: allocation of insufficient size ‘1’ fo 4128 r type ‘struct per_transfer’ with size ‘480’ [-Walloc-size] 4129 213 | p = calloc(sizeof(struct per_transfer), 1); 4130 | ^ 4131 src/var.c: In function ‘addvariable’: 4132 src/var.c:361:5: warning: allocation of insufficient size ‘1’ for type � 4133 �struct var’ with size ‘32’ [-Walloc-size] 4134 361 | p = calloc(sizeof(struct var), 1); 4135 | ^ 4136 ``` 4137 4138 The calloc prototype is: 4139 ``` 4140 void *calloc(size_t nmemb, size_t size); 4141 ``` 4142 4143 So, just swap the number of members and size arguments to match the 4144 prototype, as we're initialising 1 struct of size `sizeof(struct 4145 ...)`. GCC then sees we're not doing anything wrong. 4146 4147 Closes #12292 4148 4149Mark Gaiser (11 Nov 2023) 4150 4151- IPFS: bugfixes 4152 4153 - Fixed endianness bug in gateway file parsing 4154 - Use IPFS_PATH in tests where IPFS_DATA was used 4155 - Fixed typos from traling -> trailing 4156 - Fixed broken link in IPFS.md 4157 4158 Follow-up to 859e88f6533f9e 4159 4160 Reported-by: Michael Kaufmann 4161 Bug: https://github.com/curl/curl/pull/12152#issuecomment-1798214137 4162 Closes #12305 4163 4164Daniel Stenberg (11 Nov 2023) 4165 4166- VULN-DISCLOSURE-POLIC: remove broken link to hackerone 4167 4168 It should ideally soon not be done from hackerone anyway 4169 4170 Closes #12308 4171 4172Andrew Kurushin (11 Nov 2023) 4173 4174- schannel: add CA cache support for files and memory blobs 4175 4176 - Support CA bundle and blob caching. 4177 4178 Cache timeout is 24 hours or can be set via CURLOPT_CA_CACHE_TIMEOUT. 4179 4180 Closes https://github.com/curl/curl/pull/12261 4181 4182Daniel Stenberg (10 Nov 2023) 4183 4184- RELEASE-NOTES: synced 4185 4186Charlie C (10 Nov 2023) 4187 4188- cmake: option to disable install & drop `curlu` target when unused 4189 4190 This patch makes the following changes: 4191 - adds the option `CURL_DISABLE_INSTALL` - to disable 'install' targets. 4192 - Removes the target `curlu` when the option `BUILD_TESTING` is set to 4193 `OFF` - to prevent it from being loaded in Visual Studio. 4194 4195 Closes #12287 4196 4197Kai Pastor (10 Nov 2023) 4198 4199- cmake: fix multiple include of CURL package 4200 4201 Fixes errors on second `find_package(CURL)`. This is a frequent case 4202 with transitive dependencies: 4203 ``` 4204 CMake Error at ...: 4205 add_library cannot create ALIAS target "CURL::libcurl" because another 4206 target with the same name already exists. 4207 ``` 4208 4209 Test to reproduce: 4210 ```cmake 4211 cmake_minimum_required(VERSION 3.27) # must be 3.18 or higher 4212 4213 project(curl) 4214 4215 set(CURL_DIR "example/lib/cmake/CURL/") 4216 find_package(CURL CONFIG REQUIRED) 4217 find_package(CURL CONFIG REQUIRED) # fails 4218 4219 add_executable(main main.c) 4220 target_link_libraries(main CURL::libcurl) 4221 ``` 4222 4223 Ref: https://cmake.org/cmake/help/latest/release/3.18.html#other-changes 4224 Ref: https://cmake.org/cmake/help/v3.18/policy/CMP0107.html 4225 Ref: #12300 4226 Assisted-by: Harry Mallon 4227 Closes #11913 4228 4229Viktor Szakats (8 Nov 2023) 4230 4231- tidy-up: use `OPENSSL_VERSION_NUMBER` 4232 4233 Uniformly use `OPENSSL_VERSION_NUMBER` to check for OpenSSL version. 4234 Before this patch some places used `OPENSSL_VERSION_MAJOR`. 4235 4236 Also fix `lib/md4.c`, which included `opensslconf.h`, but that doesn't 4237 define any version number in these implementations: BoringSSL, AWS-LC, 4238 LibreSSL, wolfSSL. (Only in mainline OpenSSL/quictls). Switch that to 4239 `opensslv.h`. This wasn't causing a deeper problem because the code is 4240 looking for v3, which is only provided by OpenSSL/quictls as of now. 4241 4242 According to https://github.com/openssl/openssl/issues/17517, the macro 4243 `OPENSSL_VERSION_NUMBER` is safe to use and not deprecated. 4244 4245 Reviewed-by: Marcel Raad 4246 Closes #12298 4247 4248Daniel Stenberg (8 Nov 2023) 4249 4250- resolve.d: drop a multi use-sentence 4251 4252 Since the `multi:` keyword adds that message. 4253 4254 Reported-by: 積丹尼 Dan Jacobson 4255 Fixes https://github.com/curl/curl/discussions/12294 4256 Closes #12295 4257 4258- content_encoding: make Curl_all_content_encodings allocless 4259 4260 - Fixes a memory leak pointed out by Coverity 4261 - Also found by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail? 4262 id=63947 4263 - Avoids unncessary allocations 4264 4265 Follow-up ad051e1cbec68b2456a22661b 4266 4267 Closes #12289 4268 4269Michael Kaufmann (7 Nov 2023) 4270 4271- vtls: use ALPN "http/1.1" for HTTP/1.x, including HTTP/1.0 4272 4273 Some servers don't support the ALPN protocol "http/1.0" (e.g. IIS 10), 4274 avoid it and use "http/1.1" instead. 4275 4276 This reverts commit df856cb5c9 (#10183). 4277 4278 Fixes #12259 4279 Closes #12285 4280 4281Daniel Stenberg (7 Nov 2023) 4282 4283- Makefile.am: drop vc10, vc11 and vc12 projects from dist 4284 4285 They are end of life products. Support for generating them remain in the 4286 repo for a while but this change drops them from distribution. 4287 4288 Closes #12288 4289 4290David Suter (7 Nov 2023) 4291 4292- projects: add VC14.20 project files 4293 4294 Windows projects included VC14, VC14.10, VC14.30 but not VC14.20. 4295 OpenSSL and Wolf SSL scripts mention VC14.20 so I don't see a reason why 4296 this is missing. Updated the templates to produce a VC14.20 project. 4297 Project opens in Visual Studio 2019 as expected. 4298 4299 Closes #12282 4300 4301Daniel Stenberg (7 Nov 2023) 4302 4303- curl: move IPFS code into src/tool_ipfs.[ch] 4304 4305 - convert ensure_trailing into ensure_trailing_slash 4306 - strdup the URL string to own it proper 4307 - use shorter variable names 4308 - combine some expressions 4309 - simplify error handling in ipfs_gateway() 4310 - add MAX_GATEWAY_URL_LEN + proper bailout if maximum is reached 4311 - ipfs-gateway.d polish and simplification 4312 - shorten ipfs error message + make them "synthetic" 4313 4314 Closes #12281 4315 4316Viktor Szakats (6 Nov 2023) 4317 4318- build: delete support bits for obsolete Windows compilers 4319 4320 - Pelles C: Unclear status, failed to obtain a fresh copy a few months 4321 ago. Possible website is HTTP-only. ~10 years ago I left this compiler 4322 dealing with crashes and other issues with no response on the forum 4323 for years. It has seen some activity in curl back in 2021. 4324 - LCC: Last stable release in September 2002. 4325 - Salford C: Misses winsock2 support, possibly abandoned? Last mentioned 4326 in 2006. 4327 - Borland C++: We dropped Borland C++ support in 2018. 4328 - MS Visual C++ 6.0: Released in 1998. curl already requires VS 2010 4329 (or possibly 2008) as a minimum. 4330 4331 Closes #12222 4332 4333- build: delete `HAVE_STDINT_H` and `HAVE_INTTYPES_H` 4334 4335 We use `stdint.h` unconditionally in all places except one. These uses 4336 are imposed by external dependencies / features. nghttp2, quic, wolfSSL 4337 and `HAVE_MACH_ABSOLUTE_TIME` do require this C99 header. It means that 4338 any of these features make curl require a C99 compiler. (In case of 4339 MSVC, this means Visual Studio 2010 or newer.) 4340 4341 This patch changes the single use of `stdint.h` guarded by 4342 `HAVE_STDINT_H` to use `stdint.h` unconditionally. Also stop using 4343 `inttypes.h` as an alternative there. `HAVE_INTTYPES_H` wasn't used 4344 anywhere else, allowing to delete this feature check as well. 4345 4346 Closes #12275 4347 4348Daniel Stenberg (6 Nov 2023) 4349 4350- tool_operate: do not mix memory models 4351 4352 Make sure 'inputpath' only points to memory allocated by libcurl so that 4353 curl_free works correctly. 4354 4355 Pointed out by Coverity 4356 4357 Follow-up to 859e88f6533f9e1f890 4358 4359 Closes #12280 4360 4361Stefan Eissing (6 Nov 2023) 4362 4363- lib: client writer, part 2, accounting + logging 4364 4365 This PR has these changes: 4366 4367 Renaming of unencode_* to cwriter, e.g. client writers 4368 - documentation of sendf.h functions 4369 - move max decode stack checks back to content_encoding.c 4370 - define writer phase which was used as order before 4371 - introduce phases for monitoring inbetween decode phases 4372 - offering default implementations for init/write/close 4373 4374 Add type paramter to client writer's do_write() 4375 - always pass all writes through the writer stack 4376 - writers who only care about BODY data will pass other writes unchanged 4377 4378 add RAW and PROTOCOL client writers 4379 - RAW used for Curl_debug() logging of CURLINFO_DATA_IN 4380 - PROTOCOL used for updates to data->req.bytecount, max_filesize checks and 4381 Curl_pgrsSetDownloadCounter() 4382 - remove all updates of data->req.bytecount and calls to 4383 Curl_pgrsSetDownloadCounter() and Curl_debug() from other code 4384 - adjust test457 expected output to no longer see the excess write 4385 4386 Closes #12184 4387 4388Daniel Stenberg (6 Nov 2023) 4389 4390- VULN-DISCLOSURE-POLICY: escape sequences are not a security flaw 4391 4392 Closes #12278 4393 4394Viktor Szakats (6 Nov 2023) 4395 4396- rand: fix build error with autotools + LibreSSL 4397 4398 autotools unexpectedly detects `arc4random` because it is also looking 4399 into dependency libs. One dependency, LibreSSL, happens to publish an 4400 `arc4random` function (via its shared lib before v3.7, also via static 4401 lib as of v3.8.2). When trying to use this function in `lib/rand.c`, 4402 its protoype is missing. To fix that, curl included a prototype, but 4403 that used a C99 type without including `stdint.h`, causing: 4404 4405 ``` 4406 ../../lib/rand.c:37:1: error: unknown type name 'uint32_t' 4407 37 | uint32_t arc4random(void); 4408 | ^ 4409 1 error generated. 4410 ``` 4411 4412 This patch improves this by dropping the local prototype and instead 4413 limiting `arc4random` use for non-OpenSSL builds. OpenSSL builds provide 4414 their own random source anyway. 4415 4416 The better fix would be to teach autotools to not link dependency libs 4417 while detecting `arc4random`. 4418 4419 LibreSSL publishing a non-namespaced `arc4random` tracked here: 4420 https://github.com/libressl/portable/issues/928 4421 4422 Regression from 755ddbe901cd0c921fbc3ac5b3775c0dc683bc73 #10672 4423 4424 Reviewed-by: Daniel Stenberg 4425 Fixes #12257 4426 Closes #12274 4427 4428Daniel Stenberg (5 Nov 2023) 4429 4430- RELEASE-NOTES: synced 4431 4432- strdup: do Curl_strndup without strncpy 4433 4434 To avoid (false positive) gcc-13 compiler warnings. 4435 4436 Follow-up to 4855debd8a2c1cb 4437 4438 Assisted-by: Jay Satiro 4439 Reported-by: Viktor Szakats 4440 Fixes #12258 4441 4442Enno Boland (5 Nov 2023) 4443 4444- HTTP: fix empty-body warning 4445 4446 This change fixes a compiler warning with gcc-12.2.0 when 4447 `-DCURL_DISABLE_BEARER_AUTH=ON` is used. 4448 4449 /home/tox/src/curl/lib/http.c: In function 'Curl_http_input_auth': 4450 /home/tox/src/curl/lib/http.c:1147:12: warning: suggest braces around emp 4451 ty body in an 'else' statement [-Wempty-body] 4452 1147 | ; 4453 | ^ 4454 4455 Closes #12262 4456 4457Daniel Stenberg (5 Nov 2023) 4458 4459- openssl: identify the "quictls" backend correctly 4460 4461 Since vanilla OpenSSL does not support the QUIC API I think it helps 4462 users to identify the correct OpenSSL fork in version output. The best 4463 (crude) way to do that right now seems to be to check if ngtcp2 support 4464 is enabled. 4465 4466 Closes #12270 4467 4468Mark Gaiser (5 Nov 2023) 4469 4470- curl: improved IPFS and IPNS URL support 4471 4472 Previously just ipfs://<cid> and ipns://<cid> was supported, which is 4473 too strict for some usecases. 4474 4475 This patch allows paths and query arguments to be used too. 4476 Making this work according to normal http semantics: 4477 4478 ipfs://<cid>/foo/bar?key=val 4479 ipns://<cid>/foo/bar?key=val 4480 4481 The gateway url support is changed. 4482 It now only supports gateways in the form of: 4483 4484 http://<gateway>/foo/bar 4485 http://<gateway> 4486 4487 Query arguments here are explicitly not allowed and trigger an intended 4488 malformed url error. 4489 4490 There also was a crash when IPFS_PATH was set with a non trailing 4491 forward slash. This has been fixed. 4492 4493 Lastly, a load of test cases have been added to verify the above. 4494 4495 Reported-by: Steven Allen 4496 Fixes #12148 4497 Closes #12152 4498 4499Harry Mallon (5 Nov 2023) 4500 4501- docs: KNOWN_BUGS cleanup 4502 4503 * Remove other mention of hyper memory-leaks from `KNOWN_BUGS`. 4504 Should have been removed in 629723ecf22a8eae78d64cceec2f3bdae703ec95 4505 4506 * Remove mention of aws-sigv4 sort query string from `KNOWN_BUGS`. 4507 Fixed in #11806 4508 4509 * Remove mention of aws-sigv4 query empty value problems 4510 4511 * Remove mention of aws-sigv4 missing amz-content-sha256 4512 Fixed in #9995 4513 4514- http_aws_sigv4: canonicalise valueless query params 4515 4516 Fixes #8107 4517 Closes #12244 4518 4519Michael Kaufmann (4 Nov 2023) 4520 4521- docs: preserve the modification date when copying the prebuilt man page 4522 4523 The previously built man page "curl.1" must be copied with the original 4524 modification date, otherwise the man page is never updated. 4525 4526 This fixes a bug that has been introduced with commit 2568441cab. 4527 4528 Reviewed-by: Dan Fandrich 4529 Reviewed-by: Daniel Stenberg 4530 4531 Closes #12199 4532 4533Daniel Stenberg (4 Nov 2023) 4534 4535- docs: remove bold from some man page SYNOPSIS sections 4536 4537 In the name of consistency 4538 4539 Closes #12267 4540 4541- openssl: two multi pointer checks should probably rather be asserts 4542 4543 ... so add the asserts now and consider removing the dynamic checks in a 4544 future. 4545 4546 Ref: #12261 4547 Closes #12264 4548 4549boilingoden (4 Nov 2023) 4550 4551- docs: add supported version for the json write-out 4552 4553 xref: https://curl.se/changes.html#7_70_0 4554 4555 Closes #12266 4556 4557Viktor Szakats (3 Nov 2023) 4558 4559- appveyor: make VS2008-built curl tool runnable 4560 4561 By linking the CRT statically. This avoids the error about missing 4562 runtime DLL `MSVCR90.dll` when running the freshly built `curl.exe`. 4563 4564 Closes #12263 4565 4566Stefan Eissing (3 Nov 2023) 4567 4568- url: proxy ssl connection reuse fix 4569 4570 - tunnel https proxy used for http: transfers does 4571 no check if proxy-ssl configuration matches 4572 - test cases added, test_10_12 fails on 8.4.0 4573 4574 Closes #12255 4575 4576Jay Satiro (3 Nov 2023) 4577 4578- curl_sspi: support more revocation error names in error messages 4579 4580 - Add these revocation errors to sspi error list: 4581 CRYPT_E_NO_REVOCATION_DLL, CRYPT_E_NO_REVOCATION_CHECK, 4582 CRYPT_E_REVOCATION_OFFLINE and CRYPT_E_NOT_IN_REVOCATION_DATABASE. 4583 4584 Prior to this change those error codes were not matched to their macro 4585 name and instead shown as "unknown error". 4586 4587 Before: 4588 4589 schannel: next InitializeSecurityContext failed: 4590 Unknown error (0x80092013) - The revocation function was 4591 unable to check revocation because the revocation server was offline. 4592 4593 After: 4594 4595 schannel: next InitializeSecurityContext failed: 4596 CRYPT_E_REVOCATION_OFFLINE (0x80092013) - The revocation function was 4597 unable to check revocation because the revocation server was offline. 4598 4599 Bug: https://github.com/curl/curl/issues/12239 4600 Reported-by: Niracler Li 4601 4602 Closes https://github.com/curl/curl/pull/12241 4603 4604- strdup: don't allow Curl_strndup to read past a null terminator 4605 4606 - Use malloc + strncpy instead of Curl_memdup to dupe the string before 4607 null terminating it. 4608 4609 Prior to this change if Curl_strndup was passed a length longer than 4610 the allocated string then it could copy out of bounds. 4611 4612 This change is for posterity. Curl_strndup was added in the parent 4613 commit and currently none of the calls to it pass a length that would 4614 cause it to read past the allocated length of the input. 4615 4616 Follow-up to d3b3ba35. 4617 4618 Closes https://github.com/curl/curl/pull/12254 4619 4620Daniel Stenberg (2 Nov 2023) 4621 4622- lib: add and use Curl_strndup() 4623 4624 The Curl_strndup() function is similar to memdup(), but copies 'n' bytes 4625 then adds a terminating null byte ('\0'). 4626 4627 Closes #12251 4628 4629- CURPOST_POSTFIELDS.3: add CURLOPT_COPYPOSTFIELDS in SEE ALSO 4630 4631Stefan Eissing (2 Nov 2023) 4632 4633- pytest: use lower count in repeat tests 4634 4635 - lower large iteration counts in some tests somewhat for 4636 the same coverage with less duration 4637 4638 Closes #12248 4639 4640Daniel Stenberg (2 Nov 2023) 4641 4642- RELEASE-NOTES: synced 4643 4644- docs: clarify that curl passes on input unfiltered 4645 4646 ... for several options. 4647 4648 Reported-by: Ophir Lojkine 4649 4650 Closes #12249 4651 4652- urlapi: when URL encoding the fragment, pass in the right length 4653 4654 A benign bug because it would only add an extra null terminator. 4655 4656 Made lib1560 get a test that runs this code. 4657 4658 Closes #12250 4659 4660Stefan Eissing (2 Nov 2023) 4661 4662- vtls: late clone of connection ssl config 4663 4664 - perform connection cache matching against `data->set.ssl.primary` 4665 and proxy counterpart 4666 - fully clone connection ssl config only when connection is used 4667 4668 Closes #12237 4669 4670- msh3: error when built with CURL_DISABLE_SOCKETPAIR set 4671 4672 Reported-by: Gisle Vanem 4673 Closes #12252 4674 Fixes #12213 4675 4676Daniel Stenberg (2 Nov 2023) 4677 4678- hsts: skip single-dot hostname 4679 4680 Reported-by: Maksymilian Arciemowicz 4681 4682 Closes #12247 4683 4684- vtls: fix build without proxy 4685 4686 Follow-up to bf0e278a3c54bc7fee7360da17c 4687 4688 closes #12243 4689 4690- docs/example/keepalive.c: show TCP keep-alive options 4691 4692 Closes #12242 4693 4694- lib1560: verify appending blank URL encoded query string 4695 4696- urlapi: skip appending NULL pointer query 4697 4698 Reported-by: kirbyn17 on hackerone 4699 4700 Closes #12240 4701 4702- lib1560: verify setting host to "" with and without URL encode 4703 4704- urlapi: avoid null deref if setting blank host to url encode 4705 4706 Reported-by: kirbyn17 on hackerone 4707 4708 Closes #12240 4709 4710- dynbuf: assert for NULL pointer inputs 4711 4712 Help us catch more mistakes. 4713 4714 Closes #12238 4715 4716- HTTP3: ngtcp2 builds are no longer experimental 4717 4718 The other HTTP/3 backends are still experimental. 4719 4720 Closes #12235 4721 4722Stefan Eissing (31 Oct 2023) 4723 4724- vtls: cleanup SSL config management 4725 4726 - remove `Curl_ssl_get_config()`, no longer needed 4727 4728 Closes #12204 4729 4730Daniel Stenberg (31 Oct 2023) 4731 4732- libcurl-thread.3: simplify the TLS section 4733 4734 All TLS libraries curl can use are threadsafe since OpenSSL 1.1.x, August 4735 2016. 4736 4737 Closes #12233 4738 4739- configure: better --disable-http 4740 4741 - disable HTTPS-proxy as well, since it can't work without HTTP 4742 4743 - curl_setup: when HTTP is disabled, also disable all features that are 4744 HTTP-only 4745 4746 - version: HTTPS-proxy only exists if HTTP support exists 4747 4748 Closes #12223 4749 4750- http: consider resume with CURLOPT_FAILONERRROR and 416 to be fine 4751 4752 Finding a 'Content-Range:' in the response changed the handling. 4753 4754 Add test case 1475 to verify -C - with 416 and Content-Range: header, 4755 which is almost exactly like test 194 which instead uses a fixed -C 4756 offset. Adjusted test 194 to also be considered fine. 4757 4758 Fixes #10521 4759 Reported-by: Smackd0wn 4760 Fixes #12174 4761 Reported-by: Anubhav Rai 4762 Closes #12176 4763 4764Stefan Eissing (30 Oct 2023) 4765 4766- GHA: fix checkout of quictls repository to use correct branch name 4767 4768 Follow-up to c868b0e30f10cd0ac7 4769 4770 Closes #12232 4771 4772Daniel Stenberg (30 Oct 2023) 4773 4774- docs/example/localport.c: show off CURLOPT_LOCALPORT 4775 4776 Closes #12230 4777 4778- docs/examples/interface.c: show CURLOPT_INTERFACE use 4779 4780 Although super simple. 4781 4782 Closes #12229 4783 4784Viktor Szakats (30 Oct 2023) 4785 4786- build: fix compiler warning with auths disabled 4787 4788 ``` 4789 ./curl/lib/http.c:979:12: warning: unused function 'is_valid_auth_separator' 4790 [-Wunused-function] 4791 static int is_valid_auth_separator(char ch) 4792 ^ 4793 5 warnings generated. 4794 ``` 4795 4796 Follow-up to e92edfbef64448ef461117769881f3ed776dec4e #11490 4797 4798 Closes #12227 4799 4800- build: require Windows XP or newer 4801 4802 After this patch we assume availability of `getaddrinfo` and 4803 `freeaddrinfo`, first introduced in Windows XP. Meaning curl 4804 now requires building for Windows XP as a minimum. 4805 4806 TODO: assume these also in autotools. 4807 4808 Ref: https://github.com/curl/curl/pull/12221#issuecomment-1783761806 4809 Closes #12225 4810 4811- appveyor: bump one job to OpenSSL 3.1 (was 1.1.1) 4812 4813 Use 3.1 with the modern runner image. 4814 4815 We still use 1.1.1 in 8 jobs. 4816 4817 1.1.1 is EOL since 2023-09-11: 4818 https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/ 4819 4820 Also: 4821 - add missing SSL-backend to job descriptions. 4822 - tidy up CPU in job descriptions. 4823 4824 Closes #12226 4825 4826Daniel Stenberg (30 Oct 2023) 4827 4828- RELEASE-NOTES: synced 4829 4830- GHA: bump ngtcp2, nghttp3, nghttp2 and quictls versions 4831 4832 ngtcp2 1.0.1 4833 nghttp3 1.0.0 4834 nghttp2 1.58.0 4835 quictls 3.1.4+quic 4836 4837 also sync HTTP3.md with these changes 4838 4839 Closes #12132 4840 4841Kareem (29 Oct 2023) 4842 4843- wolfssl: add default case for wolfssl_connect_step1 switch 4844 4845 Closes #12218 4846 4847Jay Satiro (29 Oct 2023) 4848 4849- curl_setup: disallow Windows IPv6 builds missing getaddrinfo 4850 4851 - On Windows if IPv6 is enabled but getaddrinfo is missing then #error 4852 the build. 4853 4854 curl can be built with IPv6 support (ENABLE_IPV6) but without the 4855 ability to resolve hosts to IPv6 addresses (HAVE_GETADDRINFO). On 4856 Windows this is highly unlikely and should be considered a bad build 4857 configuration. 4858 4859 Such a bad configuration has already given us a bug that was hard to 4860 diagnose. See #12134 and #12136 for discussion. 4861 4862 Ref: https://github.com/curl/curl/issues/12134 4863 Ref: https://github.com/curl/curl/pull/12136 4864 4865 Closes https://github.com/curl/curl/pull/12221 4866 4867Nico Rieck (29 Oct 2023) 4868 4869- openssl: make CURLSSLOPT_NATIVE_CA import Windows intermediate CAs 4870 4871 - If CURLSSLOPT_NATIVE_CA on Windows then import from intermediate CA 4872 "CA" store after importing from root CA "ROOT" store. 4873 4874 This change allows curl to work in situations where a server does not 4875 send all intermediate certs and they are present in the "CA" store (the 4876 store with intermediate CAs). This is already allowed by the Schannel 4877 backend. 4878 4879 Also this change makes partial chain verification possible for those 4880 certs since we allow partial chain verification by default for OpenSSL 4881 (unless CURLSSLOPT_NO_PARTIALCHAIN). This is not allowed by the Schannel 4882 backend. 4883 4884 Prior to this change CURLSSLOPT_NATIVE_CA only imported "ROOT" certs. 4885 4886 Fixes https://github.com/curl/curl/issues/12155 4887 Closes https://github.com/curl/curl/pull/12185 4888 4889Viktor Szakats (28 Oct 2023) 4890 4891- Makefile.mk: fix `-rtmp` option for non-Windows [ci skip] 4892 4893Daniel Stenberg (28 Oct 2023) 4894 4895- asyn-ares: handle no connection in the addrinfo callback 4896 4897 To avoid crashing. 4898 4899 Follow-up from 56a4db2 4900 Closes #12219 4901 4902Jay Satiro (28 Oct 2023) 4903 4904- hostip6: fix DEBUG_ADDRINFO builds 4905 4906 - Removed unused and incorrect parameter from dump_addrinfo(). 4907 4908 Bug: https://github.com/curl/curl/commit/56a4db2e#commitcomment-131050442 4909 Reported-by: Gisle Vanem 4910 4911 Closes https://github.com/curl/curl/pull/12212 4912 4913Viktor Szakats (28 Oct 2023) 4914 4915- Makefile.mk: restore `_mingw.h` for default `_WIN32_WINNT` 4916 4917 In 8.4.0 we deleted `_mingw.h` as part of purging old-mingw support. 4918 Turns out `_mingw.h` had the side-effect of setting a default 4919 `_WIN32_WINNT` value expected by `lib/config-win32.h` to enable 4920 `getaddrinfo` support in `Makefile.mk` mingw-w64 builds. This caused 4921 disabling support for this unless specifying the value manually. 4922 4923 Restore this header and update its comment to tell why we continue 4924 to need it. 4925 4926 This triggered a regression in official Windows curl builds starting 4927 with 8.4.0_1. Fixed in 8.4.0_6. (8.5.0 will be using CMake.) 4928 4929 Regression from 38029101e2d78ba125732b3bab6ec267b80a0e72 #11625 4930 4931 Reported-by: zhengqwe on github 4932 Helped-by: Nico Rieck 4933 Fixes #12134 4934 Fixes #12136 4935 Closes #12217 4936 4937- hostip: silence compiler warning `-Wparentheses-equality` 4938 4939 Seen with LLVM 17. 4940 4941 ``` 4942 hostip.c:1336:22: warning: equality comparison with extraneous parentheses [- 4943 Wparentheses-equality] 4944 1336 | (a->ai_family == PF_INET)) { 4945 | ~~~~~~~~~~~~~^~~~~~~~~~ 4946 hostip.c:1336:22: note: remove extraneous parentheses around the comparison t 4947 o silence this warning 4948 1336 | (a->ai_family == PF_INET)) { 4949 | ~ ^ ~ 4950 hostip.c:1336:22: note: use '=' to turn this equality comparison into an assi 4951 gnment 4952 1336 | (a->ai_family == PF_INET)) { 4953 | ^~ 4954 | = 4955 1 warning generated. 4956 ``` 4957 4958 Follow-up to b651aba0962bb31353f55de4dc35f745952a1b10 #12145 4959 4960 Reviewed-by: Daniel Stenberg 4961 Closes #12215 4962 4963Stefan Eissing (27 Oct 2023) 4964 4965- doh: use PIPEWAIT when HTTP/2 is attempted 4966 4967 Closes #12214 4968 4969Daniel Stenberg (27 Oct 2023) 4970 4971- setopt: remove outdated cookie comment 4972 4973 Closes #12206 4974 4975Stefan Eissing (27 Oct 2023) 4976 4977- cfilter: provide call to tell connection to forget a socket 4978 4979 - fixed libssh.c workaround for a socket being closed by 4980 the library 4981 - eliminate the terrible hack in cf-socket.c to guess when 4982 this happened and try not closing the socket again. 4983 - fixes race in eyeballing when socket could have failed to 4984 be closed for a discarded connect attempt 4985 4986 Closes #12207 4987 4988- url: protocol handler lookup tidy-up 4989 4990 - rename lookup to what it does 4991 - use ARRAYSIZE instead of NULL check for end 4992 - offer alternate lookup for 0-terminated strings 4993 4994 Closes #12216 4995 4996Viktor Szakats (27 Oct 2023) 4997 4998- build: variadic macro tidy-ups 4999 5000 - delete unused `HAVE_VARIADIC_MACROS_C99/GCC` feature checks. 5001 (both autotools and CMake.) 5002 - delete duplicate `NULL` check in `Curl_trc_cf_infof()`. 5003 - fix compiler warning in `CURL_DISABLE_VERBOSE_STRINGS` builds. 5004 ``` 5005 ./lib/cf-socket.c:122:41: warning: unused parameter 'data' [-Wunused-parame 5006 ter] 5007 static void nosigpipe(struct Curl_easy *data, 5008 ^ 5009 ``` 5010 - fix `#ifdef` comments in `lib/curl_trc.{c,h}`. 5011 - fix indentation in some `infof()` calls. 5012 5013 Follow-up to dac293cfb7026b1ca4175d88b80f1432d3d3c684 #12167 5014 5015 Cherry-picked from #12105 5016 Closes #12210 5017 5018- cmake: speed up threads setup for Windows 5019 5020 Win32 threads are always available. We enabled them unconditionally 5021 (with `ENABLE_THREADED_RESOLVER`). CMake built-in thread detection 5022 logic has this condition hard-coded for Windows as well (since at least 5023 2007). 5024 5025 Instead of doing all the work of detecting pthread combinations on 5026 Windows, then discarding those results, skip these efforts and assume 5027 built-in thread support when building for Windows. 5028 5029 This saves 1-3 slow CMake configuration steps. 5030 5031 Reviewed-by: Daniel Stenberg 5032 Closes #12202 5033 5034- cmake: speed up zstd detection 5035 5036 Before this patch we detected the presence of a specific zstd API to 5037 see if we can use the library. zstd published that API in its first 5038 stable release: v1.0.0 (2016-08-31). 5039 5040 Replace that method by detecting the zstd library version instead and 5041 accepting if it's v1.0.0 or newer. Also display this detected version 5042 and display a warning if the zstd found is unfit for curl. 5043 5044 We use the same version detection method as zstd itself, via its public 5045 C header. 5046 5047 This deviates from autotools which keeps using the slow method of 5048 looking for the API by building a test program. The outcome is the same 5049 as long as zstd keeps offering this API. 5050 5051 Ref: https://github.com/facebook/zstd/commit/5a0c8e24395079f8e8cdc90aa1659cd5 5052 ab1b7427 (2016-08-12, committed) 5053 Ref: https://github.com/facebook/zstd/releases/tag/v0.8.1 (2016-08-18, first 5054 released) 5055 Ref: https://github.com/facebook/zstd/releases/tag/v1.0.0 5056 5057 Reviewed-by: Daniel Stenberg 5058 Closes #12200 5059 5060Daniel Stenberg (26 Oct 2023) 5061 5062- openssl: fix infof() to avoid compiler warning for %s with null 5063 5064 vtls/openssl.c: In function ‘ossl_connect_step2’: 5065 ../lib/curl_trc.h:120:10: error: ‘%s’ directive argument is null [-Werror 5066 =format-overflow=] 5067 120 | Curl_infof(data, __VA_ARGS__); } while(0) 5068 | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 5069 vtls/openssl.c:4008:5: note: in expansion of macro ‘infof’ 5070 4008 | infof(data, "SSL connection using %s / %s / %s / %s", 5071 | ^~~~~ 5072 vtls/openssl.c:4008:49: note: format string is defined here 5073 4008 | infof(data, "SSL connection using %s / %s / %s / %s", 5074 | ^~ 5075 5076 Follow-up to b6e6d4ff8f253c8b8055bab 5077 Closes #12196 5078 5079Stefan Eissing (26 Oct 2023) 5080 5081- lib: apache style infof and trace macros/functions 5082 5083 - test for a simplified C99 variadic check 5084 - args to infof() in --disable-verbose are no longer disregarded but 5085 must compile. 5086 5087 Closes #12167 5088 Fixes #12083 5089 Fixes #11880 5090 Fixes #11891 5091 5092Daniel Stenberg (26 Oct 2023) 5093 5094- RELEASE-NOTES: synced 5095 5096Stefan Eissing (26 Oct 2023) 5097 5098- urldata: move async resolver state from easy handle to connectdata 5099 5100 - resolving is done for a connection, not for every transfer 5101 - save create/dup/free of a cares channel for each transfer 5102 - check values of setopt calls against a local channel if no 5103 connection has been attached yet, when needed. 5104 5105 Closes #12198 5106 5107Daniel Stenberg (26 Oct 2023) 5108 5109- CURLOPT_WRITEFUNCTION.3: clarify what libcurl returns for CURL_WRITEFUNC_ERRO 5110 R 5111 5112 It returns CURLE_WRITE_ERROR. It was not previously stated clearly. 5113 5114 Reported-by: enWILLYado on github 5115 Fixes #12201 5116 Closes #12203 5117 5118Viktor Szakats (25 Oct 2023) 5119 5120- autotools: update references to deleted `crypt-auth` option 5121 5122 Delete leftovers of the `crypt-auth` `./configure` option and 5123 add the new ones that replaced them. 5124 5125 Follow-up to e92edfbef64448ef461117769881f3ed776dec4e #11490 5126 5127 Reviewed-by: Daniel Stenberg 5128 Closes #12194 5129 5130Stefan Eissing (25 Oct 2023) 5131 5132- lib: introduce struct easy_poll_set for poll information 5133 5134 Connection filter had a `get_select_socks()` method, inspired by the 5135 various `getsocks` functions involved during the lifetime of a 5136 transfer. These, depending on transfer state (CONNECT/DO/DONE/ etc.), 5137 return sockets to monitor and flag if this shall be done for POLLIN 5138 and/or POLLOUT. 5139 5140 Due to this design, sockets and flags could only be added, not 5141 removed. This led to problems in filters like HTTP/2 where flow control 5142 prohibits the sending of data until the peer increases the flow 5143 window. The general transfer loop wants to write, adds POLLOUT, the 5144 socket is writeable but no data can be written. 5145 5146 This leads to cpu busy loops. To prevent that, HTTP/2 did set the 5147 `SEND_HOLD` flag of such a blocked transfer, so the transfer loop cedes 5148 further attempts. This works if only one such filter is involved. If a 5149 HTTP/2 transfer goes through a HTTP/2 proxy, two filters are 5150 setting/clearing this flag and may step on each other's toes. 5151 5152 Connection filters `get_select_socks()` is replaced by 5153 `adjust_pollset()`. They get passed a `struct easy_pollset` that keeps 5154 up to `MAX_SOCKSPEREASYHANDLE` sockets and their `POLLIN|POLLOUT` 5155 flags. This struct is initialized in `multi_getsock()` by calling the 5156 various `getsocks()` implementations based on transfer state, as before. 5157 5158 After protocol handlers/transfer loop have set the sockets and flags 5159 they want, the `easy_pollset` is *always* passed to the filters. Filters 5160 "higher" in the chain are called first, starting at the first 5161 not-yet-connection one. Each filter may add sockets and/or change 5162 flags. When all flags are removed, the socket itself is removed from the 5163 pollset. 5164 5165 Example: 5166 5167 * transfer wants to send, adds POLLOUT 5168 * http/2 filter has a flow control block, removes POLLOUT and adds 5169 POLLIN (it is waiting on a WINDOW_UPDATE from the server) 5170 * TLS filter is connected and changes nothing 5171 * h2-proxy filter also has a flow control block on its tunnel stream, 5172 removes POLLOUT and adds POLLIN also. 5173 * socket filter is connected and changes nothing 5174 * The resulting pollset is then mixed together with all other transfers 5175 and their pollsets, just as before. 5176 5177 Use of `SEND_HOLD` is no longer necessary in the filters. 5178 5179 All filters are adapted for the changed method. The handling in 5180 `multi.c` has been adjusted, but its state handling the the protocol 5181 handlers' `getsocks` method are untouched. 5182 5183 The most affected filters are http/2, ngtcp2, quiche and h2-proxy. TLS 5184 filters needed to be adjusted for the connecting handshake read/write 5185 handling. 5186 5187 No noticeable difference in performance was detected in local scorecard 5188 runs. 5189 5190 Closes #11833 5191 5192Daniel Stenberg (25 Oct 2023) 5193 5194- tests/README: SOCKS tests are not using OpenSSH, it has its own server 5195 5196 Follow-up to 04fd67555cc 5197 5198 Closes #12195 5199 5200Jacob Hoffman-Andrews (25 Oct 2023) 5201 5202- tets: make test documentation more user-friendly 5203 5204 Put the instructions to run tests right at the top of tests/README.md. 5205 5206 Give instructions to read the runtests.1 man page for information 5207 about flags. Delete redundant copy of the flags documentation in the 5208 README. 5209 5210 Add a mention in README.md of the important parallelism flag, to make 5211 test runs go much faster. 5212 5213 Move documentation of output line format into the runtests.1 man page, 5214 and update it with missing flags. 5215 5216 Fix the order of two flags in the man page. 5217 5218 Closes #12193 5219 5220Viktor Szakats (24 Oct 2023) 5221 5222- cmake: pre-fill rest of detection values for Windows 5223 5224 The goal of this patch is to avoid unnecessary feature detection work 5225 when doing Windows builds with CMake. Do this by pre-filling well-known 5226 detection results for Windows and specifically for mingw-w64 and MSVC 5227 compilers. Also limit feature checks to platforms where the results are 5228 actually used. Drop a few redundant ones. And some tidying up. 5229 5230 - pre-fill remaining detection values in Windows CMake builds. 5231 5232 Based on actual detection results observed in CI runs, preceding 5233 similar work over libssh2 and matching up values with 5234 `lib/config-win32.h`. 5235 5236 This brings down CMake configuration time from 58 to 14 seconds on the 5237 same local machine. 5238 5239 On AppVeyor CI this translates to: 5240 - 128 seconds -> 50 seconds VS2022 MSVC with OpenSSL (per CMake job): 5241 https://ci.appveyor.com/project/curlorg/curl/builds/48208419/job/4gw66ecr 5242 jpy7necb#L296 5243 https://ci.appveyor.com/project/curlorg/curl/builds/48217440/job/8m4fwrr2 5244 fe249uo8#L186 5245 - 62 seconds -> 16 seconds VS2017 MINGW (per CMake job): 5246 https://ci.appveyor.com/project/curlorg/curl/builds/48208419/job/s1y8q5iv 5247 lcs7ub29?fullLog=true#L290 5248 https://ci.appveyor.com/project/curlorg/curl/builds/48217440/job/pchpxyjs 5249 yc9kl13a?fullLog=true#L194 5250 5251 The formula is about 1-3 seconds delay for each detection. Almost all 5252 of these trigger a full compile-link cycle behind the scenes, slow 5253 even today, both cross and native, mingw-w64 and apparently MSVC too. 5254 Enabling .map files or other custom build features slows it down 5255 further. (Similar is expected for autotools configure.) 5256 5257 - stop detecting `idn2.h` if idn2 was deselected. 5258 autotools does this. 5259 5260 - stop detecting `idn2.h` if idn2 was not found. 5261 This deviates from autotools. Source code requires both header and 5262 lib, so this is still correct, but faster. 5263 5264 - limit `ADDRESS_FAMILY` detection to Windows. 5265 5266 - normalize `HAVE_WIN32_WINNT` value to lowercase `0x0a12` format. 5267 5268 - pre-fill `HAVE_WIN32_WINNT`-dependent detection results. 5269 Saving 4 (slow) feature-detections in most builds: `getaddrinfo`, 5270 `freeaddrinfo`, `inet_ntop`, `inet_pton` 5271 5272 - fix pre-filled `HAVE_SYS_TIME_H`, `HAVE_SYS_PARAM_H`, 5273 `HAVE_GETTIMEOFDAY` for mingw-w64. 5274 Luckily this do not change build results, as `WIN32` took 5275 priority over `HAVE_GETTIMEOFDAY` with the current source 5276 code. 5277 5278 - limit `HAVE_CLOCK_GETTIME_MONOTONIC_RAW` and 5279 `HAVE_CLOCK_GETTIME_MONOTONIC` detections to non-Windows. 5280 We're not using these in the source code for Windows. 5281 5282 - reduce compiler warning noise in CMake internal logs: 5283 - fix to include `winsock2.h` before `windows.h`. 5284 Apply it to autotools test snippets too. 5285 - delete previous `-D_WINSOCKAPI_=` hack that aimed to fix the above. 5286 - cleanup `CMake/CurlTests.c` to emit less warnings. 5287 5288 - delete redundant `HAVE_MACRO_SIGSETJMP` feature check. 5289 It was the same check as `HAVE_SIGSETJMP`. 5290 5291 - delete 'experimental' marking from `CURL_USE_OPENSSL`. 5292 5293 - show CMake version via `CMakeLists.txt`. 5294 Credit to the `zlib-ng` project for the idea: 5295 https://github.com/zlib-ng/zlib-ng/blob/61e181c8ae93dbf56040336179c9954078b 5296 d1399/CMakeLists.txt#L7 5297 5298 - make `CMake/CurlTests.c` pass `checksrc`. 5299 5300 - `CMake/WindowsCache.cmake` tidy-ups. 5301 5302 - replace `WIN32` guard with `_WIN32` in `CMake/CurlTests.c`. 5303 5304 Closes #12044 5305 5306Jay Satiro (24 Oct 2023) 5307 5308- page-footer: clarify exit code 25 5309 5310 - Clarify that curl tool exit code 25 means an upload failed to start. 5311 5312 Exit code 25 is equivalent to CURLE_UPLOAD_FAILED (25). Prior to this 5313 change the documentation only mentioned the case of FTP STOR failing. 5314 5315 Reported-by: Emanuele Torre 5316 5317 Ref: https://github.com/curl/curl/blob/curl-8_4_0/docs/libcurl/libcurl-errors 5318 .3#L113-L115 5319 5320 Fixes https://github.com/curl/curl/issues/12189 5321 Closes https://github.com/curl/curl/pull/12190 5322 5323Daniel Stenberg (24 Oct 2023) 5324 5325- scripts/cijobs.pl: adjust for appveyor 5326 5327 Follow-up to a1d73a6bb 5328 5329Alex Bozarth (24 Oct 2023) 5330 5331- OpenSSL: Include SIG and KEM algorithms in verbose 5332 5333 Currently the verbose output does not include which algorithms are used 5334 for the signature and key exchange when using OpenSSL. Including the 5335 algorithms used will enable better debugging when working on using new 5336 algorithm implementations. Know what algorithms are used has become more 5337 important with the fast growing research into new quantum-safe 5338 algorithms. 5339 5340 This implementation includes a build time check for the OpenSSL version 5341 to use a new function that will be included in OpenSSL 3.2 that was 5342 introduced in openssl/openssl@6866824 5343 5344 Based-on-patch-by: Martin Schmatz <mrt@zurich.ibm.com> 5345 Closes #12030 5346 5347Daniel Stenberg (23 Oct 2023) 5348 5349- http2: provide an error callback and failf the message 5350 5351 Getting nghttp2's error message helps users understand what's going 5352 on. For example when the connection is brought down due a forbidden 5353 header is used - as that header is then not displayed by curl itself. 5354 5355 Example: 5356 5357 curl: (92) Invalid HTTP header field was received: frame type: 1, 5358 stream: 1, name: [upgrade], value: [h2,h2c] 5359 5360 Ref: #12172 5361 Closes #12179 5362 5363Turiiya (23 Oct 2023) 5364 5365- BINDINGS: add V binding 5366 5367 Closes #12182 5368 5369Daniel Stenberg (22 Oct 2023) 5370 5371- configure: check for the fseeko declaration too 5372 5373 ... and make the code require both symbol and declaration. 5374 5375 This is because for Android, the symbol is always present in the lib at 5376 build-time even when not actually available in run-time. 5377 5378 Assisted-by: Viktor Szakats 5379 Reported-by: 12932 on github 5380 Fixes #12086 5381 Closes #12158 5382 5383Viktor Szakats (22 Oct 2023) 5384 5385- cmake: fix OpenSSL quic detection in quiche builds 5386 5387 An orphan call to `CheckQuicSupportInOpenSSL()` remained after a recent 5388 update when checking QUIC for quiche. Move back QUIC detection to 5389 a function and fixup callers to use that. Also make sure that quiche 5390 gets QUIC from BoringSSL, because it doesn't support other forks at this 5391 time. 5392 5393 Regression from dee310d54261f9a8416e87d50bccfe2cbe404949 #11555 5394 5395 Reported-by: Casey Bodley <cbodley@redhat.com> 5396 Fixes #12160 5397 Closes #12162 5398 5399Daniel Stenberg (22 Oct 2023) 5400 5401- RELEASE-NOTES: synced 5402 5403 bump to 8.5.0 for pending release 5404 5405Dan Fandrich (21 Oct 2023) 5406 5407- test3103: add missing quotes around a test tag attribute 5408 5409Loïc Yhuel (21 Oct 2023) 5410 5411- tool: fix --capath when proxy support is disabled 5412 5413 After 95e8515ca0, --capath always sets CURLOPT_PROXY_CAPATH, which fails 5414 with CURLE_UNKNOWN_OPTION when proxy support is disabled. 5415 5416 Closes #12089 5417 5418Daniel Stenberg (21 Oct 2023) 5419 5420- openldap: move the alloc of ldapconninfo to *connect() 5421 5422 Fixes a minor memory leak on LDAP connection reuse. 5423 5424 Doing the allocation already in *setup_connection() is wrong since that 5425 connect struct might get discarded early when an existing connection is 5426 reused instead. 5427 5428 Closes #12166 5429 5430- openldap: set the callback argument in oldap_do 5431 5432 ... to make sure it has the current 'data' pointer and not a stale old 5433 one. 5434 5435 Reported-by: Dan Fandrich 5436 Closes #12166 5437 5438- gnutls: support CURLSSLOPT_NATIVE_CA 5439 5440 Remove the CURL_CA_FALLBACK logic. That build option was added to allow 5441 primarily OpenSSL to use the default paths for loading the CA certs. For 5442 GnuTLS it was instead made to load the "system certs", which is 5443 different and not desirable. 5444 5445 The native CA store loading is now asked for with this option. 5446 5447 Follow-up to 7b55279d1d856 5448 5449 Co-authored-by: Jay Satiro 5450 5451 Closes #12137 5452 5453Stefan Eissing (21 Oct 2023) 5454 5455- RTSP: improved RTP parser 5456 5457 - fix HTTP header parsing to report incomplete 5458 lines it buffers as consumed! 5459 - re-implement the RTP parser for interleave RTP 5460 messages for robustness. It is now keeping its 5461 state at the connection 5462 - RTSP protocol handler "readwrite" implementation 5463 now tracks if the response is before/in/after 5464 header parsing or "in" a bod by calling 5465 "Curl_http_readwrite_headers()" itself. This 5466 allows it to know when non-RTP bytes are "junk" 5467 or HEADER or BODY. 5468 - tested with #12035 and various small receive 5469 sizes where current master fails 5470 5471 Closes #12052 5472 5473- http2: header conversion tightening 5474 5475 - fold the code to convert dynhds to the nghttp2 structs 5476 into a dynhds internal method 5477 - saves code duplication 5478 - pacifies compiler analyzers 5479 5480 Closes #12097 5481 5482Daniel Stenberg (21 Oct 2023) 5483 5484- curl_ntlm_wb: fix elif typo 5485 5486 Reported-by: Manfred Schwarb 5487 Follow-up to d4314cdf65ae 5488 Bug: https://github.com/curl/curl/commit/d4314cdf65aee295db627016934bd9eb621a 5489 b077#r130551295 5490 5491Dan Fandrich (20 Oct 2023) 5492 5493- test1683: remove commented-out check alternatives 5494 5495 Python precheck/postcheck alternatives were included but commented out. 5496 Since these are not used and perl is guaranteed to be available to run 5497 the perl versions anyway, the Python ones are removed. 5498 5499Daniel Stenberg (20 Oct 2023) 5500 5501- hostip: show the list of IPs when resolving is done 5502 5503 Getting 'curl.se' today then gets this verbose output which might help 5504 debugging connectivity related matters. 5505 5506 * Host curl.se:80 was resolved. 5507 * IPv6: 2a04:4e42::347, 2a04:4e42:200::347, 2a04:4e42:400::347, 5508 2a04:4e42:600::347, 2a04:4e42:800::347, 2a04:4e42:a00::347, 5509 2a04:4e42:c00::347, 2a04:4e42:e00::347 5510 * IPv4: 151.101.193.91, 151.101.1.91, 151.101.65.91, 151.101.129.91 5511 5512 Co-authored-by: Jay Satiro 5513 Closes #12145 5514 5515rilysh (20 Oct 2023) 5516 5517- docs: fix function typo in curl_easy_option_next.3 5518 5519 Closes #12170 5520 5521Daniel Stenberg (20 Oct 2023) 5522 5523- vssh: remove the #ifdef for Curl_ssh_init, use empty macro 5524 5525 In the same style as other init calls 5526 5527- easy: remove duplicate wolfSSH init call 5528 5529 It is already done in Curl_ssh_init() where it belongs. 5530 5531 Closes #12168 5532 5533- socks: make SOCKS5 use the CURLOPT_IPRESOLVE choice 5534 5535 Fixes #11949 5536 Reported-by: Ammar Faizi 5537 Closes #12163 5538 5539- urldata: move the 'internal' boolean to the state struct 5540 5541 ... where all the other state bits for the easy handles live. 5542 5543 Closes #12165 5544 5545- url: don't touch the multi handle when closing internal handles 5546 5547 Reported-by: Maksymilian Arciemowicz 5548 Closes #12165 5549 5550Faraz Fallahi (19 Oct 2023) 5551 5552- getenv: PlayStation doesn't have getenv() 5553 5554 Closes #12140 5555 5556Daniel Stenberg (19 Oct 2023) 5557 5558- transfer: only reset the FTP wildcard engine in CLEAR state 5559 5560 To avoid the state machine to start over and redownload all the files 5561 *again*. 5562 5563 Reported-by: lkordos on github 5564 Regression from 843b3baa3e3cb228 (shipped in 8.1.0) 5565 Bisect-by: Dan Fandrich 5566 Fixes #11775 5567 Closes #12156 5568 5569Stefan Eissing (19 Oct 2023) 5570 5571- GHA: move mod_h2 version in CI to v2.0.25 5572 5573 Closes #12157 5574 5575Daniel Stenberg (19 Oct 2023) 5576 5577- ntlm_wb: use pipe instead of socketpair when possible 5578 5579 Closes #12149 5580 5581- RELEASE-NOTES: synced 5582 5583- asyn-thread: use pipe instead of socketpair for IPC when available 5584 5585 If pipe() is present. Less overhead. 5586 5587 Helped-by: Viktor Szakats 5588 Closes #12146 5589 5590Dan Fandrich (17 Oct 2023) 5591 5592- tests: Fix Windows test helper tool search & use it for handle64 5593 5594 The checkcmd() and checktestcmd() functions would not have worked on 5595 Windows due to hard-coding the UNIX PATH separator character and not 5596 adding .exe file extension. This meant that tools like stunnel, valgrind 5597 and nghttpx would not have been found and used on Windows, and 5598 inspection of previous test runs show none of those being found in pure 5599 Windows CI builds. 5600 5601 With this fixed, they can be used to detect the handle64.exe program 5602 before attempting to use it. When handle64.exe was called 5603 unconditionally without it existing, it caused perl to abort the test 5604 run with the error 5605 5606 The running command stopped because the preference variable 5607 "ErrorActionPreference" or common parameter is set to Stop: 5608 sh: handle64.exe: command not found 5609 5610 Closes #12115 5611 5612Daniel Stenberg (17 Oct 2023) 5613 5614- multi: use pipe instead of socketpair to *wakeup() 5615 5616 If pipe() is present. Less overhead. 5617 5618 Closes #12142 5619 5620Jay Satiro (17 Oct 2023) 5621 5622- build: fix 'threadsafe' feature detection for older gcc 5623 5624 - Add 'threadsafe' to the feature list shown during build if POSIX 5625 threads are being used. 5626 5627 This is a follow-up to 5adb6000 which added support for building a 5628 thread-safe libcurl with older versions of gcc where atomic is not 5629 available but pthread is. 5630 5631 Reported-by: Dan Fandrich 5632 Co-authored-by: Dan Fandrich 5633 5634 Fixes https://github.com/curl/curl/issues/12125 5635 Closes https://github.com/curl/curl/pull/12127 5636 5637Daniel Stenberg (16 Oct 2023) 5638 5639- test729: verify socks4a with excessive proxy user name length 5640 5641- socks: better buffer size checks for socks4a user and hostname 5642 5643 Also limit the proxy user name to 255 bytes, which is the same limit as 5644 in SOCKS5. 5645 5646 Reported-by: sd0 on hackerone 5647 Closes #12139 5648 5649- curl.h: on FreeBSD include sys/param.h instead of osreldate.h 5650 5651 Should things build on Playstation as well 5652 5653 Fixes #12107 5654 Reported-by: Faraz Fallahi 5655 Closes #12123 5656 5657Marcin Rataj (16 Oct 2023) 5658 5659- tool_operate: fix links in ipfs errors 5660 5661 URL fragment links generated from headers in 5662 https://curl.se/docs/ipfs.html are lowercase. 5663 5664 Closes #12133 5665 5666Viktor Szakats (15 Oct 2023) 5667 5668- cmake: replace `check_library_exists_concat()` 5669 5670 The idea of `check_library_exists_concat()` is that it detects an 5671 optional component and adds it to the list of libs that we also use in 5672 subsequent component checks. This caused problems when detecting 5673 components with unnecessary dependencies that were not yet built. 5674 5675 CMake offers the `CMAKE_REQUIRED_LIBRARIES` variable to set libs used 5676 for component checks, which we already use in most cases. That left 4 5677 uses of `check_library_exists_concat()`. Only one of these actually 5678 needed the 'concat' feature (ldap/lber). 5679 5680 Delete this function and replace it with standard 5681 `check_library_exists()` and manual management of our `CURL_LIBS` 5682 list we use when linking build targets. And special logic to handle the 5683 ldap/lber case. 5684 5685 (We have a similar function for headers: `check_include_file_concat()`. 5686 It works, but problematic for performance reasons and because it hides 5687 the actual headers required in `check_symbol_exists()` calls.) 5688 5689 Ref: #11537 #11558 5690 Fixes #11285 5691 Fixes #11648 5692 Closes #12070 5693 5694LoRd_MuldeR (15 Oct 2023) 5695 5696- tool_cb_wrt: fix write output for very old Windows versions 5697 5698 - Pass missing parameter for 'lpNumberOfCharsWritten' to WriteConsoleW() 5699 function. 5700 5701 Apparently this parameter was *not* optional on older Windows versions. 5702 5703 Issue observed on Windows XP SP2. Issue not observed on Windows 7 SP1. 5704 So at some point between those two Microsoft changed the behavior. 5705 5706 Prior to this change, on those versions if parameter is NULL then the 5707 function call fails with error ERROR_INVALID_ACCESS. 5708 5709 Regression since af3f4e41. 5710 5711 Ref: https://github.com/MicrosoftDocs/Console-Docs/issues/299 5712 5713 Fixes https://github.com/curl/curl/issues/12131 5714 Closes https://github.com/curl/curl/pull/12130 5715 5716Jay Satiro (15 Oct 2023) 5717 5718- tool_urlglob: fix build for old gcc versions 5719 5720 - Don't use __builtin_mul_overflow for GCC 4 and earlier. 5721 5722 The function was added in GCC 5. 5723 5724 Ref: https://gcc.gnu.org/gcc-5/changes.html 5725 5726 Reported-by: Dan Fandrich 5727 5728 Fixes https://github.com/curl/curl/issues/12124 5729 Closes https://github.com/curl/curl/pull/12128 5730 5731Carlos Henrique Lima Melara (14 Oct 2023) 5732 5733- docs/libcurl: fix three minor man page format mistakes 5734 5735 Reported-by: Samuel Henrique 5736 5737 Closes https://github.com/curl/curl/pull/12126 5738 5739Jay Satiro (14 Oct 2023) 5740 5741- tests/server: add more SOCKS5 handshake error checking 5742 5743 - Add additional checking for missing and too-short SOCKS5 handshake 5744 messages. 5745 5746 Prior to this change the SOCKS5 test server did not check that all parts 5747 of the handshake were received successfully. If those parts were missing 5748 or too short then the server would access uninitialized memory. 5749 5750 This issue was discovered in CI job 'memory-sanitizer' test results. 5751 Test 2055 was failing due to the SOCKS5 test server not running. It was 5752 not running because either it crashed or memory sanitizer aborted it 5753 during Test 728. Test 728 connects to the SOCKS5 test server on a 5754 redirect but does not send any data on purpose. The test server was not 5755 prepared for that. 5756 5757 Reported-by: Dan Fandrich 5758 5759 Fixes https://github.com/curl/curl/issues/12117 5760 Closes https://github.com/curl/curl/pull/12118 5761 5762Daniel Stenberg (14 Oct 2023) 5763 5764- RELEASE-NOTES: synced 5765 5766Sohom Datta (14 Oct 2023) 5767 5768- tool_getparam: limit --rate to be smaller than number of ms 5769 5770 Currently, curl allows users to specify absurd request rates that might 5771 be higher than the number of milliseconds in the unit (ex: curl --rate 5772 3600050/h http://localhost:8080 does not error out despite there being 5773 only 3600000ms in a hour). 5774 5775 This change adds a conditional check before the millisecond calculation 5776 making sure that the number is not higher than the numerator (the unit) 5777 If the number is higher, curl errors out with PARAM_NUMBER_TOO_LARGE 5778 5779 Closes #12116 5780 5781Daniel Stenberg (14 Oct 2023) 5782 5783- opts: fix two minor man page format mistakes 5784 5785Jay Satiro (14 Oct 2023) 5786 5787- curl_trc: remove a bad assertion 5788 5789 - Remove DEBUGASSERT that an internal handle must not have user 5790 private_data set before calling the user's debug callback. 5791 5792 This is a follow-up to 0dc40b2a. The user can distinguish their easy 5793 handle from an internal easy handle by setting CURLOPT_PRIVATE on their 5794 easy handle. I had wrongly assumed that meant the user couldn't then 5795 set CURLOPT_PRIVATE on an internal handle as well. 5796 5797 Bug: https://github.com/curl/curl/pull/12060#issuecomment-1754594697 5798 Reported-by: Daniel Stenberg 5799 5800 Closes https://github.com/curl/curl/pull/12104 5801 5802Dan Fandrich (13 Oct 2023) 5803 5804- test613: stop showing an error on missing output file 5805 5806 This test would show an error message if the output was missing during 5807 the log post-processing step, but the message was not captured by the 5808 test harness and wasn't useful since the normal golden log file 5809 comparison would the problem more clearly. 5810 5811Stefan Eissing (13 Oct 2023) 5812 5813- quic: manage connection idle timeouts 5814 5815 - configure a 120s idle timeout on our side of the connection 5816 - track the timestamp when actual socket IO happens 5817 - check IO timestamp to our *and* the peer's idle timeouts 5818 in "is this connection alive" checks 5819 5820 Reported-by: calvin2021y on github 5821 Fixes #12064 5822 Closes #12077 5823 5824Dan Fandrich (13 Oct 2023) 5825 5826- CI: ignore test 286 on Appveyor gcc 9 build 5827 5828 This test fails sometimes with a super fast retry loop due to what may 5829 just be a compiler bug. The test results are ignored on the one CI job 5830 where it occurs because there seems to be nothing we can do to fix it. 5831 5832 Fixes #12040 5833 Closes #12106 5834 5835Viktor Szakats (13 Oct 2023) 5836 5837- lib: fix gcc warning in printf call 5838 5839 Do not pass NULL to printf %s. 5840 5841 Seen with gcc 13.2.0 on Debian: 5842 ``` 5843 .../curl/lib/connect.c:696:27: warning: '%s' directive argument is null [-Wfo 5844 rmat-overflow=] 5845 ``` 5846 Ref: https://github.com/curl/curl-for-win/actions/runs/6476161689/job/1758442 5847 6483#step:3:11104 5848 5849 Ref: #10284 5850 Co-authored-by: Jay Satiro 5851 Closes #12082 5852 5853Alex Klyubin (13 Oct 2023) 5854 5855- http2: safer invocation of populate_binsettings 5856 5857 populate_binsettings now returns a negative value on error, instead of a 5858 huge positive value. Both places which call this function have been 5859 updated to handle this change in its contract. 5860 5861 The way populate_binsettings had been used prior to this change the huge 5862 positive values -- due to signed->unsigned conversion of the potentially 5863 negative result of nghttp2_pack_settings_payload which returns negative 5864 values on error -- are not possible. But only because http2.c currently 5865 always provides a large enough output buffer and provides H2 SETTINGS 5866 IVs which pass the verification logic inside nghttp2. If the 5867 verification logic were to change or if http2.c started passing in more 5868 IVs without increasing the output buffer size, the overflow could become 5869 reachable, and libcurl/curl might start leaking memory contents to 5870 servers/proxies... 5871 5872 Closes #12101 5873 5874Daniel Stenberg (13 Oct 2023) 5875 5876- openssl: avoid BN_num_bits() NULL pointer derefs 5877 5878 Reported-by: icy17 on github 5879 Fixes #12099 5880 Closes #12100 5881 5882- wolfssl: require WOLFSSL_SYS_CA_CERTS for loading system CA 5883 5884 This define is set in wolfssl's options.h file when this function and 5885 feature is present. Handles both builds with the feature explicitly 5886 disabled and wolfSSL versions before 5.5.2 - which introduced this API 5887 call. 5888 5889 Closes #12108 5890 5891- tool_urlglob: make multiply() bail out on negative values 5892 5893 - Does not work correctly with negative values 5894 - use __builtin_mul_overflow() on gcc 5895 5896 Reported-by: Torben Dury 5897 Closes #12102 5898 5899Loïc Yhuel (13 Oct 2023) 5900 5901- cmake: fix CURL_DISABLE_GETOPTIONS 5902 5903 - Add CURL_DISABLE_GETOPTIONS to curl_config.h.cmake. 5904 5905 Prior to this change the option had no effect because it was missing 5906 from that file. 5907 5908 Closes https://github.com/curl/curl/pull/12091 5909 5910- easy_lock: add a pthread_mutex_t fallback 5911 5912 This allows to keep the init threadsafe with gcc < 4.9.0 (no C11 5913 atomics). 5914 5915 Closes https://github.com/curl/curl/pull/12090 5916 5917Viktor Szakats (12 Oct 2023) 5918 5919- CI: add autotools, out-of-tree, debug build to distro check job 5920 5921 Add a job that builds curl from a generated source tarball sample, with 5922 autotools, out-of-tree, in debug mode. 5923 5924 Ref: #12085 5925 Closes #12088 5926 5927Daniel Stenberg (12 Oct 2023) 5928 5929- http: avoid Expect: 100-continue if Upgrade: is used 5930 5931 Reported-by: Daniel Jelinski 5932 Fixes #12022 5933 Closes #12062 5934 5935Jan Alexander Steffens (heftig) (12 Oct 2023) 5936 5937- docs: use SOURCE_DATE_EPOCH for generated manpages 5938 5939 This should make builds from Git reproducible. 5940 5941 Closes #12092 5942 5943Daniel Stenberg (12 Oct 2023) 5944 5945- RELEASE-NOTES: synced 5946 5947 Bumped to 8.4.1 5948 5949Viktor Szakats (12 Oct 2023) 5950 5951- cmake: fix `HAVE_H_ERRNO_ASSIGNABLE` detection 5952 5953 Fix `HAVE_H_ERRNO_ASSIGNABLE` to not run, only compile its test snippet, 5954 aligning this with autotools. This fixes an error when doing 5955 cross-builds and also actually detects this feature. It affected systems 5956 not allowlisted into this, e.g. SerenityOS. 5957 5958 We used this detection result to enable `HAVE_GETADDRINFO_THREADSAFE`. 5959 5960 Follow-up to 04a3a377d83fd72c4cf7a96c9cb6d44785e33264 #11979 5961 Ref: #12095 (closed in favour of this patch) 5962 Ref: #11964 (effort to sync cmake detections with autotools) 5963 5964 Reported-by: Kartatz on Github 5965 Assisted-by: Kartatz on Github 5966 Fixes #12093 5967 Closes #12094 5968 5969- build: add `src/.checksrc` to source tarball 5970 5971 Regression from e5bb88b8f824ed87620bd923552534c83c2a516e #11958 5972 5973 Bug: https://github.com/curl/curl/pull/11958#issuecomment-1757079071 5974 Reported-by: Romain Geissler 5975 Fixes #12084 5976 Closes #12085 5977 5978Version 8.4.0 (11 Oct 2023) 5979 5980Daniel Stenberg (11 Oct 2023) 5981 5982- RELEASE-NOTES: synced 5983 5984- THANKS: add contributors from 8.4.0 5985 5986Jay Satiro (11 Oct 2023) 5987 5988- socks: return error if hostname too long for remote resolve 5989 5990 Prior to this change the state machine attempted to change the remote 5991 resolve to a local resolve if the hostname was longer than 255 5992 characters. Unfortunately that did not work as intended and caused a 5993 security issue. 5994 5995 Bug: https://curl.se/docs/CVE-2023-38545.html 5996 5997Stefan Eissing (10 Oct 2023) 5998 5999- CI: remove slowed-network tests 6000 6001 - remove these tests as they are currently not reliable in our CI 6002 setups. 6003 6004 curl handles the test cases, but CI sometimes fails on these due to 6005 additional conditions. Rather than mix them in, an additional CI job 6006 will be added in the future that is specific to them. 6007 6008 Closes https://github.com/curl/curl/pull/12075 6009 6010Jay Satiro (10 Oct 2023) 6011 6012- libcurl-env-dbg.3: move debug variables from libcurl-env.3 6013 6014 - Move documentation of libcurl environment variables used only in debug 6015 builds from libcurl-env into a separate document libcurl-env-dbg. 6016 6017 - Document more debug environment variables. 6018 6019 Previously undocumented or missing a description: 6020 6021 CURL_ALTSVC_HTTP, CURL_DBG_SOCK_WBLOCK, CURL_DBG_SOCK_WPARTIAL, 6022 CURL_DBG_QUIC_WBLOCK, CURL_DEBUG, CURL_DEBUG_SIZE, CURL_GETHOSTNAME, 6023 CURL_HSTS_HTTP, CURL_FORCETIME, CURL_SMALLREQSEND, CURL_SMALLSENDS, 6024 CURL_TIME. 6025 6026 Closes https://github.com/curl/curl/pull/11811 6027 6028Dan Fandrich (9 Oct 2023) 6029 6030- test670: increase the test timeout 6031 6032 This should make it more immune to loaded servers. 6033 6034 Ref: #11328 6035 6036Stefan Eissing (9 Oct 2023) 6037 6038- MQTT: improve receive of ACKs 6039 6040 - add `mq->recvbuf` to provide buffering of incomplete 6041 ACK responses 6042 - continue ACK reading until sufficient bytes available 6043 - fixes test failures on low network receives 6044 6045 Closes #12071 6046 6047Viktor Szakats (9 Oct 2023) 6048 6049- quic: fix BoringSSL build 6050 6051 Add guard around `SSL_CTX_set_ciphersuites()` use. 6052 6053 Bug: https://github.com/curl/curl/pull/12065#issuecomment-1752171885 6054 6055 Follow-up to aa9a6a177017e4b74d33cdf85a3594900f4a7f81 6056 6057 Co-authored-by: Jay Satiro 6058 Reviewed-by: Daniel Stenberg 6059 Closes #12067 6060 6061Stefan Eissing (9 Oct 2023) 6062 6063- test1540: improve reliability 6064 6065 - print that bytes have been received on pausing, but not how many 6066 6067 Closes #12069 6068 6069- test2302: improve reliability 6070 6071 - make result print collected write data, unless 6072 change in meta flags is detected 6073 - will show same result even when data arrives via 6074 several writecb invocations 6075 6076 Closes #12068 6077 6078Daniel Stenberg (9 Oct 2023) 6079 6080- curl_easy_pause: set "in callback" true on exit if true 6081 6082 Because it might have called another callback in the mean time that then 6083 set the bit FALSE on exit. 6084 6085 Reported-by: Jay Satiro 6086 Fixes #12059 6087 Closes #12061 6088 6089Viktor Szakats (8 Oct 2023) 6090 6091- h3: add support for ngtcp2 with AWS-LC builds 6092 6093 ``` 6094 curl 8.4.0-DEV (x86_64-apple-darwin) libcurl/8.4.0-DEV (SecureTransport) AWS- 6095 LC/1.15.0 nghttp2/1.56.0 ngtcp2/0.19.1 nghttp3/0.15.0 6096 Release-Date: [unreleased] 6097 Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps 6098 mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss 6099 Features: alt-svc AsynchDNS HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Largefile Multi 6100 SSL NTLM SSL threadsafe UnixSockets 6101 ``` 6102 6103 Also delete an obsolete GnuTLS TODO and update the header comment in 6104 `FindNGTCP2.cmake`. 6105 6106 Reviewed-by: Daniel Stenberg 6107 Closes #12066 6108 6109- build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros 6110 6111 Syncing this up with CMake. 6112 6113 Source code uses the built-in `OPENSSL_IS_AWSLC` and 6114 `OPENSSL_IS_BORINSSL` macros to detect BoringSSL and AWS-LC. No help is 6115 necessary from the build tools. 6116 6117 The one use of `HAVE_BORINGSSL` in the source turned out to be no longer 6118 necessary for warning-free BoringSSL + Schannel builds. Ref: #1610 #2634 6119 6120 autotools detects this anyway for display purposes. 6121 CMake detects this to decide whether to use the BoringSSL-specific 6122 crypto lib with ngtcp2. It detects AWS-LC, but doesn't use the detection 6123 result just yet (planned in #12066). 6124 6125 Ref: #11964 6126 6127 Reviewed-by: Daniel Stenberg 6128 Reviewed-by: Jay Satiro 6129 Closes #12065 6130 6131Marc Hoersken (8 Oct 2023) 6132 6133- CI: move distcheck job from Azure Pipelines to GitHub Actions 6134 6135 This will allow for more trigger excludes within Azure Pipelines. 6136 6137 Also fixes seemingly broken check with scripts/installcheck.sh. 6138 Ref: 190374c74ec4e5247d9066544c86e8d095e1d7b5 6139 6140 Assisted-by: Philip Heiduck 6141 Closes #9532 6142 6143Daniel Stenberg (8 Oct 2023) 6144 6145- url: fall back to http/https proxy env-variable if ws/wss not set 6146 6147 Reported-by: Craig Andrews 6148 Fixes #12031 6149 Closes #12058 6150 6151Stefan Eissing (8 Oct 2023) 6152 6153- cf-socket: simulate slow/blocked receives in debug 6154 6155 add 2 env variables for non-UDP sockets: 6156 1. CURL_DBG_SOCK_RBLOCK: percentage of receive calls that randomly 6157 should return EAGAIN 6158 2. CURL_DBG_SOCK_RMAX: max amount of bytes read from socket 6159 6160 Closes #12035 6161 6162- http2: refused stream handling for retry 6163 6164 - answer HTTP/2 streams refused via a GOAWAY from the server to 6165 respond with CURLE_RECV_ERROR in order to trigger a retry 6166 on another connection 6167 6168 Reported-by: black-desk on github 6169 Ref #11859 6170 Closes #12054 6171 6172Jay Satiro (8 Oct 2023) 6173 6174- CURLOPT_DEBUGFUNCTION.3: warn about internal handles 6175 6176 - Warn that the user's debug callback may be called with the handle 6177 parameter set to an internal handle. 6178 6179 Without this warning the user may assume that the only handles their 6180 debug callback receives are the easy handles on which they set 6181 CURLOPT_DEBUGFUNCTION. 6182 6183 This is a follow-up to f8cee8cc which changed DoH handles to inherit 6184 the debug callback function set in the user's easy handle. As a result 6185 those handles are now passed to the user's debug callback function. 6186 6187 Closes https://github.com/curl/curl/pull/12034 6188 6189- url: fix typo 6190 6191Daniel Stenberg (8 Oct 2023) 6192 6193- test458: verify --expand-output, expanding a file name accepting option 6194 6195 Verifies the fix in #12055 (commit f2c8086ff15e6e995e1) 6196 6197- tool_getparam: accept variable expansion on file names too 6198 6199 Reported-by: PBudmark on github 6200 Fixes #12048 6201 Closes #12055 6202 6203- RELEASE-NOTES: synced 6204 6205- multi: do CURLM_CALL_MULTI_PERFORM at two more places 6206 6207 ... when it does a state transition but there is no particular socket or 6208 timer activity. This was made apparent when commit b5bb84c removed a 6209 superfluous timer expiry. 6210 6211 Reported-by: Dan Fandrich. 6212 Fixes #12033 6213 Closes #12056 6214 6215Viktor Szakats (7 Oct 2023) 6216 6217- GHA/linux: mbedtls 3.5.0 + minor dep bumps 6218 6219 Closes #12057 6220 6221Dan Fandrich (7 Oct 2023) 6222 6223- CI: bump OpenLDAP package version on FreeBSD 6224 6225 The old one is no longer available. 6226 6227Marc Hoersken (7 Oct 2023) 6228 6229- docs/libcurl/opts/Makefile.inc: add missing manpage files 6230 6231 Detected with #9532 6232 6233Dan Fandrich (7 Oct 2023) 6234 6235- tests: fix a race condition in ftp server disconnect 6236 6237 If a client disconnected and reconnected quickly, before the ftp server 6238 had a chance to respond, the protocol message/ack (ping/pong) sequence 6239 got out of sync, causing messages sent to the old client to be delivered 6240 to the new. A disconnect must now be acknowledged and intermediate 6241 requests thrown out until it is, which ensures that such synchronization 6242 problems can't occur. This problem could affect ftp, pop3, imap and smtp 6243 tests. 6244 6245 Fixes #12002 6246 Closes #12049 6247 6248Viktor Szakats (7 Oct 2023) 6249 6250- appveyor: bump mingw-w64 job to gcc 13 (was: 8) 6251 6252 This sets gcc 6, 7, 9, 13 in our test mix (was: 6, 7, 8, 9). 6253 Adding a modern gcc version to the tests. 6254 6255 (The gcc 8 job used to take around 50 minutes. The new image with gcc 13 6256 finished in 32, 35, 34 minutes in the 3 test runs so far.) 6257 6258 It also adds a modern CMake version and OS env to our mingw-w64 builds. 6259 6260 Closes #12051 6261 6262David Benjamin (6 Oct 2023) 6263 6264- openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR 6265 6266 While the struct is still public in OpenSSL, there is a (somewhat 6267 inconvenient) accessor. Use it to remain compatible if it becomes opaque 6268 in the future. 6269 6270 Closes #12038 6271 6272Daniel Stenberg (6 Oct 2023) 6273 6274- curl_easy_pause.3: mention it works within callbacks 6275 6276 Reported-by: Maxim Dzhura 6277 Bug: https://curl.se/mail/lib-2023-10/0010.html 6278 Closes #12046 6279 6280- curl_easy_pause.3: mention h2/h3 buffering 6281 6282 Asked-by: Maxim Dzhura 6283 Ref: https://curl.se/mail/lib-2023-10/0011.html 6284 6285 Closes #12045 6286 6287Viktor Szakats (6 Oct 2023) 6288 6289- cmake: re-add missed C89 headers for specific detections 6290 6291 We removed C89 `setjmp.h` and `signal.h` detections and excluded them 6292 from the global header list we use when detecting functions [1]. Then 6293 missed to re-add these headers to the specific functions which need 6294 them to be detected [2]. Fix this omission in this patch. 6295 6296 [1] Follow-up to 3795fcde995d96db641ddbcc8a04f9f0f03bef9f #11951 6297 [2] Follow-up to 96c29900bcec32dd6bc8e9857c8871ff4b8b8ed9 #11940 6298 6299 Closes #12043 6300 6301Daniel Stenberg (6 Oct 2023) 6302 6303- multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE 6304 6305 Since there is nothing to wait for there. Avoids the test 1233 hang 6306 reported in #12033. 6307 6308 Reported-by: Dan Fandrich 6309 Closes #12042 6310 6311Dan Fandrich (5 Oct 2023) 6312 6313- test1903: actually verify the cookies after the test 6314 6315 The test otherwise could do just about anything (except leak memory in 6316 debug mode) and its bad behaviour wouldn't be detected. Now, check the 6317 resulting cookie file to ensure the cookies are still there. 6318 6319 Closes #12041 6320 6321- test: add missing <feature>s 6322 6323 The tests will otherwise fail if curl has them disabled. 6324 6325- test1906: set a lower timeout since it's hit on Windows 6326 6327 msys2 builds actually hit the connect timeout in normal operation, so 6328 lower the timeout from 5 minutes to 5 seconds to reduce test time. 6329 6330 Ref: #11328 6331 Closes #12036 6332 6333Daniel Stenberg (5 Oct 2023) 6334 6335- RELEASE-NOTES: synced 6336 6337Jay Satiro (5 Oct 2023) 6338 6339- idn: fix WinIDN null ptr deref on bad host 6340 6341 - Return CURLE_URL_MALFORMAT if IDN hostname cannot be converted from 6342 UTF-8 to UTF-16. 6343 6344 Prior to this change a failed conversion erroneously returned CURLE_OK 6345 which meant 'decoded' pointer (what would normally point to the 6346 punycode) would not be written to, remain NULL and be dereferenced 6347 causing an access violation. 6348 6349 Closes https://github.com/curl/curl/pull/11983 6350 6351Dan Fandrich (4 Oct 2023) 6352 6353- tests: close the shell used to start sshd 6354 6355 This shell isn't needed once sshd starts, so use "exec" so it doesn't 6356 stick around. 6357 6358 Closes #12032 6359 6360Daniel Stenberg (4 Oct 2023) 6361 6362- base64: also build for curl 6363 6364 Since the tool itself now uses the base64 code using the curlx way, it 6365 needs to build also when the tool needs it. Starting now, the tool build 6366 defines BULDING_CURL to allow lib-side code to use it. 6367 6368 Follow-up to 2e160c9c6525 6369 6370 Closes #12010 6371 6372Eduard Strehlau (4 Oct 2023) 6373 6374- tests: Fix zombie processes left behind by FTP tests. 6375 6376 ftpserver.pl correctly cleans up spawned server processes, 6377 but forgets to wait for the shell used to spawn them. 6378 This is barely noticeable during a normal testrun, 6379 but causes process exhaustion and test failure 6380 during a complete torture run of the FTP tests. 6381 6382 Fixes #12018 6383 Closes #12020 6384 6385Dan Fandrich (4 Oct 2023) 6386 6387- github/labeler: improve labeler matches 6388 6389- test574: add a timeout to the test 6390 6391 This one hangs occasionally, so this will speed up a test run and allow 6392 logs to be seen when it does. 6393 6394 Closes #12025 6395 6396- tests: propagate errors in libtests 6397 6398 Use the test macros to automatically propagate some errors, and check 6399 and log others while running the tests. This can help in debugging 6400 exactly why a test has failed. 6401 6402- tests: set --expect100-timeout to improve test reliability 6403 6404 On an overloaded server, the default 1 second timeout can go by without 6405 the test server having a chance to respond with the expected headers, 6406 causing tests to fail. Increase the 1 second timeout to 99 seconds so 6407 this failure mode is no longer a problem on test 1129. Some other tests 6408 already set a high value, but make them consistently 99 seconds so if 6409 something goes wrong the test is stalled for less time. 6410 6411 Ref: #11328 6412 6413- CI: ignore the "flaky" and "timing-dependent" test results in CMake 6414 6415 This was already done for automake builds but CMake builds were missed. 6416 Test 1086 actually causes the test harness to crash with: 6417 6418 Warning: unable to close filehandle DWRITE properly: Broken pipe at C:/projec 6419 ts/curl/tests/ftpserver.pl line 527 6420 6421 Rather than fix it now, this change leaves test 1086 entirely skipped on 6422 those builds that show this problem. 6423 6424 Follow-up to 589dca761 6425 6426 Ref: #11865 6427 6428Viktor Szakats (4 Oct 2023) 6429 6430- cmake: improve OpenLDAP builds 6431 6432 - cmake: detect OpenLDAP based on function `ldap_init_fd`. 6433 autotools does this. autotools also publishes this detection result 6434 in `HAVE_LDAP_INIT_FD`. We don't mimic that with CMake as the source 6435 doesn't use this value. (it might need to be remove-listed in 6436 `scripts/cmp-config.pl` for future OpenLDAP test builds.) 6437 This also deletes existing self-declaration method via the 6438 CMake-specific `CURL_USE_OPENLDAP` configuration. 6439 6440 - cmake: define `LDAP_DEPRECATED=1` for OpenLDAP. 6441 Like autotools does. This fixes a long list of these warnings: 6442 ``` 6443 /usr/local/opt/openldap/include/ldap.h:1049:5: warning: 'LDAP_DEPRECATED' i 6444 s not defined, evaluates to 0 [-Wundef] 6445 ``` 6446 6447 - cmake: delete LDAP TODO comment no longer relevant. 6448 6449 Also: 6450 6451 - autotools: replace domain name `dummy` with `0.0.0.0` in LDAP feature 6452 detection functions. 6453 6454 Ref: #11964 (effort to sync cmake detections with autotools) 6455 6456 Closes #12024 6457 6458- cmake: fix unity builds for more build combinations 6459 6460 By using unique static function/variable names in source files 6461 implementing these interfaces. 6462 6463 - OpenLDAP combined with any SSH backend. 6464 6465 - MultiSSL with mbedTLS, OpenSSL, wolfSSL, SecureTransport. 6466 6467 Closes #12027 6468 6469Daniel Stenberg (4 Oct 2023) 6470 6471- tests: remove leading spaces from some tags 6472 6473 The threee tags `<name>`, `</name>` and `<command>` were frequently used 6474 with a leading space that this removes. The reason this habbit is so 6475 widespread in testcases is probably that they have been copy and pasted. 6476 6477 Hence, fixing them all now might curb this practice from now on. 6478 6479 Closes #12028 6480 6481Viktor Szakats (4 Oct 2023) 6482 6483- GHA: bump actions/checkout 6484 6485 Follow-up to 2e0fa50fc16b9339f51e0a7bfff0352829323acb #11964 6486 Follow-up to c39585d9b7ef3cbfc1380812dec60e7b275b6af3 #12000 6487 6488 Closes #12023 6489 6490- spelling: fix codespell 2.2.6 typos 6491 6492 Closes #12019 6493 6494Daniel Stenberg (3 Oct 2023) 6495 6496- GHA: add workflow to compare configure vs cmake outputs 6497 6498 Uses scripts/cmp-config.pl two compare two curl_config.h files, 6499 presumbly generated with configure and cmake. It displays the 6500 differences and filters out a lot of known lines we ignore. 6501 6502 The script also shows the matches that were *not* used. Possibly 6503 subjects for removal. 6504 6505 Closes #11964 6506 6507- appveyor: enable test 571 6508 6509 Follow-up from 8a940fd55c175f7 / #12013 6510 6511 Closes #12017 6512 6513Viktor Szakats (3 Oct 2023) 6514 6515- build: alpha-sort source files for lib and src 6516 6517 Closes #12014 6518 6519- cmake: delete old `HAVE_LDAP_URL_PARSE` logic 6520 6521 Left there by accident after adding proper detection for this. 6522 6523 Follow-up to 772f0d8edf1c3c2745543f42388ccec5a16ee2c0 #12006 6524 6525 Ref: #11964 (effort to sync cmake detections with autotools) 6526 6527 Closes #12015 6528 6529Stefan Eissing (3 Oct 2023) 6530 6531- tests: increase lib571 timeout from 3s to 30s 6532 6533 - 3s is too short for our CI, making this test fail occasionally 6534 - test usually experiences no delay run locally, so 30s wont hurt 6535 6536 Closes #12013 6537 6538Viktor Szakats (3 Oct 2023) 6539 6540- cmake: fix unity with Windows Unicode + TrackMemory 6541 6542 Found the root cause of the startup crash in unity builds with Unicode 6543 and TrackMemory enabled at the same time. 6544 6545 We must make sure that the `memdebug.h` header doesn't apply to 6546 `lib/curl_multibyte.c` (as even noted in a comment there.) In unity 6547 builds all headers apply to all sources, including `curl_multibyte.c`. 6548 This probably resulted in an infinite loop on startup. 6549 6550 Exclude this source from unity compilation with TrackMemory enabled, 6551 in both libcurl and curl tool. Enable unity mode for a debug Unicode 6552 CI job to keep it tested. Also delete the earlier workaround that 6553 fully disabled unity for affected builds. 6554 6555 Follow-up to d82b080f6374433ce7c98241329189ad2d3976f8 #12005 6556 Follow-up to 3f8fc25720900b14b7432f4bd93407ca15311719 #11095 6557 6558 Closes #11928 6559 6560- cmake: disable unity mode with Windows Unicode + TrackMemory 6561 6562 "TrackMemory" is `ENABLE_DEBUG=ON` (aka `ENABLE_CURLDEBUG=ON`, 6563 aka `-DCURLDEBUG`). 6564 6565 There is an issue with memory tracking and Unicode when built in "unity" 6566 mode, which results in the curl tool crashing right on startup, even 6567 without any command-line option. Interestingly this doesn't happen under 6568 WINE (at least on the system I tested this on), but consistenly happens 6569 on real Windows machines. Crash is 0xC0000374 heap corruption. Both 6570 shared and static curl executables are affected. 6571 6572 This limitation probably won't hit too many people, but it remains 6573 a TODO to find and fix the root cause and drop this workaround. 6574 6575 Example builds and runs: 6576 https://ci.appveyor.com/project/curlorg/curl/builds/48169111/job/17cptxhtpubd 6577 7iwj#L313 (static) 6578 https://ci.appveyor.com/project/curlorg/curl/builds/48169111/job/76e1ge758tby 6579 qu9c#L317 (shared) 6580 6581 Follow-up to 3f8fc25720900b14b7432f4bd93407ca15311719 #11095 6582 6583 Ref: #11928 6584 Closes #12005 6585 6586- cmake: tidy-up `NOT_NEED_LBER_H` detection 6587 6588 Follow-up to 772f0d8edf1c3c2745543f42388ccec5a16ee2c0 #12006 6589 6590- appveyor: rewrite batch in PowerShell + CI improvements 6591 6592 1. Rewrite in PowerShell: 6593 6594 - rewrite MS-DOS batch build script in PowerShell. 6595 - move some bash operations into native PowerShell. 6596 - fixups for PowerShell insisting on failure when a command outputs 6597 something to stderr. 6598 - fix to actually run `curl -V` after every build. 6599 (and exclude ARM64 builds.) 6600 - also say why we skipped `curl -V` if we had to skip. 6601 - fix CMake warnings about unused configuration variables, by adapting 6602 these dynamically for build cases. 6603 - dedupe OpenSSL path into a variable. 6604 - disable `test1451` failing with a warning anyway due to missing python 6605 impacket. (after trying and failing to install impacket) 6606 PowerShell promotes these warnings to errors by PowerShell. We can also 6607 suppress they wholesale if they start causing issues in the future, 6608 like we already to with `autoreconf` and `./configure`. 6609 6610 PowerShell is better than MS-DOS batches, so the hope is this makes it 6611 easier to extend and maintain the AppVeyor build logic. POSIX/bash isn't 6612 supported inline by AppVeyor on Windows build machines, but we are okay 6613 to keep it in an external script, so it's also an option. 6614 6615 2. CI improvements: 6616 6617 - enable tests for a "unity" build job. 6618 - speed-up CI initialization by using shallow clones of the curl repo. 6619 - speed-up CMake MSVC jobs with `TrackFileAccess=false`. 6620 - enable parallelism in `VisualStudioSolution` builds. 6621 - display CMake version before builds. 6622 - always show the CPU in job names. 6623 - tell which jobs are build-only in job names. 6624 - move `TESTING:` value next to `DISABLED_TESTS:` in two jobs. 6625 - add `config.log` (autotools) to dumped logs (need to enable manually). 6626 6627 3. Style: 6628 6629 - use single-quotes in YAML like we do in other CI YAML files. 6630 It also allows to drop quoting characters and lighter to write/read. 6631 (keep double quotes for PowerShell strings needing expansion.) 6632 6633 Closes #11999 6634 6635- cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows 6636 6637 - set `HAVE_LDAP_URL_PARSE` if `ldap_url_parse` function exists. 6638 Before this patch we set it based it on the presence of `stricmp`, 6639 which correctly enabled it on e.g. Windows, but was inaccurate for 6640 other platforms. 6641 6642 - always set `HAVE_LDAP_SSL` if an LDAP backend is detected and 6643 LDAPS is not explicitly disabled. This mimics autotools behaviour. 6644 Previously we set it only for Windows LDAP. After this fix, LDAPS is 6645 correctly enabled in default macOS builds. 6646 6647 - enable LDAP[S] for a CMake macOS CI job. Target OS X 10.9 (Mavericks) 6648 to avoid deprecation warnings for LDAP API. 6649 6650 - always detect `HAVE_LDAP_SSL_H`, even with LDAPS explicitly disabled. 6651 This doesn't make much sense, but let's do it to sync behaviour with 6652 autotools. 6653 6654 - fix benign typo in variable name. 6655 6656 Ref: #11964 (effort to sync cmake detections with autotools) 6657 6658 Closes #12006 6659 6660- autotools: restore `HAVE_IOCTL_*` detections 6661 6662 This restores `CURL_CHECK_FUNC_IOCTL` detection. I deleted it in 6663 4d73854462f30948acab12984b611e9e33ee41e6 and 6664 c3456652a0c72d1845d08df9769667db7e159949 (2022-08), because the 6665 `HAVE_IOCTL` result it generated was unused in the source. But, 6666 I did miss the fact that this had two dependent checks: 6667 `CURL_CHECK_FUNC_IOCTL_FIONBIO`, 6668 `CURL_CHECK_FUNC_IOCTL_SIOCGIFADDR` that we do actually need: 6669 `HAVE_IOCTL_FIONBIO`, `HAVE_IOCTL_SIOCGIFADDR`. 6670 6671 Regression from 4d73854462f30948acab12984b611e9e33ee41e6 6672 6673 Ref: #11964 (effort to sync cmake detections with autotools) 6674 6675 Closes #12008 6676 6677Daniel Stenberg (2 Oct 2023) 6678 6679- RELEASE-PROCEDURE.md: updated coming release dates 6680 6681- RELEASE-NOTES: synced 6682 6683Viktor Szakats (1 Oct 2023) 6684 6685- cmake: pre-cache `HAVE_POLL_FINE` on Windows 6686 6687 Windows doesn't support `poll()`, so we can safely skip checking for 6688 fine poll. 6689 6690 Closes #12003 6691 6692- gha: bump actions to latest versions 6693 6694 - actions@checkout@v4 (from v3 and v2) 6695 6696 - fsfe/reuse-action@v2 (from v1) 6697 6698 Closes #12000 6699 6700Stefan Eissing (30 Sep 2023) 6701 6702- h2: testcase and fix for pausing h2 streams 6703 6704 - refs #11982 where it was noted that paused transfers may 6705 close successfully without delivering the complete data 6706 - made sample poc into tests/http/client/h2-pausing.c and 6707 added test_02_27 to reproduce 6708 6709 Closes #11989 6710 Fixes #11982 6711 Reported-by: Harry Sintonen 6712 6713Viktor Szakats (30 Sep 2023) 6714 6715- cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value 6716 6717 Before this patch CMake builds accepted any value and it was used at 6718 runtime as-is. This patch make sure that the selected default backend 6719 is also enabled in the build. It also enforces a full lowercase value. 6720 6721 This improves reproducibility and brings CMake in sync with autotools 6722 which already worked like described above. 6723 6724 Follow-up to 26c7feb8b9d51a57fab3325571b4bbfa03b11af0 #11774 6725 6726 Closes #11998 6727 6728- autotools: adjust `CURL_CA_PATH` value to CMake 6729 6730 autotools was using the same value as CMake, but with an ending 6731 slash. Delete the ending slash to match configurations. 6732 6733 Ref: #11964 (effort to sync cmake detections with autotools) 6734 6735 Closes #11997 6736 6737- cmake: detect `sys/wait.h` and `netinet/udp.h` 6738 6739 Ref: #11964 (effort to sync cmake detections with autotools) 6740 6741 Closes #11996 6742 6743Daniel Stenberg (30 Sep 2023) 6744 6745- lib: provide and use Curl_hexencode 6746 6747 Generates a lower case ASCII hex output from a binary input. 6748 6749 Closes #11990 6750 6751- configure: check for the capath by default 6752 6753 ... if the chosen TLS backend supports it: OpenSSL, GnuTLS, mbedTLS or wolfSS 6754 L 6755 6756 cmake: synced 6757 6758 Assisted-by: Viktor Szakats 6759 Closes #11987 6760 6761- wolfssl: ignore errors in CA path 6762 6763 The default wolfSSL_CTX_load_verify_locations() function is quite picky 6764 with the certificates it loads and will for example return error if just 6765 one of the certs has expired. 6766 6767 With the *_ex() function and its WOLFSSL_LOAD_FLAG_IGNORE_ERR flag, it 6768 behaves more similar to what OpenSSL does by default. 6769 6770 Even the set of default certs on my Debian unstable has several expired 6771 ones. 6772 6773 Assisted-by: Juliusz Sosinowicz 6774 Assisted-by: Michael Osipov 6775 6776 Closes #11987 6777 6778- create-dirs.d: clarify it also uses --output-dirs 6779 6780 Reported-by: Robert Simpson 6781 Fixes #11991 6782 Closes #11995 6783 6784Viktor Szakats (30 Sep 2023) 6785 6786- appveyor: fix yamlint issues, indent 6787 6788 Also: 6789 - use double quotes in all batch if statements. 6790 6791 Closes #11994 6792 6793- cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW` 6794 6795 Based on existing autotools logic. 6796 6797 Ref: #11964 (effort to sync cmake detections with autotools) 6798 6799 Closes #11981 6800 6801- cmake: detect `HAVE_GETADDRINFO_THREADSAFE` 6802 6803 Based on existing autotools logic. 6804 6805 autotools checks for old versions of the allowlisted target OSes and 6806 disables this feature when seeing them. In CMake we assume we're running 6807 on newer systems and enable regardless of OS version. 6808 6809 autotools always runs all 3 probes for non-fast-tracked systems and 6810 enables this feature if any one of them was successful. To save 6811 configuration time, CMake stops at the first successful check. 6812 6813 OpenBSD is not fast-tracked and then gets blocklisted as a generic BSD 6814 system. I haven't double-checked if this is correct, but looks odd. 6815 6816 Ref: #11964 (effort to sync cmake detections with autotools) 6817 6818 Closes #11979 6819 6820- cmake: fix `HAVE_WRITABLE_ARGV` detection 6821 6822 Move detection before the creation of detection results in 6823 `curl_config.h`. 6824 6825 Ref: #11964 (effort to sync cmake detections with autotools) 6826 6827 Closes #11978 6828 6829- appveyor: minor improvements 6830 6831 - run `curl -V` after builds to see if they run and with what features. 6832 Except for one job where a CRT DLL is missing. And ARM64 which should 6833 fail, but is silently not launched instead. 6834 6835 - copy libcurl DLL next to curl tool and tests binaries in shared mode. 6836 This makes it possible to run the tests. (We don't run tests after 6837 these builds yet.) 6838 6839 - list the DLLs and EXEs present after the builds. 6840 6841 - add `DEBUG` variable for CMake builds to allow disabling it, for 6842 testing non-debug builds. (currently enabled for all) 6843 6844 - add commented lines that dump CMake configuration logs for debugging 6845 build/auto-detection issues. 6846 6847 - add gcc version to jobs where missing. 6848 6849 - switch a job to the native MSYS2 mingw-w64 toolchain. This adds gcc 9 6850 to the build mix. 6851 6852 - make `SHARED=OFF` and `OPENSSL=OFF` defaults global. 6853 6854 - delete a duplicate backslash. 6855 6856 Closes #11976 6857 6858- configure: replace adhoc domain with `localhost` in tests 6859 6860 Reviewed-by: Daniel Stenberg 6861 Closes #11988 6862 6863- tidy-up: use more example domains 6864 6865 Also make use of the example TLD: 6866 https://en.wikipedia.org/wiki/.example 6867 6868 Reviewed-by: Daniel Stenberg 6869 Closes #11992 6870 6871Dan Fandrich (29 Sep 2023) 6872 6873- runtests: display the test status if tests appear hung 6874 6875 It sometimes happens that a test hangs during a test run and never 6876 returns. The test harness will wait indefinitely for the results and on 6877 CI servers the CI job will eventually be killed after an hour or two. 6878 At the end of a test run, if results haven't come in within a couple of 6879 minutes, display the status of all test runners and what tests they're 6880 running to help in debugging the problem. 6881 6882 This feature is really only kick in with parallel testing enabled, which 6883 is fine because without parallel testing it's usually easy to tell what 6884 test has hung. 6885 6886 Closes #11980 6887 6888- github/labeler: remove workaround for labeler 6889 6890 This was added due to what seemed to be a bug regarding the sync-labels: 6891 config option, but it looks like it wasn't necessary. 6892 6893 Follow-up to b2b0534e7 6894 6895Viktor Szakats (29 Sep 2023) 6896 6897- docs: upgrade an URL to HTTPS in `BINDINGS.md` [ci skip] 6898 6899Daniel Stenberg (29 Sep 2023) 6900 6901- docs: replace made up domains with example.com 6902 6903 in FAQ and MANUAL.md 6904 6905 - example.com was made for this purpose. 6906 6907 - reduces the risk that one of those domains suddenly start hosting 6908 something nasty and we provide links to them 6909 6910 Closes #11986 6911 6912Michael Osipov (29 Sep 2023) 6913 6914- acinclude.m4: Document proper system truststore on FreeBSD 6915 6916 The default system truststore on FreeBSD has been /etc/ssl/certs for many 6917 years now. It is managed canonically through certctl(8) and contains hashed 6918 symlinks for OpenSSL and other TLS providers. 6919 The previous ones require security/ca_root_nss which might not be installed o 6920 r 6921 will not contain any custom CA certificates. 6922 6923 Closes #11985 6924 6925Daniel Stenberg (29 Sep 2023) 6926 6927- FAQ: How do I upgrade curl.exe in Windows? 6928 6929 This is a growing question, better answer it here to get somewhere to 6930 point users to. 6931 6932 Closes #11984 6933 6934Viktor Szakats (28 Sep 2023) 6935 6936- cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC 6937 6938 `basename` is present in mingw-w64, missing from MSVC. Pre-cache 6939 accordingly to make configure faster. 6940 6941 Notice that `basename` has a bug so we later disable it even with 6942 mingw-w64: 6943 https://github.com/curl/curl/blob/781242ffa44a9f9b95b6da5ac5a1bf6372ec6257/li 6944 b/curl_setup.h#L820-L825 6945 6946 Closes #11974 6947 6948Daniel Stenberg (28 Sep 2023) 6949 6950- cmake: add missing checks 6951 6952 - check for arc4random. To make rand.c use it accordingly. 6953 - check for fcntl 6954 - fix fseek detection 6955 - add SIZEOF_CURL_SOCKET_T 6956 - fix USE_UNIX_SOCKETS 6957 - define HAVE_SNPRINTF to 1 6958 - check for fnmatch 6959 - check for sched_yield 6960 - remove HAVE_GETPPID duplicate from curl_config.h 6961 - add HAVE_SENDMSG 6962 6963 Ref: #11964 6964 6965 Co-authored-by: Viktor Szakats 6966 Closes #11973 6967 6968- configure: remove unused checks 6969 6970 - for sys/uio.h 6971 - for fork 6972 - for connect 6973 6974 Ref: #11964 6975 6976 Closes #11973 6977 6978- lib: remove TIME_WITH_SYS_TIME 6979 6980 It is not used in any code anywhere. 6981 6982 Ref: #11964 6983 Closes #11975 6984 6985- docs: update curl man page references 6986 6987 Detected by the manpage-syntax update 6988 6989 Closes #11963 6990 6991- manpage-syntax: verify curl man page references 6992 6993 1. References to curl symbols are now checked that they indeed exist as 6994 man pages. This for \f references as well as the names referenced in the 6995 SEE ALSO section. 6996 6997 Allowlist curl.1 since it is not always built in builds 6998 6999 2. References to curl symbols that lack section now causes warning, since tha 7000 t 7001 will prevent them from getting linked properly 7002 7003 3. Check for "bare" references to curl functions and warn, they should be 7004 references 7005 7006 Closes #11963 7007 7008- cmake: add check for suseconds_t 7009 7010 And fix the HAVE_LONGLONG define 7011 7012 Ref: #11964 7013 Closes #11977 7014 7015Viktor Szakats (28 Sep 2023) 7016 7017- tidy-up: whitespace fixes 7018 7019 Closes #11972 7020 7021- cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS 7022 7023 With new option `CURL_DISABLE_SRP=ON` to force-disable it. 7024 To match existing option and detection logic in autotools. 7025 7026 Also: 7027 - fix detecting GnuTLS. 7028 We assume `nettle` as a GnuTLS dependency. 7029 - add CMake GnuTLS CI job. 7030 - bump AppVeyor CMake OpenSSL MSVC job to OpenSSL 1.1.1 (from 1.0.2) 7031 TLS-SRP fails to detect with 1.0.2 due to an OpenSSL header bug. 7032 - fix compiler warning when building with GnuTLS and disabled TLS-SRP. 7033 - fix comment typos, whitespace. 7034 7035 Ref: #11964 7036 7037 Closes #11967 7038 7039- tool: use our own stderr variable 7040 7041 Earlier this year we changed our own stderr variable to use the standard 7042 name `stderr` (to avoid bugs where someone is using `stderr` instead of 7043 the curl-tool specific variable). This solution needed to override the 7044 standard `stderr` symbol via the preprocessor. This in turn didn't play 7045 well with unity builds and caused curl tool to crash or stay silent due 7046 to an uninitialized stderr. This was a hard to find issue, fixed by 7047 manually breaking out one file from the unity sources. 7048 7049 To avoid two these two tricks, this patch implements a different 7050 solution: Restore using our own local variable for our stderr output and 7051 leave `stderr` as-is. To avoid using `stderr` by mistake, add a 7052 `checksrc` rule (based on logic we already used in lib for `strerror`) 7053 that detects any `stderr` use in `src` and points to using our own 7054 variable instead: `tool_stderr`. 7055 7056 Follow-up to 06133d3e9b8aeb9e9ca0b3370c246bdfbfc8619e 7057 Follow-up to 2f17a9b654121dd1ecf4fc043c6d08a9da3522db 7058 7059 Closes #11958 7060 7061Loïc Yhuel (28 Sep 2023) 7062 7063- connect: only start the happy eyeballs timer when needed 7064 7065 The timeout is only used when there is a second address family, for the 7066 delayed eyeballer. 7067 7068 Closes #11939 7069 7070Daniel Stenberg (28 Sep 2023) 7071 7072- tool_operate: free 'gateway' correctly 7073 7074 Pointed out by Coverity. The fix in 93885cf3a8d4e was incomplete. 7075 7076 Also removed repeated wording in IPFS related error messages. 7077 7078 Closes #11969 7079 7080Stefan Eissing (28 Sep 2023) 7081 7082- lib: move handling of `data->req.writer_stack` into Curl_client_write() 7083 7084 - move definitions from content_encoding.h to sendf.h 7085 - move create/cleanup/add code into sendf.c 7086 - installed content_encoding writers will always be called 7087 on Curl_client_write(CLIENTWRITE_BODY) 7088 - Curl_client_cleanup() frees writers and tempbuffers from 7089 paused transfers, irregardless of protocol 7090 7091 Closes #11908 7092 7093Loïc Yhuel (28 Sep 2023) 7094 7095- multi: round the timeout up to prevent early wakeups 7096 7097 Curl_timediff rounds down to the millisecond, so curl_multi_perform can 7098 be called too early, then we get a timeout of 0 and call it again. 7099 7100 The code already handled the case of timeouts which expired less than 7101 1ms in the future. By rounding up, we make sure we will never ask the 7102 platform to wake up too early. 7103 7104 Closes #11938 7105 7106Daniel Stenberg (28 Sep 2023) 7107 7108- RELEASE-NOTES: spell out that IPFS is via gateway 7109 7110- RELEASE-NOTES: synced 7111 7112- tool_operate: avoid strlen() -1 on zero length content from file 7113 7114 Follow-up to 65b563a96a226649ba12cb1e 7115 7116 Closes #11959 7117 7118- tool_operate: fix memory mixups 7119 7120 Switch to plain getenv() from curl_getenv() to avoid the allocation and 7121 having to keep track of which free() or curl_free() that need to be 7122 used. 7123 7124 Coverity found issues and a memory leak. 7125 7126 Follow-up to 65b563a96a226649ba12cb1e 7127 7128 Closes #11959 7129 7130Viktor Szakats (27 Sep 2023) 7131 7132- curl-functions.m4: fixup recent bad edits 7133 7134 Follow-up to 96c29900bcec32dd6bc8e9857c8871ff4b8b8ed9 #11940 7135 7136 Closes #11966 7137 7138Daniel Stenberg (27 Sep 2023) 7139 7140- curl-functions.m4: fix include line 7141 7142 This made the getaddrinfo detection fail, but we did not spot it in the 7143 CI because it graciously falled back to using legacy functions instead! 7144 7145 Follow-up to 96c29900bcec (#11940) 7146 7147 Closes #11965 7148 7149- inet_ntop: add typecast to silence Coverity 7150 7151 CID 1024653: Integer handling issues (SIGN_EXTENSION) 7152 7153 Suspicious implicit sign extension: "src[i]" with type "unsigned char 7154 const" (8 bits, unsigned) is promoted in "src[i] << (1 - i % 2 << 3)" to 7155 type "int" (32 bits, signed), then sign-extended to type "unsigned long" 7156 (64 bits, unsigned). If "src[i] << (1 - i % 2 << 3)" is greater than 7157 0x7FFFFFFF, the upper bits of the result will all be 1. 7158 7159 111 words[i/2] |= (src[i] << ((1 - (i % 2)) << 3)); 7160 7161 The value will not be greater than 0x7FFFFFFF so this still cannot 7162 happen. 7163 7164 Also, switch to ints here instead of longs. The values stored are 16 bit 7165 so at least no need to use 64 bit variables. Also, longs are 32 bit on 7166 some platforms so this logic still needs to work with 32 bits. 7167 7168 Closes #11960 7169 7170- docs: adapt SEE ALSO sections to new requirements 7171 7172 To please manpage-syntax.pl used by test 1173 7173 7174 Closes #11957 7175 7176- manpage-syntax.pl: verify SEE ALSO syntax 7177 7178 - Enforce a single reference per .BR line 7179 - Skip the quotes around the section number for example (3) 7180 - Insist on trailing commas on all lines except the last 7181 - Error on comma on the last SEE ALSO entry 7182 7183 - List the entries alpha-sorted, not enforced just recommended 7184 7185 Closes #11957 7186 7187- connect: expire the timeout when trying next 7188 7189 ... so that it gets called again immediately and can continue trying 7190 addresses to connect to. Otherwise it might unnecessarily wait for a 7191 while there. 7192 7193 Fixes #11920 7194 Reported-by: Loïc Yhuel 7195 Closes #11935 7196 7197- http: remove wrong comment for http_should_fail 7198 7199 Reported-by: Christian Schmitz 7200 Ref: #11936 7201 Closes #11941 7202 7203Dan Fandrich (26 Sep 2023) 7204 7205- tool_setopt: remove unused function tool_setopt_flags 7206 7207 This function is identical to tool_setopt_bitmask except that it treats 7208 the argument as unsigned. 7209 7210 Closes #11943 7211 7212Viktor Szakats (26 Sep 2023) 7213 7214- cmake: add feature checks for `memrchr` and `getifaddrs` 7215 7216 - `HAVE_MEMRCHR` for `memrchr`. 7217 - `HAVE_GETIFADDRS` for `getifaddrs`. 7218 This was present in `lib/curl_config.h.cmake` but missed the detection 7219 logic. 7220 7221 To match existing autotools feature checks. 7222 7223 Closes #11954 7224 7225- cmake: move global headers to specific checks 7226 7227 Before this patch we added standard headers unconditionally to the 7228 global list of headers used for feature checks. This is unnecessary 7229 and also doesn't help CMake 'Generate' performance. This patch moves 7230 these headers to each feature check where they are actually needed. 7231 Stop using `stddef.h`, as it seems unnecessary. 7232 7233 I've used autotools' `m4/curl-functions.m4` to figure out these 7234 dependencies. 7235 7236 Also delete checking for the C89 standard header `time.h`, that I 7237 missed in the earlier commit. 7238 7239 Ref: 96c29900bcec32dd6bc8e9857c8871ff4b8b8ed9 #11940 7240 7241 Closes #11951 7242 7243- src/mkhelp: make generated code pass `checksrc` 7244 7245 Closes #11955 7246 7247- tests: show which curl tool `runtests.pl` is using 7248 7249 To help debugging when there is issue finding or running it. 7250 7251 Closes #11953 7252 7253- CI/azure: make `MAKEFLAGS` global to parallelize all jobs 7254 7255 https://dev.azure.com/daniel0244/curl/_build/results?buildId=17528 (before) 7256 https://dev.azure.com/daniel0244/curl/_build/results?buildId=17545 (after, wi 7257 th -j3) 7258 7259 Closes #11952 7260 7261- CI/azure: migrate old mingw MSYS1 jobs to MSYS2 7262 7263 Also delete an accidental variable reference. 7264 7265 Follow-up to 38029101e2d78ba125732b3bab6ec267b80a0e72 7266 7267 Closes #11945 7268 7269Daniel Stenberg (26 Sep 2023) 7270 7271- docs: add see also curl_multi_get_handles to some man pages 7272 7273 Assisted-by: Jay Satiro 7274 7275 Closes #11942 7276 7277Viktor Szakats (26 Sep 2023) 7278 7279- cmake: assume `_fseeki64` and no `fseeko` on Windows 7280 7281 `_fseeki64` is present in mingw-w64 1.0 (2011-09-26) headers, and 7282 at least Watcom C 1.9 (2010) headers and MSVS 2008 [1]. 7283 7284 `fseeko` is not present in any of these. 7285 7286 (mingw-w64 1.0 also offers `fseeko64`.) 7287 7288 [1] https://github.com/curl/curl/pull/11944#issuecomment-1734995004 7289 7290 Follow-up to 9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93 #11918 7291 7292 Closes #11950 7293 7294- build: delete checks for C89 standard headers 7295 7296 Delete checks and guards for standard C89 headers and assume these are 7297 available: `stdio.h`, `string.h`, `time.h`, `setjmp.h`, `stdlib.h`, 7298 `stddef.h`, `signal.h`. 7299 7300 Some of these we already used unconditionally, some others we only used 7301 for feature checks. 7302 7303 Follow-up to 9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93 #11918 (for `stdio.h` i 7304 n CMake) 7305 7306 Closes #11940 7307 7308Stefan Eissing (26 Sep 2023) 7309 7310- multiif.h: remove Curl_multi_dump declaration 7311 7312 Follow-up to d850eea2 which removed the Curl_multi_dump definition. 7313 7314 Closes https://github.com/curl/curl/pull/11946 7315 7316Jay Satiro (26 Sep 2023) 7317 7318- config-win32: define HAVE__FSEEKI64 7319 7320 Follow-up to 9c7165e9 which added an fseeko wrapper to the lib that 7321 calls _fseeki64 if it is available. 7322 7323 Closes https://github.com/curl/curl/pull/11944 7324 7325- docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER 7326 7327 - Explain that peer verification via CURLOPT_PINNEDPUBLICKEY takes place 7328 even if peer verification via CURLOPT_SSL_VERIFYPEER is turned off. 7329 7330 The behavior is verified by test2048. 7331 7332 Bug: https://github.com/curl/curl/issues/2935#issuecomment-418371872 7333 Reported-by: claudiusaiz@users.noreply.github.com 7334 7335 Bug: https://github.com/curl/curl/discussions/11910 7336 Reported-by: Hakan Sunay Halil 7337 7338 Closes https://github.com/curl/curl/pull/11930 7339 7340Stefan Eissing (26 Sep 2023) 7341 7342- openssl: improve ssl shutdown handling 7343 7344 - If SSL shutdown is not finished then make an additional call to 7345 SSL_read to gather additional tracing. 7346 7347 - Fix http2 and h2-proxy filters to forward do_close() calls to the next 7348 filter. 7349 7350 For example h2 and SSL shutdown before and after this change: 7351 7352 Before: 7353 7354 Curl_conn_close -> cf_hc_close -> Curl_conn_cf_discard_chain -> 7355 ssl_cf_destroy 7356 7357 After: 7358 7359 Curl_conn_close -> cf_hc_close -> cf_h2_close -> cf_setup_close -> 7360 ssl_cf_close 7361 7362 Note that currently the tracing does not show output on the connection 7363 closure handle. Refer to discussion in #11878. 7364 7365 Ref: https://github.com/curl/curl/discussions/11878 7366 7367 Closes https://github.com/curl/curl/pull/11858 7368 7369Loïc Yhuel (26 Sep 2023) 7370 7371- multi: fix small timeouts 7372 7373 Since Curl_timediff rounds down to the millisecond, timeouts which 7374 expire in less than 1ms are considered as outdated and removed from the 7375 list. We can use Curl_timediff_us instead, big timeouts could saturate 7376 but this is not an issue. 7377 7378 Closes #11937 7379 7380Viktor Szakats (25 Sep 2023) 7381 7382- cmake: fix stderr initialization in unity builds 7383 7384 Before this patch, in certain build configurations the curl tool may 7385 not have displayed anything (debug, macOS), or crashed at startup 7386 (debug, Windows). 7387 7388 Follow-up to 3f8fc25720900b14b7432f4bd93407ca15311719 7389 Necessary after 2f17a9b654121dd1ecf4fc043c6d08a9da3522db 7390 7391 Closes #11929 7392 7393- cmake: fix missing `zlib.h` when compiling `libcurltool` 7394 7395 Came up while testing debug/testing build for Windows. I'm not sure why 7396 it didn't come up in earlier tests with similar config. 7397 `tool_hugehelp.c` might indeed require `zlib.h` and without linking 7398 `CURL_LIBS` to the `curltool` target, CMake doesn't seem to add detected 7399 dependency headers to the compiler command. 7400 7401 ``` 7402 [ 25%] Building C object src/CMakeFiles/curltool.dir/tool_hugehelp.c.obj 7403 cd .../curl/bld-cmake-llvm-x64/src && /usr/local/opt/llvm/bin/clang 7404 --target=x86_64-w64-mingw32 --sysroot=/usr/local/opt/mingw-w64/toolchain-x8 7405 6_64 7406 -DCURLDEBUG -DCURL_STATICLIB -DHAVE_CONFIG_H -DUNICODE -DUNITTESTS -D_UNICO 7407 DE 7408 -I.../curl/include -I.../curl/lib -I.../curl/bld-cmake-llvm-x64/lib 7409 -I.../curl/bld-cmake-llvm-x64/include -I.../curl/src -Wno-unused-command-li 7410 ne-argument 7411 -D_UCRT -DDEBUGBUILD -DHAS_ALPN -DUSE_MANUAL=1 -fuse-ld=lld -Wl,-s -static 7412 -libgcc 7413 -lucrt [...] -O3 -DNDEBUG -municode -MD 7414 -MT src/CMakeFiles/curltool.dir/tool_hugehelp.c.obj 7415 -MF CMakeFiles/curltool.dir/tool_hugehelp.c.obj.d 7416 -o CMakeFiles/curltool.dir/tool_hugehelp.c.obj -c .../curl/bld-cmake-llvm-x 7417 64/src/tool_hugehelp.c 7418 .../curl/bld-cmake-llvm-x64/src/tool_hugehelp.c:6:10: fatal error: 'zlib.h' f 7419 ile not found 7420 6 | #include <zlib.h> 7421 | ^~~~~~~~ 7422 ``` 7423 7424 Follow-up to 39e7c22bb459c2e818f079984989a26a09741860 7425 7426 Closes #11927 7427 7428- cmake: fix duplicate symbols when linking tests 7429 7430 The linker resolves this automatically in non-unity builds. In unity 7431 builds the linker cannot drop a single object with the duplicates, 7432 resulting in these errors. The root issue is that we started including 7433 certain objects both via both libcurlu and libcurltool libs. 7434 7435 Regression from 39e7c22bb459c2e818f079984989a26a09741860 7436 7437 Windows errors: 7438 ``` 7439 [ 3%] Linking C executable unit1303.exe 7440 [ 3%] Building C object tests/server/CMakeFiles/rtspd.dir/__/__/lib/curl_mul 7441 tibyte.c.obj 7442 ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_convert_UTF8_to_wch 7443 ar': 7444 C:/projects/curl/lib/curl_multibyte.c:44: multiple definition of `curlx_conve 7445 rt_UTF8_to_wchar' 7446 ../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte. 7447 c:44: first defined here 7448 ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_convert_wchar_to_UT 7449 F8': 7450 C:/projects/curl/lib/curl_multibyte.c:66: multiple definition of `curlx_conve 7451 rt_wchar_to_UTF8' 7452 ../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte. 7453 c:66: first defined here 7454 ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_win32_open': 7455 C:/projects/curl/lib/curl_multibyte.c:92: multiple definition of `curlx_win32 7456 _open' 7457 ../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte. 7458 c:92: first defined here 7459 ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_win32_fopen': 7460 C:/projects/curl/lib/curl_multibyte.c:120: multiple definition of `curlx_win3 7461 2_fopen' 7462 ../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte. 7463 c:120: first defined here 7464 ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_win32_stat': 7465 [...] 7466 ``` 7467 Ref: https://ci.appveyor.com/project/curlorg/curl/builds/48110107/job/nvlhpt9 7468 aa4ehny5q#L247 7469 7470 macOS errors: 7471 ``` 7472 [ 56%] Linking C executable unit1302 7473 duplicate symbol '_curlx_sotouz' in: 7474 ../../lib/libcurlu.a(unity_0_c.c.o) 7475 ../../src/libcurltool.a(unity_0_c.c.o) 7476 duplicate symbol '_curlx_sitouz' in: 7477 ../../lib/libcurlu.a(unity_0_c.c.o) 7478 ../../src/libcurltool.a(unity_0_c.c.o) 7479 duplicate symbol '_curlx_uztosz' in: 7480 ../../lib/libcurlu.a(unity_0_c.c.o) 7481 ../../src/libcurltool.a(unity_0_c.c.o) 7482 [...] 7483 ``` 7484 with config: 7485 ``` 7486 -DCMAKE_UNITY_BUILD=ON \ 7487 -DENABLE_DEBUG=ON -DBUILD_TESTING=ON -DCMAKE_C_FLAGS=-DDEBUGBUILD \ 7488 -DBUILD_SHARED_LIBS=ON \ 7489 -DBUILD_STATIC_LIBS=OFF 7490 ``` 7491 7492 Closes #11926 7493 7494- cmake: lib `CURL_STATICLIB` fixes (Windows) 7495 7496 - always define `CURL_STATICLIB` when building libcurl for Windows. 7497 7498 This disables `__declspec(dllexport)` for exported libcurl symbols. 7499 In normal mode (hide symbols) these exported symbols are specified 7500 via `libcurl.def`. When not hiding symbols, all symbols are exported 7501 by default. 7502 7503 Regression from 1199308dbc902c52be67fc805c72dd2582520d30 7504 7505 Fixes #11844 7506 7507 - fix to omit `libcurl.def` when not hiding private symbols. 7508 7509 Regression from 2ebc74c36a19a1700af394c16855ce144d9878e3 7510 7511 - fix `ENABLED_DEBUG=ON` + shared curl tool Windows builds by also 7512 omitting `libcurl.def` in this case, and exporting all symbols 7513 instead. This ensures that a shared curl tool can access all debug 7514 functions which are not normally exported from libcurl DLL. 7515 7516 - delete `INTERFACE_COMPILE_DEFINITIONS "CURL_STATICLIB"` for "objects" 7517 target. 7518 7519 Follow-up to 2ebc74c36a19a1700af394c16855ce144d9878e3 7520 7521 - delete duplicate `BUILDING_LIBCURL` definitions. 7522 7523 - fix `HIDES_CURL_PRIVATE_SYMBOLS` to not overwrite earlier build settings. 7524 7525 Follow-up to 1199308dbc902c52be67fc805c72dd2582520d30 7526 7527 Closes #11914 7528 7529Daniel Stenberg (25 Sep 2023) 7530 7531- RELEASE-NOTES: synced 7532 7533Dan Fandrich (25 Sep 2023) 7534 7535- tests: fix log directory path in IPFS tests 7536 7537 Hard-coding the log directory name fails with parallel tests. 7538 7539 Follow-up to 65b563a96 7540 7541 Ref: #8805 7542 7543Daniel Stenberg (25 Sep 2023) 7544 7545- curl_multi_get_handles: get easy handles from a multi handle 7546 7547 Closes #11750 7548 7549Stefan Eissing (25 Sep 2023) 7550 7551- http: h1/h2 proxy unification 7552 7553 - use shared code for setting up the CONNECT request 7554 when tunneling, used in HTTP/1.x and HTTP/2 proxying 7555 - eliminate use of Curl_buffer_send() and other manipulations 7556 of `data->req` or `data->state.ulbuf` 7557 7558 Closes #11808 7559 7560Natanael Copa (25 Sep 2023) 7561 7562- lib: use wrapper for curl_mime_data fseek callback 7563 7564 fseek uses long offset which does not match with curl_off_t. This leads 7565 to undefined behavior when calling the callback and caused failure on 7566 arm 32 bit. 7567 7568 Use a wrapper to solve this and use fseeko which uses off_t instead of 7569 long. 7570 7571 Thanks to the nice people at Libera IRC #musl for helping finding this 7572 out. 7573 7574 Fixes #11882 7575 Fixes #11900 7576 Closes #11918 7577 7578- configure: sort AC_CHECK_FUNCS 7579 7580 No functional changes. 7581 7582Daniel Stenberg (25 Sep 2023) 7583 7584- warnless: remove unused functions 7585 7586 Previously put there for use with the intel compiler 7587 7588 Closes #11932 7589 7590- GHA/linux: run singleuse to detect single-use global functions 7591 7592 Use --unit for configure --enable-debug builds 7593 7594 Closes #11932 7595 7596- singleuse: add scan for use in other source codes 7597 7598 This should reduce false-positive to almost zero. Checks for presence in 7599 unit tests if --unit is specified, which is intended for debug builds 7600 where unit testing is enabled. 7601 7602 Closes #11932 7603 7604- multi: remove Curl_multi_dump 7605 7606 A debug-only function that is basically never used. Removed to ease the 7607 use of the singleuse script to detect non-static functions not used 7608 outside the file where it is defined. 7609 7610 Closes #11931 7611 7612Viktor Szakats (24 Sep 2023) 7613 7614- tests: fix compiler warnings 7615 7616 Seen with llvm 17 on Windows x64. 7617 7618 ``` 7619 .../curl/tests/server/rtspd.c:136:13: warning: no previous extern declaration 7620 for non-static variable 'logdir' [-Wmissing-variable-declarations] 7621 136 | const char *logdir = "log"; 7622 | ^ 7623 .../curl/tests/server/rtspd.c:136:7: note: declare 'static' if the variable i 7624 s not intended to be used outside of this translation unit 7625 136 | const char *logdir = "log"; 7626 | ^ 7627 .../curl/tests/server/rtspd.c:137:6: warning: no previous extern declaration 7628 for non-static variable 'loglockfile' [-Wmissing-variable-declarations] 7629 137 | char loglockfile[256]; 7630 | ^ 7631 .../curl/tests/server/rtspd.c:137:1: note: declare 'static' if the variable i 7632 s not intended to be used outside of this translation unit 7633 137 | char loglockfile[256]; 7634 | ^ 7635 .../curl/tests/server/fake_ntlm.c:43:13: warning: no previous extern declarat 7636 ion for non-static variable 'logdir' [-Wmissing-variable-declarations] 7637 43 | const char *logdir = "log"; 7638 | ^ 7639 .../curl/tests/server/fake_ntlm.c:43:7: note: declare 'static' if the variabl 7640 e is not intended to be used outside of this translation unit 7641 43 | const char *logdir = "log"; 7642 | ^ 7643 .../curl/src/tool_doswin.c:350:8: warning: possible misuse of comma operator 7644 here [-Wcomma] 7645 350 | ++d, ++s; 7646 | ^ 7647 .../curl/src/tool_doswin.c:350:5: note: cast expression to void to silence wa 7648 rning 7649 350 | ++d, ++s; 7650 | ^~~ 7651 | (void)( ) 7652 ``` 7653 7654 ``` 7655 .../curl/tests/libtest/lib540.c:146:27: warning: result of comparison 'long' 7656 > 2147483647 is always false [-Wtautological-type-limit-compare] 7657 146 | int itimeout = (L > (long)INT_MAX) ? INT_MAX : (int)L; 7658 | ~ ^ ~~~~~~~~~~~~~ 7659 1 warning generated. 7660 7661 .../curl/tests/libtest/libntlmconnect.c:195:31: warning: result of comparison 7662 'long' > 2147483647 is always false [-Wtautological-type-limit-compare] 7663 195 | int itimeout = (timeout > (long)INT_MAX) ? INT_MAX : (int)timeo 7664 ut; 7665 | ~~~~~~~ ^ ~~~~~~~~~~~~~ 7666 1 warning generated. 7667 7668 .../curl/tests/libtest/lib591.c:117:31: warning: result of comparison 'long' 7669 > 2147483647 is always false [-Wtautological-type-limit-compare] 7670 117 | int itimeout = (timeout > (long)INT_MAX) ? INT_MAX : (int)timeo 7671 ut; 7672 | ~~~~~~~ ^ ~~~~~~~~~~~~~ 7673 1 warning generated. 7674 .../curl/tests/libtest/lib597.c:99:31: warning: result of comparison 'long' > 7675 2147483647 is always false [-Wtautological-type-limit-compare] 7676 99 | int itimeout = (timeout > (long)INT_MAX) ? INT_MAX : (int)timeo 7677 ut; 7678 | ~~~~~~~ ^ ~~~~~~~~~~~~~ 7679 1 warning generated. 7680 ``` 7681 7682 Seen on macOS Intel: 7683 ``` 7684 .../curl/tests/server/sws.c:440:64: warning: field precision should have type 7685 'int', but argument has type 'size_t' (aka 'unsigned long') [-Wformat] 7686 msnprintf(logbuf, sizeof(logbuf), "Got request: %s %.*s HTTP/%d.%d" 7687 , 7688 ~~^~ 7689 1 warning generated. 7690 ``` 7691 7692 Closes #11925 7693 7694Jay Satiro (24 Sep 2023) 7695 7696- url: fix netrc info message 7697 7698 - Fix netrc info message to use the generic ".netrc" filename if the 7699 user did not specify a netrc location. 7700 7701 - Update --netrc doc to add that recent versions of curl on Windows 7702 prefer .netrc over _netrc. 7703 7704 Before: 7705 * Couldn't find host google.com in the (nil) file; using defaults 7706 7707 After: 7708 * Couldn't find host google.com in the .netrc file; using defaults 7709 7710 Closes https://github.com/curl/curl/pull/11904 7711 7712Dan Fandrich (23 Sep 2023) 7713 7714- wolfssh: do cleanup in Curl_ssh_cleanup 7715 7716 Closes: #11921 7717 7718Daniel Stenberg (24 Sep 2023) 7719 7720- tool_listhelp: regenerated 7721 7722 Polished the --ipfs-gateway description 7723 7724 Fixed the --trace-config description 7725 7726 The script also fixed some other small mistakes 7727 7728 Closes #11923 7729 7730Viktor Szakats (23 Sep 2023) 7731 7732- Makefile.mk: always set `CURL_STATICLIB` for lib (Windows) 7733 7734 Also fix to export all symbols in Windows debug builds, making 7735 `-debug-dyn` builds work with `-DCURL_STATICLIB` set. 7736 7737 Ref: https://github.com/curl/curl/pull/11914 (same for CMake) 7738 7739 Closes #11924 7740 7741Daniel Stenberg (23 Sep 2023) 7742 7743- quic: set ciphers/curves the same way regular TLS does 7744 7745 for OpenSSL/BoringSSL 7746 7747 Fixes #11796 7748 Reported-by: Karthikdasari0423 on github 7749 Assisted-by: Jay Satiro 7750 Closes #11836 7751 7752- test457: verify --max-filesize with chunked encoding 7753 7754- lib: let the max filesize option stop too big transfers too 7755 7756 Previously it would only stop them from getting started if the size is 7757 known to be too big then. 7758 7759 Update the libcurl and curl docs accordingly. 7760 7761 Fixes #11810 7762 Reported-by: Elliot Killick 7763 Assisted-by: Jay Satiro 7764 Closes #11820 7765 7766Viktor Szakats (23 Sep 2023) 7767 7768- mingw: delete support for legacy mingw.org toolchain 7769 7770 Drop support for "old" / "legacy" / "classic" / "v1" / "mingw32" MinGW: 7771 https://en.wikipedia.org/wiki/MinGW, https://osdn.net/projects/mingw/ 7772 Its homepage used to be http://mingw.org/ [no HTTPS], and broken now. 7773 It supported the x86 CPU only and used a old Windows API header and 7774 implib set, often causing issues. It also misses most modern Windows 7775 features, offering old versions of both binutils and gcc (no llvm/clang 7776 support). It was last updated 2 years ago. 7777 7778 curl now relies on toolchains based on the mingw-w64 project: 7779 https://www.mingw-w64.org/ https://sourceforge.net/projects/mingw-w64/ 7780 https://www.msys2.org/ https://github.com/msys2/msys2 7781 https://github.com/mstorsjo/llvm-mingw 7782 (Also available via Linux and macOS package managers.) 7783 7784 Closes #11625 7785 7786Mark Gaiser (23 Sep 2023) 7787 7788- curl: add support for the IPFS protocols: 7789 7790 - ipfs://<cid> 7791 - ipns://<cid> 7792 7793 This allows you tu use ipfs in curl like: 7794 curl ipfs://<cid> 7795 and 7796 curl ipns://<cid> 7797 7798 For more information consult the readme at: 7799 https://curl.se/docs/ipfs.html 7800 7801 Closes #8805 7802 7803Daniel Stenberg (23 Sep 2023) 7804 7805- bufq: remove Curl_bufq_skip_and_shift (unused) 7806 7807 Closes #11915 7808 7809- scripts/singleuse.pl: add curl_global_trace 7810 7811Viktor Szakats (22 Sep 2023) 7812 7813- cmake: fix unity symbol collisions in h2 builds 7814 7815 Regression from 331b89a319d0067fa1e6441719307cfef9c7960f 7816 7817 Reviewed-by: Daniel Stenberg 7818 Reviewed-by: Jay Satiro 7819 Closes #11912 7820 7821Daniel Stenberg (22 Sep 2023) 7822 7823- RELEASE-NOTES: synced 7824 7825Dan Fandrich (21 Sep 2023) 7826 7827- github/labeler: improve the match patterns 7828 7829 This includes new rules for setting the appleOS and logging labels and 7830 matches on some example files. Also, enable dot mode for wildcard 7831 matches in the .github directory. 7832 7833Daniel Stenberg (21 Sep 2023) 7834 7835- upload-file.d: describe the file name slash/backslash handling 7836 7837 Closes #11911 7838 7839Jakub Jelen (21 Sep 2023) 7840 7841- libssh: cap SFTP packet size sent 7842 7843 Due to libssh limitations 7844 7845 Signed-off-by: Jakub Jelen <jjelen@redhat.com> 7846 7847 Closes #11804 7848 7849Daniel Stenberg (21 Sep 2023) 7850 7851- curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0 7852 7853 Closes #11905 7854 7855- mailmap: unify Michael Osipov under a single email 7856 7857Ted Lyngmo (21 Sep 2023) 7858 7859- docs: use CURLSSLBACKEND_NONE 7860 7861 [ssl] use CURLSSLBACKEND_NONE instead of (curl_sslbackend)-1 in 7862 documentation and examples. 7863 7864 Signed-off-by: Ted Lyngmo <ted@lyncon.se> 7865 7866 Closes #11909 7867 7868Dan Fandrich (21 Sep 2023) 7869 7870- github/labeler: give the sync-labels config item a default value 7871 7872 This shouldn't be necessary and is likely a bug with this beta version 7873 of the labeller. 7874 7875 Also, fix the negative matches for the documentation label. 7876 7877 Follow-up to dd12b452a 7878 Closes #11907 7879 7880- github/labeler: fix up more the labeler config format 7881 7882 The new version didn't like the workaround we had for a bug in the 7883 previous labeler version, and it should no longer be needed. 7884 7885 Follow-up to dd12b452a 7886 Closes #11906 7887 7888- github/labeler: fix indenting to try to appease labeller 7889 7890 Follow-up to dd12b452a 7891 7892Jay Satiro (21 Sep 2023) 7893 7894- libssh2: fix error message on failed pubkey-from-file 7895 7896 - If libssh2_userauth_publickey_fromfile_ex returns -1 then show error 7897 message "SSH public key authentication failed: Reason unknown (-1)". 7898 7899 When libssh2_userauth_publickey_fromfile_ex returns -1 it does so as a 7900 generic error and therefore doesn't set an error message. AFAICT that is 7901 not documented behavior. 7902 7903 Prior to this change libcurl retrieved the last set error message which 7904 would be from a previous function failing. That resulted in misleading 7905 auth failed error messages in verbose mode. 7906 7907 Bug: https://github.com/curl/curl/issues/11837#issue-1891827355 7908 Reported-by: consulion@users.noreply.github.com 7909 7910 Closes https://github.com/curl/curl/pull/11881 7911 7912Stefan Eissing (21 Sep 2023) 7913 7914- pytest: exclude test_03_goaway in CI runs due to timing dependency 7915 7916 Closes #11860 7917 7918- lib: disambiguate Curl_client_write flag semantics 7919 7920 - use CLIENTWRITE_BODY *only* when data is actually body data 7921 - add CLIENTWRITE_INFO for meta data that is *not* a HEADER 7922 - debug assertions that BODY/INFO/HEADER is not used mixed 7923 - move `data->set.include_header` check into Curl_client_write 7924 so protocol handlers no longer have to care 7925 - add special in FTP for `data->set.include_header` for historic, 7926 backward compatible reasons 7927 - move unpausing of client writes from easy.c to sendf.c, so that 7928 code is in one place and can forward flags correctly 7929 7930 Closes #11885 7931 7932Patrick Monnerat (21 Sep 2023) 7933 7934- tftpd: always use curl's own tftp.h 7935 7936 Using the system's provided arpa/tftp.h and optimizing, GCC 12 detects 7937 and reports a stringop-overread warning: 7938 7939 tftpd.c: In function ‘write_behind.isra’: 7940 tftpd.c:485:12: warning: ‘write’ reading between 1 and 2147483647 bytes f 7941 rom a region of size 0 [-Wstringop-overread] 7942 485 | return write(test->ofile, writebuf, count); 7943 | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 7944 In file included from tftpd.c:71: 7945 /usr/include/arpa/tftp.h:58:30: note: source object ‘tu_data’ of size 0 7946 58 | char tu_data[0]; /* data or error stri 7947 ng */ 7948 | ^~~~~~~ 7949 7950 This occurs because writebuf points to this field and the latter 7951 cannot be considered as being of dynamic length because it is not 7952 the last field in the structure. Thus it is bound to its declared 7953 size. 7954 7955 This commit always uses curl's own version of tftp.h where the 7956 target field is last in its structure, effectively avoiding the 7957 warning. 7958 7959 As HAVE_ARPA_TFTP_H is not used anymore, cmake/configure checks for 7960 arpa/tftp.h are removed. 7961 7962 Closes #11897 7963 7964Dan Fandrich (20 Sep 2023) 7965 7966- test1474: make precheck more robust on non-Solaris systems 7967 7968 If uname -r returns something odd, perl could return an error code and 7969 the test would be erroneously skipped. The qx// syntax avoid this. 7970 7971 Followup to 08f9b2148 7972 7973- github/labeler: switch to the 5 beta version 7974 7975 This version adds an important feature that will allow more PRs to be 7976 labelled. Rather than being limited to labeling PRs with files that 7977 match a single glob, it can now label them if multiple changed files 7978 match any one of a number of globs. 7979 7980Daniel Stenberg (20 Sep 2023) 7981 7982- lib: enable hmac for digest as well 7983 7984 Previously a build that disabled NTLM and aws-sigv4 would fail to build 7985 since the hmac was disabled, but it is also needed for digest auth. 7986 7987 Follow-up to e92edfbef64448ef 7988 7989 Fixes #11890 7990 Reported-by: Aleksander Mazur 7991 Closes #11896 7992 7993- idn: if idn2_check_version returns NULL, return error 7994 7995 ... this avoids a NULL dereference for this unusual case. 7996 7997 Reported-by: s0urc3_ on hackerone 7998 Closes #11898 7999 8000- http: fix CURL_DISABLE_BEARER_AUTH breakage 8001 8002 When bearer auth was disabled, the if/else logic got wrong and caused 8003 problems. 8004 8005 Follow-up to e92edfbef64448ef461 8006 Fixes #11892 8007 Reported-by: Aleksander Mazur 8008 Closes #11895 8009 8010Michael Osipov (20 Sep 2023) 8011 8012- wolfssl: allow capath with CURLOPT_CAINFO_BLOB 8013 8014 Remain consistent with OpenSSL. While CAfile is nulled as documented 8015 with CURLOPT_CAINFO_BLOB, CApath remains intact. 8016 8017 Closes #11886 8018 8019- wolfssl: use ssl_cafile/ssl_capath variables consistent with openssl.c 8020 8021 Closes #11886 8022 8023Dan Fandrich (19 Sep 2023) 8024 8025- test1474: disable test on NetBSD, OpenBSD and Solaris 10 8026 8027 These kernels only send a fraction of the requested amount of the first 8028 large block, invalidating the assumptions of the test and causing it to 8029 fail. 8030 8031 Assisted-by: Christian Weisgerber 8032 Ref: https://curl.se/mail/lib-2023-09/0021.html 8033 Closes #11888 8034 8035Ryan Schmidt (20 Sep 2023) 8036 8037- cmake, configure: also link with CoreServices 8038 8039 When linking with CoreFoundation, also link with CoreServices which is 8040 apparently required to avoid an NSInvalidArgumentException in software 8041 linking with libcurl on macOS Sonoma 14 and later. 8042 8043 Fixes #11893 8044 Closes #11894 8045 8046Marc Hoersken (19 Sep 2023) 8047 8048- CI/azure: remove pip, wheel, cryptography, pyopenssl and impacket 8049 8050 These dependencies are now already included in the Docker image. 8051 8052 Ref: https://github.com/mback2k/curl-docker-winbuildenv/commit/2607a31bcab544 8053 b41d15606e97f38cf312c1ce56 8054 8055 Closes #11889 8056 8057Daniel Stenberg (19 Sep 2023) 8058 8059- wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files 8060 8061 Ref: #11883 8062 Reported-by: Michael Osipov 8063 Closes #11884 8064 8065- RELEASE-NOTES: synced 8066 8067- test3103: CURLOPT_COOKIELIST test 8068 8069- cookie: set ->running in cookie_init even if data is NULL 8070 8071 This is a regression introduced in b1b326ec500 (shipped in curl 8.1.0) 8072 8073 Test 3103 verifies. 8074 8075 Fixes #11875 8076 Reported-by: wangp on github 8077 Closes #11876 8078 8079- test498: total header size for all redirects is larger than accepted 8080 8081- http: use per-request counter to check too large headers 8082 8083 Not the counter that accumulates all headers over all redirects. 8084 8085 Follow-up to 3ee79c1674fd6 8086 8087 Do a second check for 20 times the limit for the accumulated size for 8088 all headers. 8089 8090 Fixes #11871 8091 Reported-by: Joshix-1 on github 8092 Closes #11872 8093 8094Jay Satiro (18 Sep 2023) 8095 8096- THANKS: add Eric Murphy 8097 8098 He reported #11850 (quiche build error) but I forgot to add a 8099 'reported-by' entry in the fix 267e14f1. 8100 8101Daniel Stenberg (18 Sep 2023) 8102 8103- h2-proxy: remove left-over mistake in drain_tunnel() 8104 8105 Left-over from 331b89a319 8106 8107 Reported-by: 南宫雪珊 8108 8109 Closes https://github.com/curl/curl/pull/11877 8110 8111vvb2060 (18 Sep 2023) 8112 8113- lib: failf/infof compiler warnings 8114 8115 Closes #11874 8116 8117Daniel Stenberg (17 Sep 2023) 8118 8119- rand: fix 'alnum': array is too small to include a terminating null character 8120 8121 It was that small on purpose, but this change now adds the null byte to 8122 avoid the error. 8123 8124 Follow-up to 3aa3cc9b052353b1 8125 8126 Reported-by: Dan Fandrich 8127 Ref: #11838 8128 Closes #11870 8129 8130Mathias Fuchs (16 Sep 2023) 8131 8132- cmake: fix the help text to the static build option in CMakeLists.txt 8133 8134 Closes #11843 8135 8136John Haugabook (16 Sep 2023) 8137 8138- MANUAL.md: change domain to example.com 8139 8140 Closes #11866 8141 8142Daniel Stenberg (16 Sep 2023) 8143 8144- doh: inherit DEBUGFUNCTION/DATA 8145 8146 When creating new transfers for doing DoH, they now inherit the debug 8147 settings from the initiating transfer, so that the application can 8148 redirect and handle the verbose output correctly even for the DoH 8149 transfers. 8150 8151 Reported-by: calvin2021y on github 8152 Fixes #11864 8153 Closes #11869 8154 8155Dan Fandrich (16 Sep 2023) 8156 8157- http_aws_sigv4: fix sorting with empty parts 8158 8159 When comparing with an empty part, the non-empty one is always 8160 considered greater-than. Previously, the two would be considered equal 8161 which would randomly place empty parts amongst non-empty ones. This 8162 showed as a test 439 failure on Solaris as it uses a different 8163 implementation of qsort() that compares parts differently. 8164 8165 Fixes #11855 8166 Closes #11868 8167 8168- CI: ignore the "flaky" and "timing-dependent" test results 8169 8170 CI builds will now run these tests, but will ignore the results if they 8171 fail. The relevant tests are ones that are sensitive to timing or 8172 have edge conditions that make them more likely to fail on CI servers, 8173 which are often heavily overloaded and slow. 8174 8175 This change only adds two additional tests to be ignored, since the 8176 others already had the flaky keyword. 8177 8178 Closes #11865 8179 8180- runtests: eliminate a warning on old perl versions 8181 8182 The warning "Use of implicit split to @_ is deprecated" showed between 8183 perl versions about 5.8 through 5.11. 8184 8185- tests: log the test result code after each libtest 8186 8187 This makes it easier to determine the test status. Also, capitalize 8188 FAILURE and ABORT messages in log lines to make them easier to spot. 8189 8190Harry Sintonen (16 Sep 2023) 8191 8192- misc: better random strings 8193 8194 Generate alphanumerical random strings. 8195 8196 Prior this change curl used to create random hex strings. This was 8197 mostly okay, but having alphanumerical random strings is better: The 8198 strings have more entropy in the same space. 8199 8200 The MIME multipart boundary used to be mere 64-bits of randomness due 8201 to being 16 hex chars. With these changes the boundary is 22 8202 alphanumerical chars, or little over 130 bits of randomness. 8203 8204 Closes #11838 8205 8206Daniel Stenberg (15 Sep 2023) 8207 8208- cookie: reduce variable scope, add const 8209 8210- cookie: do not store the expire or max-age strings 8211 8212 Convert it to an expire time at once and save memory. 8213 8214 Closes #11862 8215 8216- cookie: remove unnecessary struct fields 8217 8218 Plus: reduce the hash table size from 256 to 63. It seems unlikely to 8219 make much of a speed difference for most use cases but saves 1.5KB of 8220 data per instance. 8221 8222 Closes #11862 8223 8224- RELEASE-NOTES: synced 8225 8226 Bumped to 8.4.0, the next presumed version 8227 8228Dan Fandrich (14 Sep 2023) 8229 8230- test2600: remove special case handling for USE_ALARM_TIMEOUT 8231 8232 This was originally added to handle platforms that supported only 1 8233 second granularity in connect timeouts, but after some recent changes 8234 the test currently permafails on several Windows platforms. 8235 8236 The need for this special-case was removed in commit 8627416, which 8237 increased the connect timeout in all cases to well above 1 second. 8238 8239 Fixes #11767 8240 Closes #11849 8241 8242Daniel Stenberg (14 Sep 2023) 8243 8244- SECURITY-PROCESS.md. call it vulnerability disclosure policy 8245 8246 SECURITY-PROCESS.md -> VULN-DISCLOSURE-POLICY.md 8247 8248 This a name commonly used for a document like this. This name helps 8249 users find it. 8250 8251 Closes #11852 8252 8253Junho Choi (14 Sep 2023) 8254 8255- quiche: fix build error with --with-ca-fallback 8256 8257 - Fix build error when curl is built with --with-quiche 8258 and --with-ca-fallback. 8259 8260 - Add --with-ca-fallback to the quiche CI job. 8261 8262 Fixes https://github.com/curl/curl/issues/11850 8263 Closes https://github.com/curl/curl/pull/11847 8264 8265Jay Satiro (14 Sep 2023) 8266 8267- escape: replace Curl_isunreserved with ISUNRESERVED 8268 8269 - Use the ALLCAPS version of the macro so that it is clear a macro is 8270 being called that evaluates the variable multiple times. 8271 8272 - Also capitalize macro isurlpuntcs => ISURLPUNTCS since it evaluates 8273 a variable multiple times. 8274 8275 This is a follow-up to 291d225a which changed Curl_isunreserved into an 8276 alias macro for ISUNRESERVED. The problem is the former is not easily 8277 identified as a macro by the caller, which could lead to a bug. 8278 8279 For example, ISUNRESERVED(*foo++) is easily identifiable as wrong but 8280 Curl_isunreserved(*foo++) is not even though they both are the same. 8281 8282 Closes https://github.com/curl/curl/pull/11846 8283 8284Dan Fandrich (13 Sep 2023) 8285 8286- tests: increase the default server logs lock timeout 8287 8288 This timeout is used to wait for the server to finish writing its logs 8289 before checking them against the expected values. An overloaded machine 8290 could take more than the two seconds previously allocated, so increase 8291 the timeout to 5 seconds. 8292 8293 Ref: #11328 8294 Closes #11834 8295 8296- tests: increase TEST_HANG_TIMEOUT in two tests 8297 8298 These tests had a 5 second timeout compared to 60 seconds for all other 8299 tests. Make these consistent with the others for more reliability on 8300 heavily-loaded machines. 8301 8302 Ref: #11328 8303 8304- test1056: disable on Windows 8305 8306 This test relies on the IPv6 scope field being ignored when connecting to 8307 ipv6-localhost (i.e. [::1%259999] is treated as [::1]). Maybe this is a bit 8308 dodgy, but it works on all our test platforms except Windows. This 8309 test was disabled manually on all Windows CI builds already, so instead 8310 add an incompatible feature and precheck so it's skipped on Windows 8311 everywhere automatically. 8312 8313- test587: add a slight delay after test 8314 8315 This test is designed to connect to the server, then immediately send a 8316 few bytes and disconnect. In some situations, such as on a loaded 8317 server, this doesn't give the server enough time to write its lock file 8318 before its existence is checked. The test harness then fails to find the 8319 server's input log file (because it hasn't been written yet) and fails 8320 the test. By adding a short delay after the test, the HTTP server has 8321 enough time to write its lock file which gives itself more time to write 8322 its remaining files. 8323 8324 Ref: #11328 8325 8326- tests: stop overriding the lock timeout 8327 8328 These tests reduce the server lock wait timeout which can increase 8329 flakiness on loaded machines. Since this is merely an optimization, 8330 eliminate them in favour of reliability. 8331 8332 Ref: #11328 8333 8334- tests: add some --expect100-timeout to reduce timing dependencies 8335 8336 These tests can fail when the test machine is so slow that the test HTTP 8337 server didn't get a chance to complete before the client's one second 8338 100-continue timeout triggered. Increase that 1 second to 999 seconds so 8339 this situation doesn't happen. 8340 8341 Ref: #11328 8342 8343- test661: return from test early in case of curl error 8344 8345- tests: add the timing-dependent keyword on several tests 8346 8347 These are ones likely to fail on heavily-loaded machines that alter the 8348 normal test timing. Most of these tests already had the flaky keyword 8349 since this condition makes them more likely to fail on CI. 8350 8351- test1592: greatly increase the maximum test timeout 8352 8353 It was too short to be reliable on heavily loaded CI machines, and 8354 as a fail-safe only, it didn't need to be short. 8355 8356 Ref: #11328 8357 8358- test: minor test cleanups 8359 8360 Remove an obsolete block of code in tests 2032 & 576. 8361 Add a comment in test 1474. 8362 8363- tests: quadruple the %FTPTIME2 and %FTPTIME3 timeouts 8364 8365 This gives more of a margin for error when running on overloaded CI 8366 servers. 8367 8368 Ref: #11328 8369 8370- tests: improve SLOWDOWN test reliability by reducing sent data 8371 8372 These tests are run in SLOWDOWN mode which adds a 10 msec delay after 8373 each character output, which means it takes at least 1.6 seconds (and 8374 320 kernel calls) just to get through the long welcome banner. On an 8375 overloaded system, this can end up taking much more than 1.6 seconds, 8376 and even more than the 7 or 16 second curl timeout that the tests rely 8377 on, causing them to fail. Reducing the size of the welcome banner drops 8378 the total number of characters sent before the transfer starts by more 8379 than half, which reduces the opportunity for test-breaking slowdowns by 8380 the same amount. 8381 8382 Ref: #11328 8383 8384- test650: fix an end tag typo 8385 8386Jay Satiro (13 Sep 2023) 8387 8388- tool_cb_wrt: fix debug assertion 8389 8390 - Fix off-by-one out-of-bounds array index in Windows debug assertion. 8391 8392 Bug: https://github.com/curl/curl/commit/af3f4e41#r127212213 8393 Reported-by: Gisle Vanem 8394 8395Daniel Stenberg (13 Sep 2023) 8396 8397- ctype: add ISUNRESERVED() 8398 8399 ... and make Curl_isunreserved() use that macro instead of providing a 8400 separate funtion for the purpose. 8401 8402 Closes #11840 8403 8404Version 8.3.0 (13 Sep 2023) 8405 8406Daniel Stenberg (13 Sep 2023) 8407 8408- RELEASE-NOTES: syn ced 8409 8410 curl 8.3.0 release 8411 8412- THANKS: contributors from 8.3.0 8413 8414Thorsten Klein (12 Sep 2023) 8415 8416- cmake: set SIZEOF_LONG_LONG in curl_config.h 8417 8418 in order to support 32bit builds regarding wolfssl CTC_SETTINGS 8419 8420 Closes #11839 8421 8422Jay Satiro (12 Sep 2023) 8423 8424- curl_ngtcp2: fix error message 8425 8426- http_aws_sigv4: handle no-value user header entries 8427 8428 - Handle user headers in format 'name:' and 'name;' with no value. 8429 8430 The former is used when the user wants to remove an internal libcurl 8431 header and the latter is used when the user actually wants to send a 8432 no-value header in the format 'name:' (note the semi-colon is converted 8433 by libcurl to a colon). 8434 8435 Prior to this change the AWS header import code did not special case 8436 either of those and the generated AWS SignedHeaders would be incorrect. 8437 8438 Reported-by: apparentorder@users.noreply.github.com 8439 8440 Ref: https://curl.se/docs/manpage.html#-H 8441 8442 Fixes https://github.com/curl/curl/issues/11664 8443 Closes https://github.com/curl/curl/pull/11668 8444 8445Dan Fandrich (11 Sep 2023) 8446 8447- CI: run pytest with the -v option 8448 8449 This lists of the test cases being run so it can be tracked over time. 8450 8451 Closes #11824 8452 8453Daniel Stenberg (11 Sep 2023) 8454 8455- HTTP3: the msquic backend is not functional 8456 8457 I ask that we do not submit bugs for this backend just yet as we know it 8458 does not fully work. 8459 8460 Closes #11831 8461 Closes #11819 8462 8463- aws_sigv4: the query canon code miscounted URL encoded input 8464 8465 Added some extra ampersands to test 439 to verify "blank" query parts 8466 8467 Follow-up to fc76a24c53b08cdf 8468 8469 Closes #11829 8470 8471vvb2060 (11 Sep 2023) 8472 8473- quic: don't set SNI if hostname is an IP address 8474 8475 We already do this for TLS connections. 8476 8477 RFC 6066 says: Literal IPv4 and IPv6 addresses are not permitted in 8478 "HostName". 8479 8480 Ref: https://www.rfc-editor.org/rfc/rfc6066#section-3 8481 8482 Fixes https://github.com/curl/curl/issues/11827 8483 Closes https://github.com/curl/curl/pull/11828 8484 8485Daniel Stenberg (10 Sep 2023) 8486 8487- RELEASE-NOTES: synced 8488 8489Benoit Pierre (10 Sep 2023) 8490 8491- configure: fix `HAVE_TIME_T_UNSIGNED` check 8492 8493 The syntax was incorrect (need a proper main body), and the test 8494 condition was wrong (resulting in a signed `time_t` detected as 8495 unsigned). 8496 8497 Closes #11825 8498 8499Daniel Stenberg (9 Sep 2023) 8500 8501- THANKS-filter: pszlazak on github 8502 8503pszlazak (9 Sep 2023) 8504 8505- include.d: explain headers not printed with --fail before 7.75.0 8506 8507 Prior to 7.75.0 response headers were not printed if -f/--fail was used 8508 and an error was reported by server. This was fixed in ab525c0 8509 (precedes 7.75.0). 8510 8511 Closes #11822 8512 8513Daniel Stenberg (8 Sep 2023) 8514 8515- http_aws_sigv4: skip the op if the query pair is zero bytes 8516 8517 Follow-up to fc76a24c53b08cdf 8518 8519 Spotted by OSS-Fuzz 8520 8521 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62175 8522 Closes #11823 8523 8524- cmdline-docs: use present tense, not future 8525 8526 + some smaller cleanups 8527 8528 Closes #11821 8529 8530- cmdline-docs: make sure to phrase it as "added in ...." 8531 8532 References to things that were added or changed in a specific version 8533 should be specified as "(added in [version]) for two reasons: 8534 8535 1 - consistency 8536 8537 2 - to allow gen.pl to strip them out if deemed referring to too old 8538 versions 8539 8540 Closes #11821 8541 8542Jay Satiro (8 Sep 2023) 8543 8544- docs: mark --ssl-revoke-best-effort as Schannel specific 8545 8546 Closes https://github.com/curl/curl/pull/11760 8547 8548Nathan Moinvaziri (8 Sep 2023) 8549 8550- schannel: fix ordering of cert chain info 8551 8552 - Use CERT_CONTEXT's pbCertEncoded to determine chain order. 8553 8554 CERT_CONTEXT from SECPKG_ATTR_REMOTE_CERT_CONTEXT contains 8555 end-entity/server certificate in pbCertEncoded. We can use this pointer 8556 to determine the order of certificates when enumerating hCertStore using 8557 CertEnumCertificatesInStore. 8558 8559 This change is to help ensure that the ordering of the certificate chain 8560 requested by the user via CURLINFO_CERTINFO has the same ordering on all 8561 versions of Windows. 8562 8563 Prior to this change Schannel certificate order was reversed in 8986df80 8564 but that was later reverted in f540a39b when it was discovered that 8565 Windows 11 22H2 does the reversal on its own. 8566 8567 Ref: https://github.com/curl/curl/issues/9706 8568 8569 Closes https://github.com/curl/curl/pull/11632 8570 8571Chris Talbot (8 Sep 2023) 8572 8573- digest: Use hostname to generate spn instead of realm 8574 8575 In https://www.rfc-editor.org/rfc/rfc2831#section-2.1.2 8576 8577 digest-uri-value should be serv-type "/" host , where host is: 8578 8579 The DNS host name or IP address for the service requested. The 8580 DNS host name must be the fully-qualified canonical name of the 8581 host. The DNS host name is the preferred form; see notes on server 8582 processing of the digest-uri. 8583 8584 Realm may not be the host, so we must specify the host explicitly. 8585 8586 Note this change only affects the non-SSPI digest code. The digest code 8587 used by SSPI builds already uses the hostname to generate the spn. 8588 8589 Ref: https://github.com/curl/curl/issues/11369 8590 8591 Closes https://github.com/curl/curl/pull/11395 8592 8593Daniel Stenberg (7 Sep 2023) 8594 8595- docs: remove use of the word 'very' 8596 8597 It is mostly superfluous. proselint would complain. 8598 8599 Closes #11818 8600 8601- curl_multi_remove_handle.3: clarify what happens with connection 8602 8603 Closes #11817 8604 8605- RELEASE-NOTES: synced 8606 8607- test439: verify query canonization for aws-sigv4 8608 8609- tool_operate: make aws-sigv4 not require TLS to be used 8610 8611 Maybe not used too often, but we want it for testing and it should work. 8612 8613- http_aws_sigv4: canonicalize the query 8614 8615 Percent encoding needs to be done using uppercase, and most 8616 non-alphanumerical must be percent-encoded. 8617 8618 Fixes #11794 8619 Reported-by: John Walker 8620 Closes #11806 8621 8622Wyatt O'Day (7 Sep 2023) 8623 8624- lib: add ability to disable auths individually 8625 8626 Both with configure and cmake 8627 8628 Closes #11490 8629 8630Stefan Eissing (7 Sep 2023) 8631 8632- ngtcp2: fix handling of large requests 8633 8634 - requests >64K are send in parts to the filter 8635 - fix parsing of the request to assemble it correctly 8636 from several sends 8637 - open a QUIC stream only when the complete request has 8638 been collected 8639 8640 Closes #11815 8641 8642- openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before 8643 8644 - we delay loading the x509 store to shorten the handshake time. 8645 However an application callback installed via CURLOPT_SSL_CTX_FUNCTION 8646 may need to have the store loaded and try to manipulate it. 8647 - load the x509 store before invoking the app callback 8648 8649 Fixes #11800 8650 Reported-by: guoxinvmware on github 8651 Cloes #11805 8652 8653Daniel Stenberg (7 Sep 2023) 8654 8655- krb5: fix "implicit conversion loses integer precision" warnings 8656 8657 conversions to/from enum and unsigned chars 8658 8659 Closes #11814 8660 8661Stefan Eissing (7 Sep 2023) 8662 8663- pytest: improvements 8664 8665 - set CURL_CI for pytest runs in CI environments 8666 - exclude timing sensitive tests from CI runs 8667 - for failed results, list only the log and stat of 8668 the failed transfer 8669 8670 - fix type in http.c comment 8671 8672 Closes #11812 8673 8674- CI: move on to ngtcp2 v0.19.1 8675 8676 Closes #11809 8677 8678Dan Fandrich (5 Sep 2023) 8679 8680- CI: run Circle macOS builds on x86 for now 8681 8682 The ARM machines aren't ready for us and requesting them now causes 8683 warnings e-mails to be sent to some PR pushers. 8684 8685 Ref: #11771 8686 8687Viktor Szakats (5 Sep 2023) 8688 8689- http3: adjust cast for ngtcp2 v0.19.0 8690 8691 ngtcp2 v0.19.0 made size of `ecn` member of `ngtcp2_pkt_info` 8692 an `uint8_t` (was: `uint32_t`). Adjust our local cast accordingly. 8693 8694 Fixes: 8695 ``` 8696 ./curl/lib/vquic/curl_ngtcp2.c:1912:12: warning: implicit conversion loses in 8697 teger precision: 'uint32_t' (aka 'unsigned int') to 'uint8_t' (aka 'unsigned 8698 char') [-Wimplicit-int-conversion] 8699 pi.ecn = (uint32_t)ecn; 8700 ~ ^~~~~~~~~~~~~ 8701 ``` 8702 8703 Also bump ngtcp2, nghttp3 and nghttp2 to their latest versions in our 8704 docs and CI. 8705 8706 Ref: https://github.com/ngtcp2/ngtcp2/commit/80447281bbc94af53f8aa7a4cfc19175 8707 782894a3 8708 Ref: https://github.com/ngtcp2/ngtcp2/pull/877 8709 Closes #11798 8710 8711Stefan Eissing (5 Sep 2023) 8712 8713- http: fix sending of large requests 8714 8715 - refs #11342 where errors with git https interactions 8716 were observed 8717 - problem was caused by 1st sends of size larger than 64KB 8718 which resulted in later retries of 64KB only 8719 - limit sending of 1st block to 64KB 8720 - adjust h2/h3 filters to cope with parsing the HTTP/1.1 8721 formatted request in chunks 8722 8723 - introducing Curl_nwrite() as companion to Curl_write() 8724 for the many cases where the sockindex is already known 8725 8726 Fixes #11342 (again) 8727 Closes #11803 8728 8729- pytest: fix check for slow_network skips to only apply when intended 8730 8731 Closes #11801 8732 8733Daniel Stenberg (5 Sep 2023) 8734 8735- curl_url_get/set.3: add missing semicolon in SYNOPSIS 8736 8737- CURLOPT_URL.3: explain curl_url_set() uses the same parser 8738 8739- CURLOPT_URL.3: add two URL API calls in the see-also section 8740 8741Dan Fandrich (4 Sep 2023) 8742 8743- CI: add a 32-bit i686 Linux build 8744 8745 This is done by cross-compiling under regular x86_64 Linux. Since the 8746 kernel offers backwards compatibility, the binaries can be tested as 8747 normal. 8748 8749 Closes #11799 8750 8751- tests: fix a type warning on 32-bit x86 8752 8753Viktor Szakats (4 Sep 2023) 8754 8755- tests: delete stray `.orig` file 8756 8757 Follow-up to 331b89a319d0067fa1e6441719307cfef9c7960f 8758 Closes #11797 8759 8760Daniel Stenberg (4 Sep 2023) 8761 8762- RELEASE-NOTES: synced 8763 8764Viktor Szakats (4 Sep 2023) 8765 8766- lib: silence compiler warning in inet_ntop6 8767 8768 ``` 8769 ./curl/lib/inet_ntop.c:121:21: warning: possible misuse of comma operator her 8770 e [-Wcomma] 8771 cur.base = i, cur.len = 1; 8772 ^ 8773 ./curl/lib/inet_ntop.c:121:9: note: cast expression to void to silence warnin 8774 g 8775 cur.base = i, cur.len = 1; 8776 ^~~~~~~~~~~~ 8777 (void)( ) 8778 ``` 8779 8780 Closes #11790 8781 8782Daniel Stenberg (4 Sep 2023) 8783 8784- transfer: also stop the sending on closed connection 8785 8786 Previously this cleared the receiving bit only but in some cases it is 8787 also still sending (like a request-body) when disconnected and neither 8788 direction can continue then. 8789 8790 Fixes #11769 8791 Reported-by: Oleg Jukovec 8792 Closes #11795 8793 8794John Bampton (4 Sep 2023) 8795 8796- docs: change `sub-domain` to `subdomain` 8797 8798 https://en.wikipedia.org/wiki/Subdomain 8799 8800 Closes #11793 8801 8802Stefan Eissing (4 Sep 2023) 8803 8804- multi: more efficient pollfd count for poll 8805 8806 - do not use separate pollfds for sockets that have POLLIN+POLLOUT 8807 8808 Closes #11792 8809 8810- http2: polish things around POST 8811 8812 - added test cases for various code paths 8813 - fixed handling of blocked write when stream had 8814 been closed inbetween attempts 8815 - re-enabled DEBUGASSERT on send with smaller data size 8816 8817 - in debug builds, environment variables can be set to simulate a slow 8818 network when sending data. cf-socket.c and vquic.c support 8819 * CURL_DBG_SOCK_WBLOCK: percentage of send() calls that should be 8820 answered with a EAGAIN. TCP/UNIX sockets. 8821 This is chosen randomly. 8822 * CURL_DBG_SOCK_WPARTIAL: percentage of data that shall be written 8823 to the network. TCP/UNIX sockets. 8824 Example: 80 means a send with 1000 bytes would only send 800 8825 This is applied to every send. 8826 * CURL_DBG_QUIC_WBLOCK: percentage of send() calls that should be 8827 answered with EAGAIN. QUIC only. 8828 This is chosen randomly. 8829 8830 Closes #11756 8831 8832Daniel Stenberg (4 Sep 2023) 8833 8834- docs: add curl_global_trace to some SEE ALSO sections 8835 8836 Closes #11791 8837 8838- os400: fix checksrc nits 8839 8840 Closes #11789 8841 8842Nicholas Nethercote (3 Sep 2023) 8843 8844- hyper: remove `hyptransfer->endtask` 8845 8846 `Curl_hyper_stream` needs to distinguish between two kinds of 8847 `HYPER_TASK_EMPTY` tasks: (a) the `foreach` tasks it creates itself, and 8848 (b) background tasks that hyper produces. It does this by recording the 8849 address of any `foreach` task in `hyptransfer->endtask` before pushing 8850 it into the executor, and then comparing that against the address of 8851 tasks later polled out of the executor. 8852 8853 This works right now, but there is no guarantee from hyper that the 8854 addresses are stable. `hyper_executor_push` says "The executor takes 8855 ownership of the task, which should not be accessed again unless 8856 returned back to the user with `hyper_executor_poll`". That wording is a 8857 bit ambiguous but with my Rust programmer's hat on I read it as meaning 8858 the task returned with `hyper_executor_poll` may be conceptually the 8859 same as a task that was pushed, but that there are no other guarantees 8860 and comparing addresses is a bad idea. 8861 8862 This commit instead uses `hyper_task_set_userdata` to mark the `foreach` 8863 task with a `USERDATA_RESP_BODY` value which can then be checked for, 8864 removing the need for `hyptransfer->endtask`. This makes the code look 8865 more like that hyper C API examples, which use userdata for every task 8866 and never look at task addresses. 8867 8868 Closes #11779 8869 8870Dave Cottlehuber (3 Sep 2023) 8871 8872- ws: fix spelling mistakes in examples and tests 8873 8874 Closes #11784 8875 8876Daniel Stenberg (3 Sep 2023) 8877 8878- tool_filetime: make -z work with file dates before 1970 8879 8880 Fixes #11785 8881 Reported-by: Harry Sintonen 8882 Closes #11786 8883 8884Dan Fandrich (1 Sep 2023) 8885 8886- build: fix portability of mancheck and checksrc targets 8887 8888 At least FreeBSD preserves cwd across makefile lines, so rules 8889 consisting of more than one "cd X; do_something" must be explicitly run 8890 in a subshell to avoid this. This problem caused the Cirrus FreeBSD 8891 build to fail when parallel make jobs were enabled. 8892 8893- CI: adjust labeler match patterns for new & obsolete files 8894 8895- configure: trust pkg-config when it's used for zlib 8896 8897 The library flags retrieved from pkg-config were later thrown out and 8898 harded-coded, which negates the whole reason to use pkg-config. 8899 Also, previously, the assumption was made that --libs-only-l and 8900 --libs-only-L are the full decomposition of --libs, which is untrue and 8901 would not allow linking against a static zlib. The new approach is 8902 better in that it uses --libs, although only if --libs-only-l returns 8903 nothing. 8904 8905 Bug: https://curl.se/mail/lib-2023-08/0081.html 8906 Reported-by: Randall 8907 Closes #11778 8908 8909Stefan Eissing (1 Sep 2023) 8910 8911- CI/ngtcp2: clear wolfssl for when cache is ignored 8912 8913 Closes #11783 8914 8915Daniel Stenberg (1 Sep 2023) 8916 8917- RELEASE-NOTES: synced 8918 8919Nicholas Nethercote (1 Sep 2023) 8920 8921- hyper: fix a progress upload counter bug 8922 8923 `Curl_pgrsSetUploadCounter` should be a passed a total count, not an 8924 increment. 8925 8926 This changes the failing diff for test 579 with hyper from this: 8927 ``` 8928 Progress callback called with UL 0 out of 0[LF] 8929 -Progress callback called with UL 8 out of 0[LF] 8930 -Progress callback called with UL 16 out of 0[LF] 8931 -Progress callback called with UL 26 out of 0[LF] 8932 -Progress callback called with UL 61 out of 0[LF] 8933 -Progress callback called with UL 66 out of 0[LF] 8934 +Progress callback called with UL 29 out of 0[LF] 8935 ``` 8936 to this: 8937 ``` 8938 Progress callback called with UL 0 out of 0[LF] 8939 -Progress callback called with UL 8 out of 0[LF] 8940 -Progress callback called with UL 16 out of 0[LF] 8941 -Progress callback called with UL 26 out of 0[LF] 8942 -Progress callback called with UL 61 out of 0[LF] 8943 -Progress callback called with UL 66 out of 0[LF] 8944 +Progress callback called with UL 40 out of 0[LF] 8945 ``` 8946 Presumably a step in the right direction. 8947 8948 Closes #11780 8949 8950Daniel Stenberg (1 Sep 2023) 8951 8952- awssiv4: avoid freeing the date pointer on error 8953 8954 Since it was not allocated, don't free it even if it was wrong syntax 8955 8956 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61908 8957 8958 Follow-up to b137634ba3adb 8959 8960 Closes #11782 8961 8962Stefan Eissing (1 Sep 2023) 8963 8964- CI: ngtcp2-linux: use separate caches for tls libraries 8965 8966 allow ever changing master for wolfssl 8967 8968 Closes #11766 8969 8970- replace `master` as wolfssl-version with recent commit 8971 8972- wolfssl, use master again in CI 8973 8974 - with the shared session update fix landed in master, it 8975 is time to use that in our CI again 8976 8977Nicholas Nethercote (31 Aug 2023) 8978 8979- tests: fix formatting errors in `FILEFORMAT.md`. 8980 8981 Without the surrounding backticks, these tags get swallowed when the 8982 markdown is rendered. 8983 8984 Closes #11777 8985 8986Viktor Szakats (31 Aug 2023) 8987 8988- cmake: add support for `CURL_DEFAULT_SSL_BACKEND` 8989 8990 Allow overriding the default TLS backend via a CMake setting. 8991 8992 E.g.: 8993 `cmake [...] -DCURL_DEFAULT_SSL_BACKEND=mbedtls` 8994 8995 Accepted values: bearssl, gnutls, mbedtls, openssl, rustls, 8996 schannel, secure-transport, wolfssl 8997 8998 The passed string is baked into the curl/libcurl binaries. 8999 The value is case-insensitive. 9000 9001 We added a similar option to autotools in 2017 via 9002 c7170e20d0a18ec8a514b4daa53bcdbb4dcb3a05. 9003 9004 TODO: Convert to lowercase to improve reproducibility. 9005 9006 Closes #11774 9007 9008- sectransp: fix compiler warnings 9009 9010 https://github.com/curl/curl-for-win/actions/runs/6037489221/job/16381860220# 9011 step:3:11046 9012 ``` 9013 /Users/runner/work/curl-for-win/curl-for-win/curl/lib/vtls/sectransp.c:2435:1 9014 4: warning: unused variable 'success' [-Wunused-variable] 9015 OSStatus success; 9016 ^ 9017 /Users/runner/work/curl-for-win/curl-for-win/curl/lib/vtls/sectransp.c:3300:4 9018 4: warning: unused parameter 'sha256len' [-Wunused-parameter] 9019 size_t sha256len) 9020 ^ 9021 ``` 9022 9023 Closes #11773 9024 9025- tidy-up: mostly whitespace nits 9026 9027 - delete completed TODO from `./CMakeLists.txt`. 9028 - convert a C++ comment to C89 in `./CMake/CurlTests.c`. 9029 - delete duplicate EOLs from EOF. 9030 - add missing EOL at EOF. 9031 - delete whitespace at EOL (except from expected test results). 9032 - convert tabs to spaces. 9033 - convert CRLF EOLs to LF in GHA yaml. 9034 - text casing fixes in `./CMakeLists.txt`. 9035 - fix a codespell typo in `packages/OS400/initscript.sh`. 9036 9037 Closes #11772 9038 9039Dan Fandrich (31 Aug 2023) 9040 9041- CI: remove Windows builds from Cirrus, without replacement 9042 9043 If we don't do this, all coverage on Cirrus will cease in a few days. By 9044 removing the Windows builds, the FreeBSD one should still continue 9045 as before. The Windows builds will need be moved to another service to 9046 maintain test coverage. 9047 9048 Closes #11771 9049 9050- CI: switch macOS ARM build from Cirrus to Circle CI 9051 9052 Cirrus is drastically reducing their free tier on Sept. 1, so they will 9053 no longer perform all these builds for us. All but one build has been 9054 moved, with the LibreSSL one being dropped because of linking problems 9055 on Circle. 9056 9057 One important note about this change is that Circle CI is currently 9058 directing all these builds to x86_64 hardware, despite them requesting 9059 ARM. This is because ARM nodes are scheduled to be available on the 9060 free tier only in December. This reduces our architectural diversity 9061 until then but it should automatically come back once those machines are 9062 enabled. 9063 9064- CI: use the right variable for BSD make 9065 9066 BSD uses MAKEFLAGS instead of MAKE_FLAGS so it wasn't doing parallel 9067 builds before. 9068 9069- CI: drop the FreeBSD 12.X build 9070 9071 Cirrus' new free tier won't let us have many builds, so drop the 9072 nonessential ones. The FreeBSD 13.X build will still give us the most 9073 relevant FreeBSD coverage. 9074 9075- CI: move the Alpine build from Cirrus to GHA 9076 9077 Cirrus is reducing their free tier to next to nothing, so we must move 9078 builds elsewhere. 9079 9080Stefan Eissing (30 Aug 2023) 9081 9082- test_07_upload.py: fix test_07_34 curl args 9083 9084 - Pass correct filename to --data-binary. 9085 9086 Prior to this change --data-binary was passed an incorrect filename due 9087 to a missing separator in the arguments list. Since aacbeae7 curl will 9088 error on incorrect filenames for POST. 9089 9090 Fixes https://github.com/curl/curl/issues/11761 9091 Closes https://github.com/curl/curl/pull/11763 9092 9093Nicholas Nethercote (30 Aug 2023) 9094 9095- tests: document which tests fail due to hyper's lack of trailer support. 9096 9097 Closes #11762 9098 9099- docs: removing "pausing transfers" from HYPER.md. 9100 9101 It's a reference to #8600, which was fixed by #9070. 9102 9103 Closes #11764 9104 9105Patrick Monnerat (30 Aug 2023) 9106 9107- os400: handle CURL_TEMP_PRINTF() while building bind source 9108 9109 Closes #11547 9110 9111- os400: build test servers 9112 9113 Also fix a non-compliant main prototype in disabled.c. 9114 9115 Closes #11547 9116 9117- tests: fix compilation error for os400 9118 9119 OS400 uses BSD 4.3 setsockopt() prototype by default: this does not 9120 define parameter as const, resulting in an error if actual parameter is 9121 const. Remove the const keyword from the actual parameter cast: this 9122 works in all conditions, even if the formal parameter uses it. 9123 9124 Closes #11547 9125 9126- os400: make programs and command name configurable 9127 9128 Closes #11547 9129 9130- os400: move build configuration parameters to a separate script 9131 9132 They can then easily be overriden in a script named "config400.override" 9133 that is not part of the distribution. 9134 9135 Closes #11547 9136 9137- os400: implement CLI tool 9138 9139 This is provided as a QADRT (ascii) program, a link to it in the IFS and 9140 a minimal CL command. 9141 9142 Closes #11547 9143 9144Matthias Gatto (30 Aug 2023) 9145 9146- lib: fix aws-sigv4 having date header twice in some cases 9147 9148 When the user was providing the header X-XXX-Date, the header was 9149 re-added during signature computation, and we had it twice in the 9150 request. 9151 9152 Reported-by: apparentorder@users.noreply.github.com 9153 9154 Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com> 9155 9156 Fixes: https://github.com/curl/curl/issues/11738 9157 Closes: https://github.com/curl/curl/pull/11754 9158 9159Jay Satiro (30 Aug 2023) 9160 9161- multi: remove 'processing: <url>' debug message 9162 9163 - Remove debug message added by e024d566. 9164 9165 Closes https://github.com/curl/curl/pull/11759 9166 9167- ftp: fix temp write of ipv6 address 9168 9169 - During the check to differentiate between a port and IPv6 address 9170 without brackets, write the binary IPv6 address to an in6_addr. 9171 9172 Prior to this change the binary IPv6 address was erroneously written to 9173 a sockaddr_in6 'sa6' when it should have been written to its in6_addr 9174 member 'sin6_addr'. There's no fallout because no members of 'sa6' are 9175 accessed before it is later overwritten. 9176 9177 Closes https://github.com/curl/curl/pull/11747 9178 9179- tool: change some fopen failures from warnings to errors 9180 9181 - Error on missing input file for --data, --data-binary, 9182 --data-urlencode, --header, --variable, --write-out. 9183 9184 Prior to this change if a user of the curl tool specified an input file 9185 for one of the above options and that file could not be opened then it 9186 would be treated as zero length data instead of an error. For example, a 9187 POST using `--data @filenametypo` would cause a zero length POST which 9188 is probably not what the user intended. 9189 9190 Closes https://github.com/curl/curl/pull/11677 9191 9192- hostip: fix typo 9193 9194Davide Masserut (29 Aug 2023) 9195 9196- tool: avoid including leading spaces in the Location hyperlink 9197 9198 Co-authored-by: Dan Fandrich <dan@coneharvesters.com> 9199 9200 Closes #11735 9201 9202Daniel Stenberg (29 Aug 2023) 9203 9204- SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline 9205 9206 Closes #11757 9207 9208- connect: stop halving the remaining timeout when less than 600 ms left 9209 9210 When curl wants to connect to a host, it always has a TIMEOUT. The 9211 maximum time it is allowed to spend until a connect is confirmed. 9212 9213 curl will try to connect to each of the IP adresses returned for the 9214 host. Two loops, one for each IP family. 9215 9216 During the connect loop, while curl has more than one IP address left to 9217 try within a single address family, curl has traditionally allowed (time 9218 left/2) for *this* connect attempt. This, to not get stuck on the 9219 initial addresses in case the timeout but still allow later addresses to 9220 get attempted. 9221 9222 This has the downside that when users set a very short timeout and the 9223 host has a large number of IP addresses, the effective result might be 9224 that every attempt gets a little too short time. 9225 9226 This change stop doing the divided-by-two if the total time left is 9227 below a threshold. This threshold is 600 milliseconds. 9228 9229 Closes #11693 9230 9231- asyn-ares: reduce timeout to 2000ms 9232 9233 When UDP packets get lost this makes for slightly faster retries. This 9234 lower timeout is used by @c-ares itself by default starting next 9235 release. 9236 9237 Closes #11753 9238 9239John Bampton (29 Aug 2023) 9240 9241- misc: remove duplicate words 9242 9243 Closes #11740 9244 9245Daniel Stenberg (29 Aug 2023) 9246 9247- RELEASE-NOTES: synced 9248 9249- wolfSSL: avoid the OpenSSL compat API when not needed 9250 9251 ... and instead call wolfSSL functions directly. 9252 9253 Closes #11752 9254 9255Viktor Szakats (28 Aug 2023) 9256 9257- lib: fix null ptr derefs and uninitialized vars (h2/h3) 9258 9259 Fixing compiler warnings with gcc 13.2.0 in unity builds. 9260 9261 Assisted-by: Jay Satiro 9262 Assisted-by: Stefan Eissing 9263 Closes #11739 9264 9265Jay Satiro (28 Aug 2023) 9266 9267- secureserver.pl: fix stunnel version parsing 9268 9269 - Allow the stunnel minor-version version part to be zero. 9270 9271 Prior to this change with the stunnel version scheme of <major>.<minor> 9272 if either part was 0 then version parsing would fail, causing 9273 secureserver.pl to fail with error "No stunnel", causing tests that use 9274 the SSL protocol to be skipped. As a practical matter this bug can only 9275 be caused by a minor-version part of 0, since the major-version part is 9276 always greater than 0. 9277 9278 Closes https://github.com/curl/curl/pull/11722 9279 9280- secureserver.pl: fix stunnel path quoting 9281 9282 - Store the stunnel path in the private variable $stunnel unquoted and 9283 instead quote it in the command strings. 9284 9285 Prior to this change the quoted stunnel path was passed to perl's file 9286 operators which cannot handle quoted paths. For example: 9287 9288 $stunnel = "\"/C/Program Files (x86)/stunnel/bin/tstunnel\""; 9289 if(-x $stunnel or -x "$stunnel") 9290 # false even if path exists and is executable 9291 9292 Our other test scripts written in perl, unlike this one, use servers.pm 9293 which has a global $stunnel variable with the path stored unquoted and 9294 therefore those scripts don't have this problem. 9295 9296 Closes https://github.com/curl/curl/pull/11721 9297 9298Daniel Stenberg (28 Aug 2023) 9299 9300- altsvc: accept and parse IPv6 addresses in response headers 9301 9302 Store numerical IPv6 addresses in the alt-svc file with the brackets 9303 present. 9304 9305 Verify with test 437 and 438 9306 9307 Fixes #11737 9308 Reported-by: oliverpool on github 9309 Closes #11743 9310 9311- libtest: use curl_free() to free libcurl allocated data 9312 9313 In several test programs. These mistakes are not detected or a problem 9314 as long as memdebug.h is included, as that provides the debug wrappers 9315 for all memory functions in the same style libcurl internals do it, 9316 which makes curl_free and free effectively the same call. 9317 9318 Reported-by: Nicholas Nethercote 9319 Closes #11746 9320 9321Jay Satiro (28 Aug 2023) 9322 9323- disable.d: explain --disable not implemented prior to 7.50.0 9324 9325 Option -q/--disable was added in 5.0 but only -q was actually 9326 implemented. Later --disable was implemented in e200034 (precedes 9327 7.49.0), but incorrectly, and fixed in 6dbc23c (precedes 7.50.0). 9328 9329 Reported-by: pszlazak@users.noreply.github.com 9330 9331 Fixes https://github.com/curl/curl/issues/11710 9332 Closes #11712 9333 9334Nicholas Nethercote (28 Aug 2023) 9335 9336- hyper: fix ownership problems 9337 9338 Some of these changes come from comparing `Curl_http` and 9339 `start_CONNECT`, which are similar, and adding things to them that are 9340 present in one and missing in another. 9341 9342 The most important changes: 9343 - In `start_CONNECT`, add a missing `hyper_clientconn_free` call on the 9344 happy path. 9345 - In `start_CONNECT`, add a missing `hyper_request_free` on the error 9346 path. 9347 - In `bodysend`, add a missing `hyper_body_free` on an early-exit path. 9348 - In `bodysend`, remove an unnecessary `hyper_body_free` on a different 9349 error path that would cause a double-free. 9350 https://docs.rs/hyper/latest/hyper/ffi/fn.hyper_request_set_body.html 9351 says of `hyper_request_set_body`: "This takes ownership of the 9352 hyper_body *, you must not use it or free it after setting it on the 9353 request." This is true even if `hyper_request_set_body` returns an 9354 error; I confirmed this by looking at the hyper source code. 9355 9356 Other changes are minor but make things slightly nicer. 9357 9358 Closes #11745 9359 9360Daniel Stenberg (28 Aug 2023) 9361 9362- multi.h: the 'revents' field of curl_waitfd is supported 9363 9364 Since 6d30f8ebed34e7276 9365 9366 Reported-by: Nicolás Ojeda Bär 9367 Ref: #11748 9368 Closes #11749 9369 9370Gerome Fournier (27 Aug 2023) 9371 9372- tool_paramhlp: improve str2num(): avoid unnecessary call to strlen() 9373 9374 Closes #11742 9375 9376Daniel Stenberg (27 Aug 2023) 9377 9378- docs: mention critical files in same directories as curl saves 9379 9380 ... cannot be fully protected. Don't do it. 9381 9382 Co-authored-by: Jay Satiro 9383 Reported-by: Harry Sintonen 9384 Fixes #11530 9385 Closes #11701 9386 9387John Hawthorn (26 Aug 2023) 9388 9389- OpenSSL: clear error queue after SSL_shutdown 9390 9391 We've seen errors left in the OpenSSL error queue (specifically, 9392 "shutdown while in init") by adding some logging it revealed that the 9393 source was this file. 9394 9395 Since we call SSL_read and SSL_shutdown here, but don't check the return 9396 code for an error, we should clear the OpenSSL error queue in case one 9397 was raised. 9398 9399 This didn't affect curl because we call ERR_clear_error before every 9400 write operation (a0dd9df9ab35528eb9eb669e741a5df4b1fb833c), but when 9401 libcurl is used in a process with other OpenSSL users, they may detect 9402 an OpenSSL error pushed by libcurl's SSL_shutdown as if it was their 9403 own. 9404 9405 Co-authored-by: Satana de Sant'Ana <satana@skylittlesystem.org> 9406 9407 Closes #11736 9408 9409Alexander Kanavin (25 Aug 2023) 9410 9411- tests: update cookie expiry dates to far in the future 9412 9413 This allows testing Y2038 with system time set to after that, so that 9414 actual Y2038 issues can be exposed, and not masked by expiry errors. 9415 9416 Fixes #11576 9417 Closes #11610 9418 9419John Bampton (25 Aug 2023) 9420 9421- misc: fix spelling 9422 9423 Closes #11733 9424 9425Daniel Stenberg (25 Aug 2023) 9426 9427- cmdline-opts/page-header: clarify stronger that !opt == URL 9428 9429 Everything provided on the command line that is not an option (or an 9430 argument to an option) is treated as a URL. 9431 9432 Closes #11734 9433 9434- tests/runner: fix %else handling 9435 9436 Getting the show state proper for %else and %endif did not properly work 9437 in nested cases. 9438 9439 Follow-up to 3d089c41ea9 9440 9441 Closes #11731 9442 9443Nicholas Nethercote (25 Aug 2023) 9444 9445- docs: Remove mention of #10803 from `KNOWN_BUGS`. 9446 9447 Because the leaks have been fixed. 9448 9449- c-hyper: fix another memory leak in `Curl_http`. 9450 9451 There is a `hyper_clientconn_free` call on the happy path, but not one 9452 on the error path. This commit adds one. 9453 9454 Fixes the second memory leak reported by Valgrind in #10803. 9455 9456 Fixes #10803 9457 Closes #11729 9458 9459- c-hyper: fix a memory leak in `Curl_http`. 9460 9461 A request created with `hyper_request_new` must be consumed by either 9462 `hyper_clientconn_send` or `hyper_request_free`. 9463 9464 This is not terrifically clear from the hyper docs -- 9465 `hyper_request_free` is documented only with "Free an HTTP request if 9466 not going to send it on a client" -- but a perusal of the hyper code 9467 confirms it. 9468 9469 This commit adds a `hyper_request_free` to the `error:` path in 9470 `Curl_http` so that the request is consumed when an error occurs after 9471 the request is created but before it is sent. 9472 9473 Fixes the first memory leak reported by Valgrind in #10803. 9474 9475 Closes #11729 9476 9477Daniel Stenberg (25 Aug 2023) 9478 9479- RELEASE-NOTES: synced 9480 9481John Bampton (25 Aug 2023) 9482 9483- misc: spellfixes 9484 9485 Closes #11730 9486 9487Daniel Stenberg (25 Aug 2023) 9488 9489- tests: add support for nested %if conditions 9490 9491 Provides more flexiblity to test cases. 9492 9493 Also warn and bail out if there is an '%else' or %endif' without a 9494 preceeding '%if'. 9495 9496 Ref: #11610 9497 Closes #11728 9498 9499- time-cond.d: mention what happens on a missing file 9500 9501 Closes #11727 9502 9503Christian Hesse (24 Aug 2023) 9504 9505- docs/cmdline-opts: match the current output 9506 9507 The release date has been added in output, reflect that in documentation. 9508 9509 Closes #11723 9510 9511Daniel Stenberg (24 Aug 2023) 9512 9513- lib: minor comment corrections 9514 9515- docs: rewrite to present tense 9516 9517 ... instead of using future tense. 9518 9519 + numerous cleanups and improvements 9520 + stick to "reuse" not "re-use" 9521 + fewer contractions 9522 9523 Closes #11713 9524 9525- urlapi: setting a blank URL ("") is not an ok URL 9526 9527 Test it in 1560 9528 Fixes #11714 9529 Reported-by: ad0p on github 9530 Closes #11715 9531 9532- spelling: use 'reuse' not 're-use' in code and elsewhere 9533 9534 Unify the spelling as both versions were previously used intermittently 9535 9536 Closes #11717 9537 9538Michael Osipov (23 Aug 2023) 9539 9540- system.h: add CURL_OFF_T definitions on HP-UX with HP aCC 9541 9542 HP-UX on IA64 provides two modes: 32 and 64 bit while 32 bit being the 9543 default one. Use "long long" in 32 bit mode and just "long" in 64 bit 9544 mode. 9545 9546 Closes #11718 9547 9548Dan Fandrich (22 Aug 2023) 9549 9550- tests: don't call HTTP errors OK in test cases 9551 9552 Some HTTP errors codes were accompanied by the text OK, which causes 9553 some cognitive dissonance when reading them. 9554 9555- http: close the connection after a late 417 is received 9556 9557 In this situation, only part of the data has been sent before aborting 9558 so the connection is no longer usable. 9559 9560 Assisted-by: Jay Satiro 9561 Fixes #11678 9562 Closes #11679 9563 9564- runtests: slightly increase the longest log file displayed 9565 9566 The new limit provides enough space for a 64 KiB data block to be logged 9567 in a trace file, plus a few lines at the start and end for context. This 9568 happens to be the amount of data sent at a time in a PUT request. 9569 9570- tests: add delay command to the HTTP server 9571 9572 This adds a delay after client connect. 9573 9574Daniel Stenberg (22 Aug 2023) 9575 9576- cirrus: install everthing with pkg, avoid pip 9577 9578 Assisted-by: Sevan Janiyan 9579 9580 Closes #11711 9581 9582- curl_url*.3: update function descriptions 9583 9584 - expand and clarify several descriptions 9585 - avoid using future tense all over 9586 9587 Closes #11708 9588 9589- RELEASE-NOTES: synced 9590 9591Stefan Eissing (21 Aug 2023) 9592 9593- CI/cirrus: disable python install on FreeBSD 9594 9595 - python cryptography package does not build build FreeBSD 9596 - install just mentions "error" 9597 - this gets the build and the main test suite going again 9598 9599 Closes #11705 9600 9601- test2600: fix flakiness on low cpu 9602 9603 - refs #11355 where failures to to low cpu resources in CI 9604 are reported 9605 - vastly extend CURLOPT_CONNECTTIMEOUT_MS and max durations 9606 to test cases 9607 - trigger Curl_expire() in test filter to allow re-checks before 9608 the usual 1second interval 9609 9610 Closes #11690 9611 9612Maksim Sciepanienka (20 Aug 2023) 9613 9614- tool_urlglob: use the correct format specifier for curl_off_t in msnprintf 9615 9616 Closes #11698 9617 9618Daniel Stenberg (20 Aug 2023) 9619 9620- test687/688: two more basic --xattr tests 9621 9622 Closes #11697 9623 9624- cmdline-opts/docs: mentioned the negative option part 9625 9626 ... for --no-alpn and --no-buffer in the same style done for other --no- 9627 options: 9628 9629 "Note that this is the negated option name documented." 9630 9631 Closes #11695 9632 9633Emanuele Torre (19 Aug 2023) 9634 9635- tool/var: also error when expansion result starts with NUL 9636 9637 Expansions whose output starts with NUL were being expanded to the empty 9638 string, and not being recognised as values that contain a NUL byte, and 9639 should error. 9640 9641 Closes #11694 9642 9643Daniel Stenberg (19 Aug 2023) 9644 9645- tests: add 'large-time' as a testable feature 9646 9647 This allows test cases to require this feature to run and to be used in 9648 %if conditions. 9649 9650 Large here means larger than 32 bits. Ie does not suffer from y2038. 9651 9652 Closes #11696 9653 9654- tests/Makefile: add check-translatable-options.pl to tarball 9655 9656 Used in test 1544 9657 9658 Follow-up to ae806395abc8c 9659 9660- gen.pl: fix a long version generation mistake 9661 9662 Too excessive escaping made the parsing not find the correct long names 9663 later and instead add "wrong" links. 9664 9665 Follow-up to 439ff2052e219 9666 9667 Reported-by: Lukas Tribus 9668 Fixes #11688 9669 Closes #11689 9670 9671- lib: move mimepost data from ->req.p.http to ->state 9672 9673 When the legacy CURLOPT_HTTPPOST option is used, it gets converted into 9674 the modem mimpost struct at first use. This data is (now) kept for the 9675 entire transfer and not only per single HTTP request. This re-enables 9676 rewind in the beginning of the second request instead of in end of the 9677 first, as brought by 1b39731. 9678 9679 The request struct is per-request data only. 9680 9681 Extend test 650 to verify. 9682 9683 Fixes #11680 9684 Reported-by: yushicheng7788 on github 9685 Closes #11682 9686 9687Patrick Monnerat (17 Aug 2023) 9688 9689- os400: do not check translatable options at build time 9690 9691 Now that there is a test for this, the build time check is not needed 9692 anymore. 9693 9694 Closes #11650 9695 9696- test1554: check translatable string options in OS400 wrapper 9697 9698 This test runs a perl script that checks all string options are properly 9699 translated by the OS400 character code conversion wrapper. It also 9700 verifies these options are listed in alphanumeric order in the wrapper 9701 switch statement. 9702 9703 Closes #11650 9704 9705Daniel Stenberg (17 Aug 2023) 9706 9707- unit3200: skip testing if function is not present 9708 9709 Fake a successful run since we have no easy mechanism to skip this test 9710 for this advanced condition. 9711 9712- unit2600: fix build warning if built without verbose messages 9713 9714- test1608: make it build and get skipped without shuffle DNS support 9715 9716- lib: --disable-bindlocal builds curl without local binding support 9717 9718- test1304: build and skip without netrc support 9719 9720- lib: build fixups when built with most things disabled 9721 9722 Closes #11687 9723 9724- workflows/macos.yml: disable zstd and alt-svc in the http-only build 9725 9726 Closes #11683 9727 9728Stefan Eissing (17 Aug 2023) 9729 9730- bearssl: handshake fix, provide proper get_select_socks() implementation 9731 9732 - bring bearssl handshake times down from +200ms down to other TLS backends 9733 - vtls: improve generic get_select_socks() implementation 9734 - tests: provide Apache with a suitable ssl session cache 9735 9736 Closes #11675 9737 9738- tests: TLS session sharing test 9739 9740 - test TLS session sharing with special test client 9741 - expect failure with wolfSSL 9742 - disable flaky wolfSSL test_02_07b 9743 9744 Closes #11675 9745 9746Daniel Stenberg (17 Aug 2023) 9747 9748- CURLOPT_*TIMEOUT*: extend and clarify 9749 9750 Closes #11686 9751 9752- urlapi: return CURLUE_BAD_HOSTNAME if puny2idn encoding fails 9753 9754 And document it. Only return out of memory when it actually is a memory 9755 problem. 9756 9757 Pointed-out-by: Jacob Mealey 9758 Closes #11674 9759 9760Mathew Benson (17 Aug 2023) 9761 9762- cmake: add GnuTLS option 9763 9764 - Option to use GNUTLS was missing. Hence was not able to use GNUTLS 9765 with ngtcp2 for http3. 9766 9767 Closes #11685 9768 9769Daniel Stenberg (16 Aug 2023) 9770 9771- RELEASE-NOTES: synced 9772 9773- http: remove the p_pragma struct field 9774 9775 unused since 40e8b4e52 (2008) 9776 9777 Closes #11681 9778 9779Jay Satiro (16 Aug 2023) 9780 9781- CURLINFO_CERTINFO.3: better explain curl_certinfo struct 9782 9783 Closes https://github.com/curl/curl/pull/11666 9784 9785- CURLINFO_TLS_SSL_PTR.3: clarify a recommendation 9786 9787 - Remove the out-of-date SSL backend list supported by 9788 CURLOPT_SSL_CTX_FUNCTION. 9789 9790 It makes more sense to just refer to that document instead of having 9791 a separate list that has to be kept in sync. 9792 9793 Closes https://github.com/curl/curl/pull/11665 9794 9795- write-out.d: clarify %{time_starttransfer} 9796 9797 sync it up with CURLINFO_STARTTRANSFER_TIME_T 9798 9799Daniel Stenberg (15 Aug 2023) 9800 9801- transfer: don't set TIMER_STARTTRANSFER on first send 9802 9803 The time stamp is for measuring the first *received* byte 9804 9805 Fixes #11669 9806 Reported-by: JazJas on github 9807 Closes #11670 9808 9809trrui-huawei (15 Aug 2023) 9810 9811- quiche: enable quiche to handle timeout events 9812 9813 In parallel with ngtcp2, quiche also offers the `quiche_conn_on_timeout` 9814 interface for the application to invoke upon timer 9815 expiration. Therefore, invoking the `on_timeout` function of the 9816 Connection is crucial to ensure seamless functionality of quiche with 9817 timeout events. 9818 9819 Closes #11654 9820 9821- quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s 9822 9823 Set the `QUIC_IDLE_TIMEOUT` parameter to match ngtcp2 for consistency. 9824 9825Daniel Stenberg (15 Aug 2023) 9826 9827- KNOWN_BUGS: LDAPS requests to ActiveDirectory server hang 9828 9829 Closes #9580 9830 9831- imap: add a check for failing strdup() 9832 9833- imap: remove the only sscanf() call in the IMAP code 9834 9835 Avoids the use of a stack buffer. 9836 9837 Closes #11673 9838 9839- imap: use a dynbuf in imap_atom 9840 9841 Avoid a calculation + malloc. Build the output in a dynbuf. 9842 9843 Closes #11672 9844 9845Marin Hannache (14 Aug 2023) 9846 9847- http: do not require a user name when using CURLAUTH_NEGOTIATE 9848 9849 In order to get Negotiate (SPNEGO) authentication to work in HTTP you 9850 used to be required to provide a (fake) user name (this concerned both 9851 curl and the lib) because the code wrongly only considered 9852 authentication if there was a user name provided, as in: 9853 9854 curl -u : --negotiate https://example.com/ 9855 9856 This commit leverages the `struct auth` want member to figure out if the 9857 user enabled CURLAUTH_NEGOTIATE, effectively removing the requirement of 9858 setting a user name both in curl and the lib. 9859 9860 Signed-off-by: Marin Hannache <git@mareo.fr> 9861 Reported-by: Enrico Scholz 9862 Fixes https://sourceforge.net/p/curl/bugs/440/ 9863 Fixes #1161 9864 Closes #9047 9865 9866Viktor Szakats (13 Aug 2023) 9867 9868- build: streamline non-UWP wincrypt detections 9869 9870 - with CMake, use the variable `WINDOWS_STORE` to detect an UWP build 9871 and disable our non-UWP-compatible use the Windows crypto API. This 9872 allows to drop two dynamic feature checks. 9873 9874 `WINDOWS_STORE` is true when invoking CMake with 9875 `CMAKE_SYSTEM_NAME` == `WindowsStore`. Introduced in CMake v3.1. 9876 9877 Ref: https://cmake.org/cmake/help/latest/variable/WINDOWS_STORE.html 9878 9879 - with autotools, drop the separate feature check for `wincrypt.h`. On 9880 one hand this header has been present for long (even Borland C 5.5 had 9881 it from year 2000), on the other we used the check result solely to 9882 enable another check for certain crypto functions. This fails anyway 9883 with the header not present. We save one dynamic feature check at the 9884 configure stage. 9885 9886 Reviewed-by: Marcel Raad 9887 Closes #11657 9888 9889Nicholas Nethercote (13 Aug 2023) 9890 9891- docs/HYPER.md: update hyper build instructions 9892 9893 Nightly Rust and `-Z unstable-options` are not needed. 9894 9895 The instructions here now match the hyper docs exactly: 9896 https://github.com/hyperium/hyper/commit/bd7928f3dd6a8461f0f0fdf7ee0fd95c2f15 9897 6f88 9898 9899 Closes #11662 9900 9901Daniel Stenberg (13 Aug 2023) 9902 9903- RELEASE-NOTES: synced 9904 9905- urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name 9906 9907 Asssisted-by: Jay Satiro 9908 Closes #11655 9909 9910- spellcheck: adapt to backslashed minuses 9911 9912 As the curl.1 has more backslashed minus, the cleanup sed lines xneed to 9913 adapt. 9914 9915 Adjusted some docs slighly. 9916 9917 Follow-up to 439ff2052e 9918 9919 Closes #11663 9920 9921- gen: escape more minus 9922 9923 Detected since it was still hard to search for option names using dashes 9924 in the middle in the man page. 9925 9926 Closes #11660 9927 9928- cookie-jar.d: enphasize that this option is ONLY writing cookies 9929 9930 Reported-by: Dan Jacobson 9931 Tweaked-by: Jay Satiro 9932 Ref: #11642 9933 Closes #11661 9934 9935Nicholas Nethercote (11 Aug 2023) 9936 9937- docs/HYPER.md: document a workaround for a link error 9938 9939 Closes #11653 9940 9941Jay Satiro (11 Aug 2023) 9942 9943- schannel: verify hostname independent of verify cert 9944 9945 Prior to this change when CURLOPT_SSL_VERIFYPEER (verifypeer) was off 9946 and CURLOPT_SSL_VERIFYHOST (verifyhost) was on we did not verify the 9947 hostname in schannel code. 9948 9949 This fixes KNOWN_BUG 2.8 "Schannel disable CURLOPT_SSL_VERIFYPEER and 9950 verify hostname". We discussed a fix several years ago in #3285 but it 9951 went stale. 9952 9953 Assisted-by: Daniel Stenberg 9954 9955 Bug: https://curl.haxx.se/mail/lib-2018-10/0113.html 9956 Reported-by: Martin Galvan 9957 9958 Ref: https://github.com/curl/curl/pull/3285 9959 9960 Fixes https://github.com/curl/curl/issues/3284 9961 Closes https://github.com/curl/curl/pull/10056 9962 9963Daniel Stenberg (11 Aug 2023) 9964 9965- curl_quiche: remove superfluous NULL check 9966 9967 'stream' is always non-NULL at this point 9968 9969 Pointed out by Coverity 9970 9971 Closes #11656 9972 9973- curl/urlapi.h: tiny typo 9974 9975- github/labeler: make HYPER.md set Hyper and not TLS 9976 9977- docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0 9978 9979 7.50.0 shipped on Jul 21 2016, over seven years ago. We no longer need 9980 to specify version changes for earlier releases in the generated output. 9981 9982 This ups the limit from the previous 7.30.0 (Apr 12 2013) 9983 9984 This hides roughly 35 "added in" mentions. 9985 9986 Closes #11651 9987 9988Jay Satiro (10 Aug 2023) 9989 9990- bug_report: require reporters to specify curl and os versions 9991 9992 - Change curl version and os sections from single-line input to 9993 multi-line textarea. 9994 9995 - Require curl version and os sections to be filled out before report 9996 can be submitted. 9997 9998 Closes https://github.com/curl/curl/pull/11636 9999 10000Daniel Stenberg (9 Aug 2023) 10001 10002- gen.pl: replace all single quotes with aq 10003 10004 - this prevents man from using a unicode sequence for them 10005 - which then allows search to work properly 10006 10007 Closes #11645 10008 10009Viktor Szakats (9 Aug 2023) 10010 10011- cmake: fix to use variable for the curl namespace 10012 10013 Replace (wrong) literal with a variable to specify the curl 10014 namespace. 10015 10016 Follow-up to 1199308dbc902c52be67fc805c72dd2582520d30 #11505 10017 10018 Reported-by: balikalina on Github 10019 Fixes https://github.com/curl/curl/commit/1199308dbc902c52be67fc805c72dd25825 10020 20d30#r123923098 10021 Closes #11629 10022 10023- cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms 10024 10025 2ebc74c36a19a1700af394c16855ce144d9878e3 #11546 introduced sharing 10026 libcurl objects for shared and static targets. 10027 10028 The above automatically enabled for Windows builds, with an option to 10029 disable with `SHARE_LIB_OBJECT=OFF`. 10030 10031 This patch extend this feature to all platforms as a manual option. 10032 You can enable it by setting `SHARE_LIB_OBJECT=ON`. Then shared objects 10033 are built in PIC mode, meaning the static lib will also have PIC code. 10034 10035 [EXPERIMENTAL] 10036 10037 Closes #11627 10038 10039- cmake: assume `wldap32` availability on Windows 10040 10041 This system library first shipped with Windows ME, available as an extra 10042 install for some older releases (according to [1]). The import library 10043 was present already in old MinGW 3.4.2 (year 2007). 10044 10045 Drop the feature check and its associated `HAVE_WLDAP32` variable. 10046 10047 To manually disable `wldap32`, you can use the `USE_WIN32_LDAP=OFF` 10048 CMake option, like before. 10049 10050 [1]: https://dlcdn.apache.org/httpd/binaries/win32/LEGACY.html 10051 10052 Reviewed-by: Jay Satiro 10053 Closes #11624 10054 10055Daniel Stenberg (9 Aug 2023) 10056 10057- page-header: move up a URL paragraph from GLOBBING to URL 10058 10059- variable.d: output the function names table style 10060 10061 Also correct the url function name in the header 10062 10063 Closes #11641 10064 10065- haproxy-clientip.d: remove backticks 10066 10067 This is not markdown 10068 10069 Follow-up to 0a75964d0d94a4 10070 10071 Closes #11639 10072 10073- RELEASE-NOTES: synced 10074 10075- gen.pl: escape all dashes (ascii minus) to avoid unicode hyphens 10076 10077 Reported-by: FC Stegerman 10078 Fixes #11635 10079 Closes #11637 10080 10081- cmdline-opts/page-header: reorder, clean up 10082 10083 - removed some unnecessary blurb to focus 10084 - moved up the more important URL details 10085 - put "globbing" into its own subtitle and moved down a little 10086 - mention the online man page in the version section 10087 10088 Closes #11638 10089 10090- c-hyper: adjust the hyper to curlcode conversion 10091 10092 Closes #11621 10093 10094- test2306: make it use a persistent connection 10095 10096 + enable verbose already from the start 10097 10098 Closes #11621 10099 10100eppesuig (8 Aug 2023) 10101 10102- list-only.d: mention SFTP as supported protocol 10103 10104 Closes #11628 10105 10106Daniel Stenberg (8 Aug 2023) 10107 10108- request.d: use .TP for protocol "labels" 10109 10110 To render the section nicer in man page. 10111 10112 Closes #11630 10113 10114- cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP 10115 10116 ... as documented. 10117 10118 Update test 3201 and 3202 accordingly. 10119 10120 Reported-by: Markus Sommer 10121 Fixes #11619 10122 Closes #11626 10123 10124- page-footer: QLOGDIR works with ngtcp2 and quiche 10125 10126 It previously said "both" backends which is confusing as we currently 10127 have three... 10128 10129 Closes #11631 10130 10131Stefan Eissing (8 Aug 2023) 10132 10133- http3: quiche, handshake optimization, trace cleanup 10134 10135 - load x509 store after clienthello 10136 - cleanup of tracing 10137 10138 Closes #11618 10139 10140Daniel Stenberg (8 Aug 2023) 10141 10142- ngtcp2: remove dead code 10143 10144 'result' is always zero (CURLE_OK) at this point 10145 10146 Detected by Coverity 10147 10148 Closes #11622 10149 10150Viktor Szakats (8 Aug 2023) 10151 10152- openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED` 10153 10154 OpenSSL 1.1.1 defines this macro, but no ealier version, or any of the 10155 popular forks (yet). Use the macro itself to detect its presence, 10156 replacing the hard-wired fork-specific conditions. 10157 10158 This way the feature will enable automatically when forks implement it, 10159 while also shorter and possibly requiring less future maintenance. 10160 10161 Follow-up to 94241a9e78397a2aaf89a213e6ada61e7de7ee02 #6721 10162 10163 Reviewed-by: Jay Satiro 10164 Closes #11617 10165 10166- openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1 10167 10168 LibreSSL 3.4.1 (2021-10-14) added support for 10169 `SSL_CTX_set_ciphersuites`. 10170 10171 Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.1-relnotes.txt 10172 10173 Reviewed-by: Jay Satiro 10174 Closes #11616 10175 10176- openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0 10177 10178 LibreSSL 3.5.0 (2022-02-24) added support for 10179 `SSL_CTX_set_keylog_callback`. 10180 10181 Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.0-relnotes.txt 10182 10183 Reviewed-by: Jay Satiro 10184 Closes #11615 10185 10186- cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks 10187 10188 - `HAVE_LIBWINMM` was detected but unused. The `winmm` system library is 10189 also not used by curl, but it is by its optional dependency `librtmp`. 10190 Change the logic to always add `winmm` when `USE_LIBRTMP` is set. This 10191 library has been available since the early days of Windows. 10192 10193 - `HAVE_LIBWS2_32` detected `ws2_32` lib on Windows. This lib is present 10194 since Windows 95 OSR2 (AFAIR). Winsock1 already wasn't supported and 10195 other existing logic already assumed this lib being present, so delete 10196 the check and replace the detection variable with `WIN32` and always 10197 add `ws2_32` on Windows. 10198 10199 Closes #11612 10200 10201Daniel Gustafsson (8 Aug 2023) 10202 10203- crypto: ensure crypto initialization works 10204 10205 Make sure that context initialization during hash setup works to avoid 10206 going forward with the risk of a null pointer dereference. 10207 10208 Reported-by: Philippe Antoine on HackerOne 10209 Assisted-by: Jay Satiro 10210 Assisted-by: Daniel Stenberg 10211 10212 Closes #11614 10213 10214Viktor Szakats (7 Aug 2023) 10215 10216- openssl: switch to modern init for LibreSSL 2.7.0+ 10217 10218 LibreSSL 2.7.0 (2018-03-21) introduced automatic initialization, 10219 `OPENSSL_init_ssl()` function and deprecated the old, manual init 10220 method, as seen in OpenSSL 1.1.0. Switch to the modern method when 10221 available. 10222 10223 Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.0-relnotes.txt 10224 10225 Reviewed-by: Daniel Stenberg 10226 Closes #11611 10227 10228Daniel Stenberg (7 Aug 2023) 10229 10230- gskit: remove 10231 10232 We remove support for building curl with gskit. 10233 10234 - This is a niche TLS library, only running on some IBM systems 10235 - no regular curl contributors use this backend 10236 - no CI builds use or verify this backend 10237 - gskit, or the curl adaption for it, lacks many modern TLS features 10238 making it an inferior solution 10239 - build breakages in this code take weeks or more to get detected 10240 - fixing gskit code is mostly done "flying blind" 10241 10242 This removal has been advertized in DEPRECATED in Jan 2, 2023 and it has 10243 been mentioned on the curl-library mailing list. 10244 10245 It could be brought back, this is not a ban. Given proper effort and 10246 will, gskit support is welcome back into the curl TLS backend family. 10247 10248 Closes #11460 10249 10250- RELEASE-NOTES: synced 10251 10252Dan Fandrich (7 Aug 2023) 10253 10254- THANKS-filter: add a name typo 10255 10256Stefan Eissing (7 Aug 2023) 10257 10258- http3/ngtcp2: shorten handshake, trace cleanup 10259 10260 - shorten handshake timing by delayed x509 store load (OpenSSL) 10261 as we do for HTTP/2 10262 - cleanup of trace output, align with HTTP/2 output 10263 10264 Closes #11609 10265 10266Daniel Stenberg (7 Aug 2023) 10267 10268- headers: accept leading whitespaces on first response header 10269 10270 This is a bad header fold but since the popular browsers accept this 10271 violation, so does curl now. Unless built with hyper. 10272 10273 Add test 1473 to verify and adjust test 2306. 10274 10275 Reported-by: junsik on github 10276 Fixes #11605 10277 Closes #11607 10278 10279- include/curl/mprintf.h: add __attribute__ for the prototypes 10280 10281 - if gcc or clang is used 10282 - if __STDC_VERSION__ >= 199901L, which means greater than C90 10283 - if not using mingw 10284 - if CURL_NO_FMT_CHECKS is not defined 10285 10286 Closes #11589 10287 10288- tests: fix bad printf format flags in test code 10289 10290- tests: fix header scan tools for attribute edits in mprintf.h 10291 10292- cf-socket: log successful interface bind 10293 10294 When the setsockopt SO_BINDTODEVICE operation succeeds, output that in 10295 the verbose output. 10296 10297 Ref: #11599 10298 Closes #11608 10299 10300- CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled 10301 10302 Ref: #11457 10303 Closes #11606 10304 10305- CURLOPT_SSL_VERIFYPEER.3: add two more see also options 10306 10307 CURLINFO_CAINFO and CURLINFO_CAPATH 10308 10309 Closes #11603 10310 10311- KNOWN_BUGS: aws-sigv4 does not behave well with AWS VPC Lattice 10312 10313 Closes #11007 10314 10315Graham Campbell (6 Aug 2023) 10316 10317- CI: use openssl 3.0.10+quic, nghttp3 0.14.0, ngtcp2 0.18.0 10318 10319 Closes #11585 10320 10321Daniel Stenberg (6 Aug 2023) 10322 10323- TODO: add *5* entries for aws-sigv4 10324 10325 Closes #7559 10326 Closes #8107 10327 Closes #8810 10328 Closes #9717 10329 Closes #10129 10330 10331- TODO: LDAP Certificate-Based Authentication 10332 10333 Closes #9641 10334 10335Stefan Eissing (6 Aug 2023) 10336 10337- http2: cleanup trace messages 10338 10339 - more compact format with bracketed stream id 10340 - all frames traced in and out 10341 10342 Closes #11592 10343 10344Daniel Stenberg (6 Aug 2023) 10345 10346- tests/tftpd+mqttd: make variables static to silence picky warnings 10347 10348 Closes #11594 10349 10350- docs/cmdline: remove repeated working for negotiate + ntlm 10351 10352 The extra wording is added automatically by the gen.pl tool 10353 10354 Closes #11597 10355 10356- docs/cmdline: add small "warning" to verbose options 10357 10358 "Note that verbose output of curl activities and network traffic might 10359 contain sensitive data, including user names, credentials or secret data 10360 content. Be aware and be careful when sharing trace logs with others." 10361 10362 Closes #11596 10363 10364- RELEASE-NOTES: synced 10365 10366- pingpong: don't use *bump_headersize 10367 10368 We use that for HTTP(S) only. 10369 10370 Follow-up to 3ee79c1674fd6 10371 10372 Closes #11590 10373 10374- urldata: remove spurious parenthesis to unbreak no-proxy build 10375 10376 Follow-up to e12b39e13382 10377 10378 Closes #11591 10379 10380- easy: don't call Curl_trc_opt() in disabled-verbose builds 10381 10382 Follow-up to e12b39e133822c6a0 10383 10384 Closes #11588 10385 10386- http: use %u for printfing int 10387 10388 Follow-up to 3ee79c1674fd6f99e8efca5 10389 10390 Closes #11587 10391 10392Goro FUJI (3 Aug 2023) 10393 10394- vquic: show stringified messages for errno 10395 10396 Closes #11584 10397 10398Stefan Eissing (3 Aug 2023) 10399 10400- trace: make tracing available in non-debug builds 10401 10402 Add --trace-config to curl 10403 10404 Add curl_global_trace() to libcurl 10405 10406 Closes #11421 10407 10408Daniel Stenberg (3 Aug 2023) 10409 10410- TODO: remove "Support intermediate & root pinning for PINNEDPUBLICKEY" 10411 10412 See also https://github.com/curl/curl/pull/7507 10413 10414- TODO: add "WebSocket read callback" 10415 10416 remove "Upgrade to websockets" as we already have this 10417 10418 Closes #11402 10419 10420- test497: verify rejecting too large incoming headers 10421 10422- http: return error when receiving too large header set 10423 10424 To avoid abuse. The limit is set to 300 KB for the accumulated size of 10425 all received HTTP headers for a single response. Incomplete research 10426 suggests that Chrome uses a 256-300 KB limit, while Firefox allows up to 10427 1MB. 10428 10429 Closes #11582 10430 10431Stefan Eissing (3 Aug 2023) 10432 10433- http2: upgrade tests and add fix for non-existing stream 10434 10435 - check in h2 filter recv that stream actually exists 10436 and return error if not 10437 - add test for parallel, extreme h2 upgrades that fail if 10438 connections get reused before fully switched 10439 - add h2 upgrade upload test just for completeness 10440 10441 Closes #11563 10442 10443Viktor Szakats (3 Aug 2023) 10444 10445- tests: ensure `libcurl.def` contains all exports 10446 10447 Add `test1279` to verify that `libcurl.def` lists all exported API 10448 functions found in libcurl headers. 10449 10450 Also: 10451 10452 - extend test suite XML `stdout` tag with the `loadfile` attribute. 10453 10454 - fix `tests/extern-scan.pl` and `test1135` to include websocket API. 10455 10456 - use all headers (sorted) in `test1135` instead of a manual list. 10457 10458 - add options `--sort`, `--heading=` to `tests/extern-scan.pl`. 10459 10460 - add `libcurl.def` to the auto-labeler GHA task. 10461 10462 Follow-up to 2ebc74c36a19a1700af394c16855ce144d9878e3 10463 10464 Closes #11570 10465 10466Daniel Stenberg (2 Aug 2023) 10467 10468- url: change default value for CURLOPT_MAXREDIRS to 30 10469 10470 It was previously unlimited by default, but that's not a sensible 10471 default. While changing this has a remote risk of breaking an existing 10472 use case, I figure it is more likely to actually save users from loops. 10473 10474 Closes #11581 10475 10476- lib: fix a few *printf() flag mistakes 10477 10478 Reported-by: Gisle Vanem 10479 Ref: #11574 10480 Closes #11579 10481 10482Samuel Chiang (2 Aug 2023) 10483 10484- openssl: make aws-lc version support OCSP 10485 10486 And bump version in CI 10487 10488 Closes #11568 10489 10490Daniel Stenberg (2 Aug 2023) 10491 10492- tool: make the length argument an int for printf()-.* flags 10493 10494 Closes #11578 10495 10496- tool_operate: fix memory leak when SSL_CERT_DIR is used 10497 10498 Detected by Coverity 10499 10500 Follow-up to 29bce9857a12b6cfa726a5 10501 10502 Closes #11577 10503 10504- tool/var: free memory on OOM 10505 10506 Coverity detected this memory leak in OOM situation 10507 10508 Follow-up to 2e160c9c652504e 10509 10510 Closes #11575 10511 10512Viktor Szakats (2 Aug 2023) 10513 10514- gha: bump libressl and mbedtls versions 10515 10516 Closes #11573 10517 10518Jay Satiro (2 Aug 2023) 10519 10520- schannel: fix user-set legacy algorithms in Windows 10 & 11 10521 10522 - If the user set a legacy algorithm list (CURLOPT_SSL_CIPHER_LIST) then 10523 use the SCHANNEL_CRED legacy structure to pass the list to Schannel. 10524 10525 - If the user set both a legacy algorithm list and a TLS 1.3 cipher list 10526 then abort. 10527 10528 Although MS doesn't document it, Schannel will not negotiate TLS 1.3 10529 when SCHANNEL_CRED is used. That means setting a legacy algorithm list 10530 limits the user to earlier versions of TLS. 10531 10532 Prior to this change, since 8beff435 (precedes 7.85.0), libcurl would 10533 ignore legacy algorithms in Windows 10 1809 and later. 10534 10535 Reported-by: zhihaoy@users.noreply.github.com 10536 10537 Fixes https://github.com/curl/curl/pull/10741 10538 Closes https://github.com/curl/curl/pull/10746 10539 10540Daniel Stenberg (2 Aug 2023) 10541 10542- variable.d: setting a variable again overwrites it 10543 10544 Reported-by: Niall McGee 10545 Bug: https://twitter.com/niallmcgee/status/1686523075423322113 10546 Closes #11571 10547 10548Jay Satiro (2 Aug 2023) 10549 10550- CURLOPT_PROXY_SSL_OPTIONS.3: sync formatting 10551 10552 - Re-wrap CURLSSLOPT_ALLOW_BEAST description. 10553 10554Daniel Stenberg (2 Aug 2023) 10555 10556- RELEASE-NOTES: synced 10557 10558- resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set 10559 10560 Previously it would always do PF_UNSPEC if CURL_IPRESOLVE_V4 is not 10561 used, thus unnecessarily asking for addresses that will not be used. 10562 10563 Reported-by: Joseph Tharayil 10564 Fixes #11564 10565 Closes #11565 10566 10567- docs: link to the website versions instead of markdowns 10568 10569 ... to make the links work when the markdown is converted to webpages on 10570 https://curl.se 10571 10572 Reported-by: Maurício Meneghini Fauth 10573 Fixes https://github.com/curl/curl-www/issues/272 10574 Closes #11569 10575 10576Viktor Szakats (1 Aug 2023) 10577 10578- cmake: cache more config and delete unused ones 10579 10580 - cache more Windows config results for faster initialization. 10581 10582 - delete unused config macros `HAVE_SYS_UTSNAME_H`, `HAVE_SSL_H`. 10583 10584 - delete dead references to `sys/utsname.h`. 10585 10586 Closes #11551 10587 10588- egd: delete feature detection and related source code 10589 10590 EGD is Entropy Gathering Daemon, a socket-based entropy source supported 10591 by pre-OpenSSL v1.1 versions and now deprecated. curl also deprecated it 10592 a while ago. 10593 10594 Its detection in CMake was broken all along because OpenSSL libs were 10595 not linked at the point of feature check. 10596 10597 Delete detection from both cmake and autotools, along with the related 10598 source snippet, and the `--with-egd-socket=` `./configure` option. 10599 10600 Closes #11556 10601 10602Stefan Eissing (1 Aug 2023) 10603 10604- tests: fix h3 server check and parallel instances 10605 10606 - fix check for availability of nghttpx server 10607 - add `tcp` frontend config for same port as quic, as 10608 without this, port 3000 is bound which clashes for parallel 10609 testing 10610 10611 Closes #11553 10612 10613Daniel Stenberg (1 Aug 2023) 10614 10615- docs/cmdline-opts: spellfixes, typos and polish 10616 10617 To make them accepted by the spell checker 10618 10619 Closes #11562 10620 10621- CI/spellcheck: build curl.1 and spellcheck it 10622 10623 Added acceptable words 10624 10625 Closes #11562 10626 10627Alexander Jaeger (1 Aug 2023) 10628 10629- misc: fix various typos 10630 10631 Closes #11561 10632 10633Daniel Stenberg (1 Aug 2023) 10634 10635- http2: avoid too early connection re-use/multiplexing 10636 10637 HTTP/1 connections that are upgraded to HTTP/2 should not be picked up 10638 for reuse and multiplexing by other handles until the 101 switching 10639 process is completed. 10640 10641 Lots-of-debgging-by: Stefan Eissing 10642 Reported-by: Richard W.M. Jones 10643 Bug: https://curl.se/mail/lib-2023-07/0045.html 10644 Closes #11557 10645 10646- Revert "KNOWN_BUGS: build for iOS simulator on macOS 13.2 with Xcode 14" 10647 10648 This reverts commit 2e8a3d7cb73c85a9aa151e263315f8a496dbb9d4. 10649 10650 It's a user error for supplying incomplete information to the build system. 10651 10652 Reported-by: Ryan Schmidt 10653 Ref: https://github.com/curl/curl/issues/11215#issuecomment-1658729367 10654 10655Viktor Szakats (1 Aug 2023) 10656 10657- cmake: add support for single libcurl compilation pass 10658 10659 Before this patch CMake builds used two separate compilation passes to 10660 build the shared and static libcurl respectively. This patch allows to 10661 reduce that to a single pass if the target platform and build settings 10662 allow it. 10663 10664 This reduces CMake build times when building both static and shared 10665 libcurl at the same time, making these dual builds an almost zero-cost 10666 option. 10667 10668 Enable this feature for Windows builds, where the difference between the 10669 two passes was the use of `__declspec(dllexport)` attribute for exported 10670 API functions for the shared builds. This patch replaces this method 10671 with the use of `libcurl.def` at DLL link time. 10672 10673 Also update `Makefile.mk` to use `libcurl.def` to export libcurl API 10674 symbols on Windows. This simplifies (or fixes) this build method (e.g. 10675 in curl-for-win, which generated a `libcurl.def` from `.h` files using 10676 an elaborate set of transformations). 10677 10678 `libcurl.def` has the maintenance cost of keeping the list of public 10679 libcurl API symbols up-to-date. This list seldom changes, so the cost 10680 is low. 10681 10682 Closes #11546 10683 10684- cmake: detect `SSL_set0_wbio` in OpenSSL 10685 10686 Present in OpenSSL 1.1.0 and BoringSSL. 10687 Missing from LibreSSL 3.8.0. 10688 10689 Follow-up to f39472ea9f4f4e12cfbc0500c4580a8d52ce4a59 10690 10691 While here, also fix `RAND_egd()` detection which was broken, likely all 10692 along. This feature is probably broken with CMake builds and also 10693 requires a sufficiently obsolete OpenSSL version, so this part of the 10694 update was not tested. 10695 10696 Closes #11555 10697