| Current File : //opt/alt/curlssl11/usr/share/doc/alt-curlssl11/CHANGES |
_ _ ____ _
___| | | | _ \| |
/ __| | | | |_) | |
| (__| |_| | _ <| |___
\___|\___/|_| \_\_____|
Changelog
Version 8.9.1 (31 Jul 2024)
Daniel Stenberg (31 Jul 2024)
- RELEASE-NOTES: synced
- THANKS: add names from the 8.9.1 release notes
Also remove duplicates
Stefan Eissing (30 Jul 2024)
- x509asn1: unittests and fixes for gtime2str
Fix issues in GTime2str() and add unit test cases to verify correct
behaviour.
Follow-up to 3c914bc6801
Closes #14316
Tal Regev (30 Jul 2024)
- vtls: avoid forward declaration in MultiSSL builds
The MSVC compiler cannot have forward declaration with const and static
variable, causing this error:
```
curl\lib\vtls\vtls.c(417,44): warning C4132: 'Curl_ssl_multi': const object s
hould be initialized
```
Ref: #14276
Closes #14305
Viktor Szakats (30 Jul 2024)
- tidy-up: URL updates (one more)
Follow-up to 767d5811b5c783b42cea999dd42ecf0453085d17 #14318
- tidy-up: URL updates
Closes #14318
- cmake: drop `if(PKG_CONFIG_FOUND)` guard for `pkg_check_modules()`
The oldest cmake supported by curl is v3.7.0, which already has such
guard (using `PKG_CONFIG_EXECUTABLE`) inside `pkg_check_modules()`. The
advantage of leaving that guard to CMake is that it will define/reset
all output variables, while the manual guard doesn't do this and also
leaves for example `NETTLE_FOUND` undefined.
Delete the single use of this guard from the recently added `nettle`
detection, where I included it by accident. Then possibly re-introduce
it universally if we find it useful after more evaluation.
Follow-up to 669ce42275635dc1f881dab3dfc9a55c9ab49b21 #14285
Closes #14309
Daniel Stenberg (30 Jul 2024)
- mailmap: dedupe an author showing up twice in shortlog -s
Ivan Kuchin (30 Jul 2024)
- misc: cleanup after removing years from copyright
- remove leftover copyright years from few test files
- fix email in copyright lines
- consistent format of copyright lines
Closes #14312
Alex Snast (30 Jul 2024)
- wolfssl: avoid calling get_cached_x509_store if store is uncachable
There's no need for get_cached_x509_store call if the return value won't
be used for caching anyway.
Closes #14306
Daniel Stenberg (30 Jul 2024)
- contrithanks.sh: use -F with -v to match lines as strings
Makes names involving [brackets] work.
Viktor Szakats (30 Jul 2024)
- GHA/non-native: bump FreeBSD/arm64 python modules
FreeBSD seems to upgrade their Python separately for arm64
and Intel. Today, arm64 caught up with the Intel packages.
Update our CI to reflect it.
Closes #14310
dependabot[bot] (30 Jul 2024)
- GHA: bump github/codeql-action and msys2/setup-msys2
- bump github/codeql-action from 3.25.13 to 3.25.15
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.
25.13 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/2d790406f505036ef
40ecba973cc774a50395aac...afb54ba388a7dca6ecae48f608c4ff05ff4cc77a)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Closes #14300
- bump msys2/setup-msys2 from 2.23.0 to 2.24.0
Bumps [msys2/setup-msys2](https://github.com/msys2/setup-msys2) from 2.23.0 t
o 2.24.0.
- [Release notes](https://github.com/msys2/setup-msys2/releases)
- [Changelog](https://github.com/msys2/setup-msys2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/msys2/setup-msys2/compare/d0e80f58dffbc64f6a3a
1f43527d469b4fc7b6c8...5df0ca6cbf14efcd08f8d5bd5e049a3cc8e07fd2)
---
updated-dependencies:
- dependency-name: msys2/setup-msys2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Closes #14301
Daniel Stenberg (30 Jul 2024)
- x509asn1: clean up GTime2str
Co-authored-by: Stefan Eissing
Reported-by: Dov Murik
Closes #14307
- tool_operate: more defensive socket code
- use 'struct sockaddr' to getsockname() and its sa_family member
- use 'curl_socklen_t' instead of 'socklen_t'
- check for AF_INET6 to exist instead assuming it does
Should be generally more portable.
Reported-by: Harry Sintonen
Closes #14304
Viktor Szakats (29 Jul 2024)
- configure: limit `__builtin_available` test to Darwin
This feature test always fails on non-Apple systems. (For Apple targets
it's supported by llvm and Apple clang.)
Syncs behaviour with CMake.
Follow-up to cfd6f43d6ca7e57670b422bab7bbf10221a2cf3e #14127
Cherry-picked from #14097
Closes #14196
Daniel Stenberg (29 Jul 2024)
- RELEASE-NOTES: synced
- CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching
and add a few more see-also
Closes #14302
Viktor Szakats (29 Jul 2024)
- cmake: detect `libssh` via `pkg-config`
Also:
- fix broken libssh `pkg-config` behaviour on old Linux.
(when found, `LIBSSH_LINK_LIBRARIES` remains undefined.)
- delete manual libssh config from Old Linux CI job,
it's no longer necessary.
Closes #14199
- GHA/non-native: improve, migrate x86_64 FreeBSD with tests from Cirrus CI
- run tests via `make test-ci` instead of `make check` with autotools.
- add `x86_64` job for FreeBSD, with tests.
It matches the existing Cirrus CI job, with these differences:
- finishes 3x faster (thanks to parallel tests enabled).
- librtmp is not enabled because it's slated for removal by FreeBSD.
(already past the removal deadline, thought the package still
installs.)
- DICT and TELNET servers fail to start. Couldn't figure out why.
It means skipping test 1450 and 1452.
- it runs more tests, e.g. websockets and ip6-localhost.
- no `pkg update -f`.
- it misses the `CRYPTOGRAPHY_DONT_BUILD_RUST=1`, `pkg delete curl`,
`chmod 777`, `sudo -u nobody` and `sysctl net.inet.tcp.blackhole`
tricks. The latter is the default in these runners, the others did
not affect results.
- set `-j0` for tests in the NetBSD job. Flaky otherwise.
Closes #14244
- cmake: detect `nettle` when building with GnuTLS
`nettle` is a direct dependency of curl, when building with GnuTLS.
Add a new `Find` module to detect it.
Also:
- GHA/macos: drop `nettle` hack no longer necessary.
- add `nettle` to `libcurl.pc`.
- also add `nettle` to `libcurl.pc` in autotools builds.
Follow-up to 781242ffa44a9f9b95b6da5ac5a1bf6372ec6257 #11967
Closes #14285
- macos: fix Apple SDK bug workaround for non-macOS targets
Turns out that MAC != OSX, despite what these names otherwise mean and
what's suggested by source code comments. "MAC" in fact means Darwin
(aka Apple), not macOS. "OSX" means macOS.
GitHub bumped the macos-14 runner default to Xcode 15.4, hitting the
llvm@15 incompatibility bug by default. Meaning the previous workaround
for the SDK bug is necessary.
This patch extend the workaround to not apply to mobile OS variants.
Follow-up to ff784af461175584c73e7e2b65af00b1a5a6f67f #14159
Reported-by: Sergey
Confirmed-by: Marcel Raad
Fixes #14269
Closes #14275
Stefan Eissing (29 Jul 2024)
- wolfssl: CA store share fix
When sharing the x509 store in wolfSSL, always use an explicitly
constructed one, as the SSLCTX might have "only" an internal one which
is not obeying reference count lifetimes.
Fixes #14278
Reported-by: Alex Snast
Closes #14279
Randall S. Becker (29 Jul 2024)
- curl: support __ss_family use on NonStop platforms
The definition of sockaddr_storage incorrectly specifies the ss_family
field as __ss_family. This fix conditionally allows builds to succeed on
all NonStop platforms.
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Closes #14273
Daniel Stenberg (29 Jul 2024)
- test993: list 1000 messages over POP3
Attempt to verify issue #14201
Closes #14297
Stefan Eissing (29 Jul 2024)
- connect: fix connection shutdown for event based processing
connections being shutdown would register sockets for events, but then
never remove these sockets again. Nor would the shutdown effectively
been performed.
- If a socket event involves a transfer, check if that is the
connection cache internal handle and run its multi_perform()
instead (the internal handle is used for all shutdowns).
- When a timer triggers for a transfer, check also if it is
about the connection cache internal handle.
- During processing shutdowns in the connection cache, assess
the shutdown timeouts. Register a Curl_expire() of the lowest
value for the cache's internal handle.
Reported-by: Gordon Parke
Fixes #14280
Closes #14296
Daniel Stenberg (29 Jul 2024)
- tests: provide FTP directory contents in the test file
Instead of providing a fixed single synthetic response in the test
server itself. To allow us to better use *different* directory listings
in different test cases. In this change, most listings remain the same
as before.
The wildcard match tests still use synthetic responses but we should fix
that as well.
Updated numerous test cases to use this.
Closes #14295
- ftpserver.pl: make POP3 LIST serve content from the test file
instead of a fixed list in the test server.
Adjust test 853 accordingly.
Closes #14293
- TODO: thread-safe sharing
- CURLSHOPT_SHARE.md: mention sessions/cookies as not thread-safe
Sharing of these between threads are apparently also not done safely.
Ref: #14290
Reported-by: Aki Sakurai
Closes #14292
- RELEASE-NOTES: synced
Patrick Monnerat (28 Jul 2024)
- os400: build cli manual.
Use PASE perl to run manual generation scripts.
As PASE perl is not aware of all possible input file encoding, convert
all files to UTF-8 upon build start (this might be lengthy).
OS/400 terminal emulation may only offer 76 columns, thus a new -c
parameter has been added to the managen program, defining the allowed
width.
If perl is not available, omit generation and disable online manual.
Closes #14289
Daniel Stenberg (27 Jul 2024)
- example/multi-uv: remove the use of globals
- shows how to pass on local variables (better)
- start the transfers nicer (with curl_multi_socket_action)
- consistent and helpful function naming - to better show what functions
and callbacks that are used for what
- build warning-free with gcc -W -Wall -pedantic
Closes #14287
Viktor Szakats (27 Jul 2024)
- runtests: fold timing details with GHA, sync `-r` tflags
- move timing details into a foldable group when run in GitHub Actions.
Spec:
https://docs.github.com/en/actions/using-workflows/workflow-commands-for-gi
thub-actions#grouping-log-lines
- enable `-r` (run time stats) option in autotools' `test-ci` target,
syncing it with cmake.
Closes #14284
- GHA/windows: increase timeout for vcpkg build step [ci skip]
Examples:
https://github.com/curl/curl/actions/runs/10102112253/job/27937088909?pr=1427
4
https://github.com/curl/curl/actions/runs/10102112253/job/27937082353?pr=1427
4
https://github.com/curl/curl/actions/runs/10102112253/job/27937088478?pr=1427
4
- GHA/macos: update comment about default Xcode on macos-14 runner [ci skip]
New default since:
https://github.com/actions/runner-images/blob/releases/macos-14-arm64/2024072
2/images/macos/macos-14-arm64-Readme.md
Patrick Monnerat (27 Jul 2024)
- os400: workaround an IBM ASCII run-time library bug
IBM-provided ASCII function puts() does not output an expected trailing
newline: emulate the correct behavior using other functions.
Closes #14281
Stefan Eissing (27 Jul 2024)
- transfer: speed limiting fix for 32bit systems
When checking if a speed limit on receives applies, compare the receive
sizes using the large int type to prevent an overflow on systems where
size_t is 32bit.
Fixes #14272
Reported-by: Mamoru Tasaka
Closes #14277
Anthony Hu (26 Jul 2024)
- wolfSSL: allow wolfSSL's implementation of kyber to be used
Closes #14268
Daniel Stenberg (26 Jul 2024)
- lib: survive some NULL input args
The input string pointer to:
curl_escape
curl_easy_escape
curl_unescape
curl_easy_unescape
The running_handles pointer to:
curl_multi_perform
curl_multi_socket_action
curl_multi_socket_all
curl_multi_socket
Reported-by: icy17 on github
Fixes #14247
Closes #14262
- RELEASE-PROCEDURE.md: restore next release date
Pointed-out-by: extrimexxx on github
Bug: https://github.com/curl/curl/pull/14267#issuecomment-2247062235
- RELEASE-NOTES: synced
bumped to 8.9.1
- RELEASE-PROCEDURE.md: remove the initial build step
Because it is no longer needed to be done by a person as the dmaketgz
script does it by itself.
Removed two past release dates, added two new future ones
Closes #14267
Version 8.9.0 (24 Jul 2024)
Daniel Stenberg (24 Jul 2024)
- RELEASE-NOTES: synced
- THANKS: updates from the 8.9.0 release
- curl_easy_escape.md: move historic details to HISTORY
Closes #14261
- docs/libcurl: add to cleanup docs that their inputs go invalid
Reported-by: icy17 on github
Fixes #14248
Closes #14258
dependabot[bot] (23 Jul 2024)
- GHA: bump github/codeql-action from 3.25.11 to 3.25.13
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.
25.11 to 3.25.13.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/b611370bb5703a7ef
b587f9d136a52ea24c5c38c...2d790406f505036ef40ecba973cc774a50395aac)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Closes #14255
Stefan Eissing (23 Jul 2024)
- conncache: connection shutdown, multi_socket handling
- implement the socket hash user/reader/writer processing also
for connections that are being shut down by the connection cache.
- split out handling of current vs. last pollset socket event handling
into a function available in other code parts
- add `shutdown_poll` pollset to `connectdata` struct so that changes
in the pollset can be recorded during shutdown. (The internal handle
cannot keep it since it might be used for many connections)
Reported-by: calvin2021y on github
Fixes #14252
Closes #14257
Daniel Stenberg (22 Jul 2024)
- tool_cb_prg: output "flying saucers" with leading carriage return
Because that is how the progress-bar is output, so when the progress-bar
has been shown at least once and the information is reset, like for a
redirect, there might be a moment where the size goes from known to
unknown and then the flying saucerts are shown after a brief display of
the progress-bar.
It could previously cause accidental character leftovers on the right
side of the bar when using a narrow display.
Reported-by: Chris Webb
Fixes #14213
Closes #14246
- lib: Curl_posttransfer => multi_posttransfer
Moved from transfer.c to multi.c as it was only used within multi.c
Made a void, as it returned a fixed return code nothing checked.
Closes #14240
- CURLOPT_SSL_VERIFYHOST.md: refresh
Move mentions of old behavior to the HISTORY section to make it easier
to read about modern behavior.
Added a MATCHING section.
Closes #14241
- multi: do a final progress update on connect failure
To fix timing metric etc
Co-authored-by: Justin Maggard
Fixes #14204
Closes #14239
Orgad Shaneh (19 Jul 2024)
- md4: fix compilation with OpenSSL 1.x with md4 disabled
If OpenSSL 1.x is used, and it is configured with md4 disabled,
OPENSSL_NO_MD4 is defined in opensslconf.h, but this header was not
included before checking for this define.
Later in md4.c, openssl/md4.h is included, and it includes that header
indirectly, leading to inconsistency within md4.c.
Since the md4.h branch was taken, wincrypt.h (or others) is not
included, and later below the USE_WIN32_CRYPTO branch is taken, but the
types are not defined.
Closes #14218
martinevsky (19 Jul 2024)
- ftp: remove redundant null pointer check in loop condition
Closes #14234
Justin Maggard (19 Jul 2024)
- mbedtls: check version before getting tls version
mbedtls_ssl_get_version_number() was added in mbedtls 3.2.0. Check for
that version before using it.
Closes #14228
martinevsky (19 Jul 2024)
- urlapi: remove unused definition of HOST_BAD
Closes #14235
Daniel Stenberg (19 Jul 2024)
- curldown: fixups
- make DEFAULT sections less repetitive
- make historic mentions use HISTORY
- generate the protocols section on `# %PROTOCOLS%` instead of guessing
where to put it
- generate the availability section on `# %AVAILABILITY%` instead of
guessing where to put it
- make the protocols section more verbose
Closes #14227
Tal Regev (19 Jul 2024)
- GHA/windows: enable libssh in !ssl MSVC job
Closes #14232
- GHA/windows: enable libidn2 in !ssl MSVC job
Closes #14200
Viktor Szakats (19 Jul 2024)
- GHA/macos: improve, fix gcc/llvm, add new test matrix
This PR began as an attempt to drop GCC support, after repeated reports
on fallouts when trying to use it on macOS.
Then it transformed into a 3-week project turning up the issues causing
the fallouts, ending up including llvm and all available Xcode / macOS
SDK, macOS runner image, build tools and compiler vendors and versions.
Accumulating 400 sub-commits.
I developed and tested all fixes under this PR, then merged them as
separate patches.
This PR retained CI jobs updates, extensively reworking and extending
them: [1]
At first it seemed GCC and the Apple SDK is "naturally" growing more
incompatible, as Apple added further non-standard features to their
headers. This is partly true, but reality is more complicated.
Besides some issues local to curl, there were bugs in Apple SDK
headers, Homebrew GCC builds, feature missing in the old llvm version
pre-installed on GitHub CI runner images, and subtle incompatibilities
between GCC and llvm/clang when handling language extensions.
Resulting compiler errors seldom pointed to a useful direction, and
internet search was silent about these issues too. Thus, I had to peel
them off layer by layer, using trial and error, and by recognizing
patterns of failures accross 150-200 builds combinations. Exposing
configure logs, and curl_config.h in the CI logs helped too.
1. GCC header compatibility layer ("hack" as GCC calls it)
The toughest issue is GCC's built-in compatibility layer:
https://github.com/gcc-mirror/gcc/tree/master/fixincludes
This patch layer is further patched by a "Darwin compatibility" project
applied on top by Homebrew GCC via:
https://github.com/iains/gcc-12-branch
https://github.com/iains/gcc-13-branch
https://github.com/iains/gcc-14-branch
The hack layer is designed in a way that breaks more builds than it
fixes, esp. in context of GHA runners. The idea is to build GCC
specifically for the SDK for the target macOS version. The problem with
this approach is that the Xcode + SDK installed on the local/CI machine
often does not match with the SDK used on while building GCC on
Homebrew's build machines. In these cases the GCC compatibility layer
turns into an "uncompatibility" layer and consistently breaks builds.
curl cannot offer a fix for this, because the solution (I found) is to
patch the toolchain on the local machine. I implemented this for our CI
builds and curl-for-win. In other case the user must do this patching
manually, or choose a compatible GCC + Xcode/SDK combination.
An upstream fix doesn't seem trivial either, because the issue is
ingrained in the compatibility layer's design. Offering an `-fapplesdk`
(or recognizing `-target`) option and/or fixing them within the compiler
would seem like a more robust option, and also how mainline llvm solves
this.
Here's a table summarizing the GCC + SDK combinations and curl build
failures: [2]
More info: https://github.com/curl/curl/issues/10356#issuecomment-2222734103
db135f8d7207b20d531e7e2100a49f3e16bdcfab #14119 macos: add workaround for gcc
, non-c-ares, IPv6, compile error
Ref: https://github.com/curl/curl-for-win/commit/e2db3c475f5981352e6e6a79854a
255805b28deb
Ref: https://github.com/curl/curl-for-win/commit/f5c58d7fef78e972be33ca2355dc
b42ba56622a6
2. Homebrew GCC's `availability` extension
A recent minor Homebrew GCC upgrade caused major breakage. The "Darwin
compatibility" patch applied to GCC implemented the `availability`
compiler attribute in GCC. Apple SDK detected this and enabled using
them, but as it turns out GCC accepts compiler attributes with slightly
different rules than llvm/clang, and how the Apple SDK uses them,
breaking builds.
Affected Homebrew GCC versions are: 12.4.0, 13.3.0 and 14.1.0.
Possibly tracked here: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796
More info: https://github.com/llvm/llvm-project/issues/81767
Commit implementing the `availability` macro:
gcc-12: https://github.com/iains/gcc-12-branch/commit/fd5530b7cb0012bf4faeddd
45e13054a1dfa6783
gcc-13: https://github.com/iains/gcc-13-branch/commit/cb7e4eca68cfc4763474e2e
b0935a844458842a8
gcc-14: https://github.com/iains/gcc-14-branch/commit/ff62a108865a6403f501738
0d7018250c1d3306f
That applied to Homebrew GCC (12.4.0):
https://github.com/Homebrew/homebrew-core/commit/b904223d9893f62bec2a8f7483bf
5992747fc6c7#diff-89dd0b4176eca7fcc24b591943509bf8a8d6ea904d71e5dfcd6b78fed62
fc574R44-R48
Ref: #13700
More info: https://github.com/curl/curl/pull/14091#issuecomment-2222703468
e91fcbac7d86292858718a0bfebad57978761af4 #14155 macos: undo `availability` ma
cro enabled by Homebrew gcc
3. Proprietary Apple SDK macros
Apple SDK expects certain macros predefined by the compiler. Missing
them may causes odd issues. Mainline llvm is keeping up with Apple
clang, but it needs a fresh version, while the one installed on GitHub
runners is old (v15). I patched these in `lib/curl_setup.h`.
baa3270846b2a7307cbd0dd5c02c4e5f00e388dd #14134 build: fix llvm 16 or older +
Xcode 15 or newer, and gcc
4. Apple SDK header bug
Without certain predefined macros, SDK headers can take a codepath where
it mis-defines its own `TARGET_OS_OSX` macro, which make it break its
own headers later. I patched it in `lib/curl_setup.h`.
ff784af461175584c73e7e2b65af00b1a5a6f67f #14159 build: fix llvm 17 and older
+ macOS SDK 14.4 and newer
5. `TargetConditionals.h` requires `sys/types.h`
Fixed in curl. It caused feature-detection failurs with autotools, and
could break builds in certain configurations.
e1f6192939c9c5ab2310b60bedf4c07d635193f6 #14130 configure: fix `SystemConfigu
ration` detection
6. Differences between autotools and CMake compiler options
Fixed it by syncing compiler warning options.
59cadacfcc1d39472245979cdbd614c7a9af6f0d #14128 build: sync warning options b
etween autotools, cmake & compilers
7. Differences between autotools and CMake dependency detection
Fixed it by improving detection of libidn2, with some more fixes
pending for the next feature window.
f43adc2c4978f7f82a359e89186e58a31d17b0ad #14137 cmake: detect `libidn2` also
via `pkg-config`
Ref: #14136 cmake: detect `nghttp2` via `pkg-config`, enable by default
8. libidn2 detection bug with CMake
Fixed the root cause and also the trigger in the CI config.
764fbabf6ed4c1d36c0ab2033ac8df52d9923cd7 #14175 cmake: fix builds with detect
ed libidn2 lib but undetected header
9. Suppressed compiler warnings inside Apple-specific curl code
Fixed these warnings, which allowed to stop silencing them.
b05dc7eb3592305de9fa85640767f3dd2a8d4c93 #14122 sectransp: fix `HAVE_BUILTIN_
AVAILABLE` checks to not emit warnings
5fa534b0dacdc120aaab0766047e0ecac37be4b3 #14162 sectransp: fix clang compiler
warnings, stop silencing them
10. CMake mis-detecting a CA bundle path on macOS
d2ef6255f4a040397d2f40ab7cbf65a203201cd9 #14182 cmake: sync CA bundle/path de
tection with autotools
11. Failure to build tests with LibreSSL or wolfSSL with CMake
Fixed by dropping unnecessary includes, makign test builds dependent
on dependency headers.
3765d75ce47b66289f946382b649d0e99389dc77 #14172 cmake: fix building `unit1600
` due to missing `ssl/openssl.h`
12. curl tests with CMake
curl's CMake was missing bits for running the C preprocessor accurately.
It made tests 1119 and 1167 fail. I implemented the missing bits.
efc2c5184d008fe2e5910fd03263e1ab0331d4e6 #14124 tests: include current direct
ory when running test Perl commands
c09db8b51b88ee6ad55bd637dcb4b47678e30906 #14129 cmake: create `configurehelp.
pm` like autotools does
67cc1e3400b77536a3ca529c986247e1ef985e6e #14125 test1119: adapt for `.md` inp
ut
13. GCC missing `__builtin_available()` support
curl source code assumes this is available to enable certain codepaths.
It's also intermixed with monotonic timer support.
14. Monotonic timer support with GCC
Detected by GCC, while it probably shouldn't be. llvm/clang detects it
depending on target OS version. I've been playing with this, but so far
without a conclusion or fix.
15. Runtime/test failures with GCC
I couldn't find the reason for most of this. A bunch of RTSP tests fail
with GCC. SecureTransport + HTTP/2 is failing a bunch of tests. With
OpenSSL it fails two of those. SecureTransport builds also fail one DoH
test.
16. Runtime/test failure in llvm/clang
AppleIDN support received a fix with two more remaining.
fd0250869f7837e4a48d7e6f54cc0801ad3820e8 #14179 #14176 IDN: fix ß with Apple
IDN
17. Other issues found and fixed while working on this:
2c15aa5765900d4351e733671a1c8c3785beee1a GHA/macos: delete misplaced `
CFLAGS`, drop redundant CMake option
80fb7c0bef209735ab352bf4afa31193a7bc65f1 #14126 configure: limit `SystemConfi
guration` test to non-c-ares, IPv6 builds
cfd6f43d6ca7e57670b422bab7bbf10221a2cf3e #14127 build: tidy up `__builtin_ava
ilable` feature checks (Apple)
bae555359979016999a9425a2d489f219a78abdd #14174 runtests: show name and keywo
rds for failed tests in summary
09cdf7e5315711dea4ce7dcf5d99a4d41e7f658b #14178 cmake: delete unused `HAVE_LI
BSSH2`, `HAVE_LIBSOCKET` macros
d3595c74fab829f07ef44da1b7fc2f5668767020 #14186 configure: CA bundle/path det
ection fixes
58772b0e082eda333e0a5fc8fb0bc7f17a3cd99c #14187 runtests: set `SOURCE_DATE_EP
OCH` to fix failing around midnight
18f1cd7a77c4beecfd977d43f55634eb593ac99e #14183 tests: sync feature names wit
h `curl -V`
4c22d97be786ed801e050da6872dd3143d6d0a59 #14181 build: use `#error` instead o
f invalid syntax
Pending merges:
- #14185 runtests: fold test details for GitHub CI runs
- #14197 cmake: grab-bag of tidy-ups
- #14196 configure: limit `__builtin_available` test to Darwin
Summary:
In general GCC doesn't seem to be a good fit with curl and macOS for
now. These "lucky" combinations (GitHub Actions runner) will build out
of the box now: macos-14 + Xcode 15.0.1 + gcc-11, gcc-12, gcc-14. The
rest builds with the ugly workaround in place, but all this still leaves
some runtime issues.
More info and links in the commit messages and source code.
[1]: This PR:
- add info about target OS version requirements per feature, with OS
names and release years.
- stop using `-Wno-deprecated-declarations` to suppress warnings.
- use `LDFLAGS=-w` to suppress 'object file was built for newer macOS
version than being linked' warnings.
(there were tens of thousands of them in some jobs)
- allow overriding Xcode version in all jobs.
- improve job names.
- abbreviate CMake as CM, autotools as AM for more compact job names.
- shorten job names by using `!` instead of `no-` and `non-`.
- bump parellel tests to 10 (from 5).
- drop using `--enable-maintainer-mode` `./configure` option.
- add gcc-12 no-ssl, autotools job with tests, ignore failing test
results. (It's not yet clear why gcc-12 builds have different runtime
results than clang/llvm ones.)
- add comments with OS names and release years next to version numbers,
e.g. 10.15 # Catalina (2019)
- fix broken gcc-12 SecureTransport build.
- show compiler, Xcode, SDK, gcc hack SDK versions, Homebrew
preinstalled packages and C compiler predefined macros for each job.
Useful for debugging all the strange problems these builds might have.
- merge brew bundle and install steps.
- move step names to the top.
- dump configure log for both cmake and autotools also for successful
builds. Useful for debugging.
- dump curl_config.h in short (sorted #defines) and full form.
- add support for the mainline llvm compiler.
- set sysroot for gcc and llvm.
- add timeout for cmake jobs.
- add new job matrix: combinations
It supports building all possible compiler, runner image, Xcode/SDK
combinations, with cmake and autotools, target OS versions and with or
without SecureTransport. It's quick. GHA limits the maximum number of
matrix jobs at 256.
I used this as a test-rig to fix the macOS build fallouts with gcc and
llvm.
I settled with 16 jobs, trying to maximize fallout coverage.
- implement hack to make Homebrew gcc work with all available SDKs.
- add handy mini-table about Xcode / SDK versions, OS names, years for
each GHA images, with the defaults.
- add tests for cmake jobs.
- make cmake config hack to link GnuTLS less intrusive.
- stop ignoring test 1452, seems fine now.
- fix to enable libpsl in autotools builds.
- enable libpsl in cmake builds.
- add an llvm job with tests (both autotools and cmake).
- delete similar macOS jobs from Circle CI. GHA is now arm64 too.
[2]: Homebrew GCC vs GHA runner images vs curl builds:
```
macOS Xcode gcc gcc SDK hacks Xcode SDK SDK major Build
Compile
(*def) (Homebrew) (CommandLineTools) versions
error
-------- -------- ---------- ------------------ ---------- --------- -----
---------------------
macos-12 13.1 GCC 11.4.0 MacOSX12 MacOSX12.0
macos-12 13.2.1 GCC 11.4.0 MacOSX12 MacOSX12.1
macos-12 13.3.1 GCC 11.4.0 MacOSX12 MacOSX12.3
macos-12 13.4.1 GCC 11.4.0 MacOSX12 MacOSX12.3
macos-12 14.0.1 GCC 11.4.0 MacOSX12 MacOSX12.3
macos-12 14.1 GCC 11.4.0 MacOSX12 MacOSX13.0 MISMATCH FAIL
/Applications/Xcode_14.1.app/Contents/Developer/Platforms/MacOSX.platform/De
veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be
fore 'extern'
macos-12 *14.2 GCC 11.4.0 MacOSX12 MacOSX13.1 MISMATCH FAIL
/Applications/Xcode_14.2.app/Contents/Developer/Platforms/MacOSX.platform/De
veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be
fore 'extern'
macos-13 14.1 GCC 11.4.0 MacOSX13 MacOSX13.0
macos-13 14.2 GCC 11.4.0 MacOSX13 MacOSX13.1
macos-13 14.3.1 GCC 11.4.0 MacOSX13 MacOSX13.3
macos-13 *15.0.1 GCC 11.4.0 MacOSX13 MacOSX14.0 MISMATCH FAIL
/Applications/Xcode_15.0.1.app/Contents/Developer/Platforms/MacOSX.platform/
Developer/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown
type name 'dispatch_queue_t'
macos-13 15.1 GCC 11.4.0 MacOSX13 MacOSX14.2 MISMATCH FAIL
/Applications/Xcode_15.1.app/Contents/Developer/Platforms/MacOSX.platform/De
veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown ty
pe name 'dispatch_queue_t'
macos-13 15.2 GCC 11.4.0 MacOSX13 MacOSX14.2 MISMATCH FAIL
/Applications/Xcode_15.2.app/Contents/Developer/Platforms/MacOSX.platform/De
veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown ty
pe name 'dispatch_queue_t'
macos-14 14.3.1 GCC 11.4.0 MacOSX14 MacOSX13.3 MISMATCH FAIL
/Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
e data types in declaration specifiers
macos-14 *15.0.1 GCC 11.4.0 MacOSX14 MacOSX14.0
macos-14 15.1 GCC 11.4.0 MacOSX14 MacOSX14.2
macos-14 15.2 GCC 11.4.0 MacOSX14 MacOSX14.2
macos-14 15.3 GCC 11.4.0 MacOSX14 MacOSX14.4
macos-14 15.4 GCC 11.4.0 MacOSX14 MacOSX14.5
macos-14 16.0 GCC 11.4.0 MacOSX14 MacOSX15.0 MISMATCH FAIL
/opt/homebrew/Cellar/gcc@11/11.4.0/lib/gcc/11/gcc/aarch64-apple-darwin23/11/
include-fixed/stdio.h:83:8: error: unknown type name 'FILE'
macos-12 13.1 GCC 12.4.0 MacOSX12 MacOSX12.0
macos-12 13.2.1 GCC 12.4.0 MacOSX12 MacOSX12.1
macos-12 13.3.1 GCC 12.4.0 MacOSX12 MacOSX12.3
macos-12 13.4.1 GCC 12.4.0 MacOSX12 MacOSX12.3
macos-12 14.0.1 GCC 12.4.0 MacOSX12 MacOSX12.3
macos-12 14.1 GCC 12.4.0 MacOSX12 MacOSX13.0 MISMATCH FAIL
/Applications/Xcode_14.1.app/Contents/Developer/Platforms/MacOSX.platform/De
veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be
fore 'extern'
macos-12 *14.2 GCC 12.4.0 MacOSX12 MacOSX13.1 MISMATCH FAIL
/Applications/Xcode_14.2.app/Contents/Developer/Platforms/MacOSX.platform/De
veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be
fore 'extern'
macos-13 14.1 GCC 12.4.0 MacOSX13 MacOSX13.0
macos-13 14.2 GCC 12.4.0 MacOSX13 MacOSX13.1
macos-13 14.3.1 GCC 12.4.0 MacOSX13 MacOSX13.3
macos-13 *15.0.1 GCC 12.4.0 MacOSX13 MacOSX14.0 MISMATCH FAIL
/Applications/Xcode_15.0.1.app/Contents/Developer/Platforms/MacOSX.platform/
Developer/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown
type name 'dispatch_queue_t'
macos-13 15.1 GCC 12.4.0 MacOSX13 MacOSX14.2 MISMATCH FAIL
/Applications/Xcode_15.1.app/Contents/Developer/Platforms/MacOSX.platform/De
veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown ty
pe name 'dispatch_queue_t'
macos-13 15.2 GCC 12.4.0 MacOSX13 MacOSX14.2 MISMATCH FAIL
/Applications/Xcode_15.2.app/Contents/Developer/Platforms/MacOSX.platform/De
veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown ty
pe name 'dispatch_queue_t'
macos-14 14.3.1 GCC 12.4.0 MacOSX14 MacOSX13.3 MISMATCH
macos-14 *15.0.1 GCC 12.4.0 MacOSX14 MacOSX14.0
macos-14 15.1 GCC 12.4.0 MacOSX14 MacOSX14.2
macos-14 15.2 GCC 12.4.0 MacOSX14 MacOSX14.2
macos-14 15.3 GCC 12.4.0 MacOSX14 MacOSX14.4
macos-14 15.4 GCC 12.4.0 MacOSX14 MacOSX14.5
macos-14 16.0 GCC 12.4.0 MacOSX14 MacOSX15.0 MISMATCH FAIL
/opt/homebrew/Cellar/gcc@12/12.4.0/lib/gcc/12/gcc/aarch64-apple-darwin23/12/
include-fixed/stdio.h:83:8: error: unknown type name 'FILE'
macos-12 13.1 GCC 13.3.0 MacOSX12 MacOSX12.0
macos-12 13.2.1 GCC 13.3.0 MacOSX12 MacOSX12.1
macos-12 13.3.1 GCC 13.3.0 MacOSX12 MacOSX12.3
macos-12 13.4.1 GCC 13.3.0 MacOSX12 MacOSX12.3
macos-12 14.0.1 GCC 13.3.0 MacOSX12 MacOSX12.3
macos-12 14.1 GCC 13.3.0 MacOSX12 MacOSX13.0 MISMATCH FAIL
/Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
e data types in declaration specifiers
macos-12 *14.2 GCC 13.3.0 MacOSX12 MacOSX13.1 MISMATCH FAIL
/Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
e data types in declaration specifiers
macos-13 14.1 GCC 13.3.0 MacOSX13 MacOSX13.0
macos-13 14.2 GCC 13.3.0 MacOSX13 MacOSX13.1
macos-13 14.3.1 GCC 13.3.0 MacOSX13 MacOSX13.3
macos-13 *15.0.1 GCC 13.3.0 MacOSX13 MacOSX14.0 MISMATCH FAIL
/Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
e data types in declaration specifiers
macos-13 15.1 GCC 13.3.0 MacOSX13 MacOSX14.2 MISMATCH FAIL
/Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
e data types in declaration specifiers
macos-13 15.2 GCC 13.3.0 MacOSX13 MacOSX14.2 MISMATCH FAIL
/Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
e data types in declaration specifiers
macos-14 14.3.1 GCC 13.3.0 MacOSX14 MacOSX13.3 MISMATCH FAIL
/Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
e data types in declaration specifiers
macos-14 *15.0.1 GCC 13.3.0 MacOSX14 MacOSX14.0 FAIL
/Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
e data types in declaration specifiers
macos-14 15.1 GCC 13.3.0 MacOSX14 MacOSX14.2 FAIL
/Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
e data types in declaration specifiers
macos-14 15.2 GCC 13.3.0 MacOSX14 MacOSX14.2 FAIL
/Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
e data types in declaration specifiers
macos-14 15.3 GCC 13.3.0 MacOSX14 MacOSX14.4
macos-14 15.4 GCC 13.3.0 MacOSX14 MacOSX14.5
macos-14 16.0 GCC 13.3.0 MacOSX14 MacOSX15.0 MISMATCH FAIL
/opt/homebrew/Cellar/gcc@13/13.3.0/lib/gcc/13/gcc/aarch64-apple-darwin23/13/
include-fixed/stdio.h:83:8: error: unknown type name 'FILE'
macos-12 13.1 GCC 14.1.0 MacOSX12 MacOSX12.0
macos-12 13.2.1 GCC 14.1.0 MacOSX12 MacOSX12.1
macos-12 13.3.1 GCC 14.1.0 MacOSX12 MacOSX12.3
macos-12 13.4.1 GCC 14.1.0 MacOSX12 MacOSX12.3
macos-12 14.0.1 GCC 14.1.0 MacOSX12 MacOSX12.3
macos-12 14.1 GCC 14.1.0 MacOSX12 MacOSX13.0 MISMATCH FAIL
/Applications/Xcode_14.1.app/Contents/Developer/Platforms/MacOSX.platform/De
veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be
fore 'extern'
macos-12 *14.2 GCC 14.1.0 MacOSX12 MacOSX13.1 MISMATCH FAIL
/Applications/Xcode_14.2.app/Contents/Developer/Platforms/MacOSX.platform/De
veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be
fore 'extern'
macos-13 14.1 GCC 14.1.0 MacOSX13 MacOSX13.0
macos-13 14.2 GCC 14.1.0 MacOSX13 MacOSX13.1
macos-13 14.3.1 GCC 14.1.0 MacOSX13 MacOSX13.3
macos-13 *15.0.1 GCC 14.1.0 MacOSX13 MacOSX14.0 MISMATCH FAIL
/Applications/Xcode_15.0.1.app/Contents/Developer/Platforms/MacOSX.platform/
Developer/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:70:1: error: type defa
ults to 'int' in declaration of 'DISPATCH_DECL_FACTORY_CLASS_SWIFT' [-Wimplic
it-int]
macos-13 15.1 GCC 14.1.0 MacOSX13 MacOSX14.2 MISMATCH FAIL
/Applications/Xcode_15.1.app/Contents/Developer/Platforms/MacOSX.platform/De
veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:70:1: error: type defaul
ts to 'int' in declaration of 'DISPATCH_DECL_FACTORY_CLASS_SWIFT' [-Wimplicit
-int]
macos-13 15.2 GCC 14.1.0 MacOSX13 MacOSX14.2 MISMATCH FAIL
/Applications/Xcode_15.2.app/Contents/Developer/Platforms/MacOSX.platform/De
veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:70:1: error: type defaul
ts to 'int' in declaration of 'DISPATCH_DECL_FACTORY_CLASS_SWIFT' [-Wimplicit
-int]
macos-14 14.3.1 GCC 14.1.0 MacOSX14 MacOSX13.3 MISMATCH
macos-14 *15.0.1 GCC 14.1.0 MacOSX14 MacOSX14.0
macos-14 15.1 GCC 14.1.0 MacOSX14 MacOSX14.2
macos-14 15.2 GCC 14.1.0 MacOSX14 MacOSX14.2
macos-14 15.3 GCC 14.1.0 MacOSX14 MacOSX14.4
macos-14 15.4 GCC 14.1.0 MacOSX14 MacOSX14.5
macos-14 16.0 GCC 14.1.0 MacOSX14 MacOSX15.0 MISMATCH FAIL
/opt/homebrew/Cellar/gcc/14.1.0_1/lib/gcc/current/gcc/aarch64-apple-darwin23
/14/include-fixed/stdio.h:83:8: error: unknown type name 'FILE'
```
Source: https://github.com/curl/curl/actions/runs/9883956647/job/27299564218
This commit fixes earlier commit
1e75edd372868048c9f805ac4ca6d2cb5a88ff5a, reverted in
41a7e0dcc9681afd91e066411bcee4f369c23366, where I cut the commit
message in half by accident. The patch itself is identical.
Closes #14097
- Revert "GHA/macos: improve, fix gcc/llvm, add new test matrix"
This reverts commit 1e75edd372868048c9f805ac4ca6d2cb5a88ff5a.
Due to some parts of the commit message missing (my bad.)
Daniel Stenberg (19 Jul 2024)
- Revert "lib: send eos flag"
This reverts commit be93299f10ef0b2bf7fe5c82140120073831867a.
Viktor Szakats (19 Jul 2024)
- GHA/windows: use default shell CI feature
It makes repeating a line in each step unnecessary.
Closes #14206
- GHA/macos: improve, fix gcc/llvm, add new test matrix
This PR began as an attempt to drop GCC support, after repeated reports
on fallouts when trying to use it on macOS.
Then it transformed into a 3-week project turning up the issues causing
the fallouts, ending up including llvm and all available Xcode / macOS
SDK, macOS runner image, build tools and compiler vendors and versions.
Accumulating 400 sub-commits.
I developed and tested all fixes under this PR, then merged them as
separate patches.
This PR retained CI jobs updates, extensively reworking and extending
them: [1]
At first it seemed GCC and the Apple SDK is "naturally" growing more
incompatible, as Apple added further non-standard features to their
headers. This is partly true, but reality is more complicated.
Besides some issues local to curl, there were bugs in Apple SDK
headers, Homebrew GCC builds, feature missing in the old llvm version
pre-installed on GitHub CI runner images, and subtle incompatibilities
between GCC and llvm/clang when handling language extensions.
Resulting compiler errors seldom pointed to a useful direction, and
internet search was silent about these issues too. Thus, I had to peel
them off layer by layer, using trial and error, and by recognizing
patterns of failures accross 150-200 builds combinations. Exposing
configure logs, and curl_config.h in the CI logs helped too.
1. GCC header compatibility layer ("hack" as GCC calls it)
The toughest issue is GCC's built-in compatibility layer:
https://github.com/gcc-mirror/gcc/tree/master/fixincludes
This patch layer is further patched by a "Darwin compatibility" project
applied on top by Homebrew GCC via:
https://github.com/iains/gcc-12-branch
https://github.com/iains/gcc-13-branch
https://github.com/iains/gcc-14-branch
The hack layer is designed in a way that breaks more builds than it
fixes, esp. in context of GHA runners. The idea is to build GCC
specifically for the SDK for the target macOS version. The problem with
this approach is that the Xcode + SDK installed on the local/CI machine
often does not match with the SDK used on while building GCC on
Homebrew's build machines. In these cases the GCC compatibility layer
turns into an "uncompatibility" layer and consistently breaks builds.
curl cannot offer a fix for this, because the solution (I found) is to
patch the toolchain on the local machine. I implemented this for our CI
builds and curl-for-win. In other case the user must do this patching
manually, or choose a compatible GCC + Xcode/SDK combination.
An upstream fix doesn't seem trivial either, because the issue is
ingrained in the compatibility layer's design. Offering an `-fapplesdk`
(or recognizing `-target`) option and/or fixing them within the compiler
would seem like a more robust option, and also how mainline llvm solves
this.
Here's a table summarizing the GCC + SDK combinations and curl build
failures: [2]
More info: https://github.com/curl/curl/issues/10356#issuecomment-2222734103
db135f8d7207b20d531e7e2100a49f3e16bdcfab #14119 macos: add workaround for gcc
, non-c-ares, IPv6, compile error
Ref: https://github.com/curl/curl-for-win/commit/e2db3c475f5981352e6e6a79854a
255805b28deb
Ref: https://github.com/curl/curl-for-win/commit/f5c58d7fef78e972be33ca2355dc
b42ba56622a6
2. Homebrew GCC's `availability` extension
A recent minor Homebrew GCC upgrade caused major breakage. The "Darwin
compatibility" patch applied to GCC implemented the `availability`
compiler attribute in GCC. Apple SDK detected this and enabled using
them, but as it turns out GCC accepts compiler attributes with slightly
different rules than llvm/clang, and how the Apple SDK uses them,
breaking builds.
Affected Homebrew GCC versions are: 12.4.0, 13.3.0 and 14.1.0.
Possibly tracked here: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796
More info: https://github.com/llvm/llvm-project/issues/81767
Commit implementing the `availability` macro:
gcc-12: https://github.com/iains/gcc-12-branch/commit/fd5530b7cb0012bf4faeddd
45e13054a1dfa6783
gcc-13: https://github.com/iains/gcc-13-branch/commit/cb7e4eca68cfc4763474e2e
b0935a844458842a8
gcc-14: https://github.com/iains/gcc-14-branch/commit/ff62a108865a6403f501738
0d7018250c1d3306f
That applied to Homebrew GCC (12.4.0):
https://github.com/Homebrew/homebrew-core/commit/b904223d9893f62bec2a8f7483bf
5992747fc6c7#diff-89dd0b4176eca7fcc24b591943509bf8a8d6ea904d71e5dfcd6b78fed62
fc574R44-R48
Ref: #13700
More info: https://github.com/curl/curl/pull/14091#issuecomment-2222703468
e91fcbac7d86292858718a0bfebad57978761af4 #14155 macos: undo `availability` ma
cro enabled by Homebrew gcc
3. Proprietary Apple SDK macros
Apple SDK expects certain macros predefined by the compiler. Missing
them may causes odd issues. Mainline llvm is keeping up with Apple
clang, but it needs a fresh version, while the one installed on GitHub
runners is old (v15). I patched these in `lib/curl_setup.h`.
baa3270846b2a7307cbd0dd5c02c4e5f00e388dd #14134 build: fix llvm 16 or older +
Xcode 15 or newer, and gcc
4. Apple SDK header bug
Without certain predefined macros, SDK headers can take a codepath where
it mis-defines its own `TARGET_OS_OSX` macro, which make it break its
own headers later. I patched it in `lib/curl_setup.h`.
ff784af461175584c73e7e2b65af00b1a5a6f67f #14159 build: fix llvm 17 and older
+ macOS SDK 14.4 and newer
5. `TargetConditionals.h` requires `sys/types.h`
Fixed in curl. It caused feature-detection failurs with autotools, and
could break builds in certain configurations.
e1f6192939c9c5ab2310b60bedf4c07d635193f6 #14130 configure: fix `SystemConfigu
ration` detection
6. Differences between autotools and CMake compiler options
Fixed it by syncing compiler warning options.
59cadacfcc1d39472245979cdbd614c7a9af6f0d #14128 build: sync warning options b
etween autotools, cmake & compilers
7. Differences between autotools and CMake dependency detection
Fixed it by improving detection of libidn2, with some more fixes
pending for the next feature window.
f43adc2c4978f7f82a359e89186e58a31d17b0ad #14137 cmake: detect `libidn2` also
via `pkg-config`
Ref: #14136 cmake: detect `nghttp2` via `pkg-config`, enable by default
8. libidn2 detection bug with CMake
Fixed the root cause and also the trigger in the CI config.
764fbabf6ed4c1d36c0ab2033ac8df52d9923cd7 #14175 cmake: fix builds with detect
ed libidn2 lib but undetected header
9. Suppressed compiler warnings inside Apple-specific curl code
Fixed these warnings, which allowed to stop silencing them.
b05dc7eb3592305de9fa85640767f3dd2a8d4c93 #14122 sectransp: fix `HAVE_BUILTIN_
AVAILABLE` checks to not emit warnings
5fa534b0dacdc120aaab0766047e0ecac37be4b3 #14162 sectransp: fix clang compiler
warnings, stop silencing them
10. CMake mis-detecting a CA bundle path on macOS
d2ef6255f4a040397d2f40ab7cbf65a203201cd9 #14182 cmake: sync CA bundle/path de
tection with autotools
11. Failure to build tests with LibreSSL or wolfSSL with CMake
Fixed by dropping unnecessary includes, makign test builds dependent
on dependency headers.
3765d75ce47b66289f946382b649d0e99389dc77 #14172 cmake: fix building `unit1600
` due to missing `ssl/openssl.h`
12. curl tests with CMake
curl's CMake was missing bits for running the C preprocessor accurately.
It made tests 1119 and 1167 fail. I implemented the missing bits.
efc2c5184d008fe2e5910fd03263e1ab0331d4e6 #14124 tests: include current direct
ory when running test Perl commands
c09db8b51b88ee6ad55bd637dcb4b47678e30906 #14129 cmake: create `configurehelp.
pm` like autotools does
67cc1e3400b77536a3ca529c986247e1ef985e6e #14125 test1119: adapt for `.md` inp
ut
13. GCC missing `__builtin_available()` support
curl source code assumes this is available to enable certain codepaths.
It's also intermixed with monotonic timer support.
14. Monotonic timer support with GCC
Detected by GCC, while it probably shouldn't be. llvm/clang detects it
depending on target OS version. I've been playing with this, but so far
without a conclusion or fix.
15. Runtime/test failures with GCC
I couldn't find the reason for most of this. A bunch of RTSP tests fail
with GCC. SecureTransport + HTTP/2 is failing a bunch of tests. With
OpenSSL it fails two of those. SecureTransport builds also fail one DoH
test.
16. Runtime/test failure in llvm/clang
AppleIDN support received a fix with two more remaining.
fd0250869f7837e4a48d7e6f54cc0801ad3820e8 #14179 #14176 IDN: fix ß with Apple
IDN
17. Other issues found and fixed while working on this:
2c15aa5765900d4351e733671a1c8c3785beee1a GHA/macos: delete misplaced `
CFLAGS`, drop redundant CMake option
80fb7c0bef209735ab352bf4afa31193a7bc65f1 #14126 configure: limit `SystemConfi
guration` test to non-c-ares, IPv6 builds
cfd6f43d6ca7e57670b422bab7bbf10221a2cf3e #14127 build: tidy up `__builtin_ava
ilable` feature checks (Apple)
bae555359979016999a9425a2d489f219a78abdd #14174 runtests: show name and keywo
rds for failed tests in summary
09cdf7e5315711dea4ce7dcf5d99a4d41e7f658b #14178 cmake: delete unused `HAVE_LI
BSSH2`, `HAVE_LIBSOCKET` macros
d3595c74fab829f07ef44da1b7fc2f5668767020 #14186 configure: CA bundle/path det
ection fixes
58772b0e082eda333e0a5fc8fb0bc7f17a3cd99c #14187 runtests: set `SOURCE_DATE_EP
OCH` to fix failing around midnight
18f1cd7a77c4beecfd977d43f55634eb593ac99e #14183 tests: sync feature names wit
h `curl -V`
4c22d97be786ed801e050da6872dd3143d6d0a59 #14181 build: use `#error` instead o
f invalid syntax
Pending merge:
Daniel Stenberg (19 Jul 2024)
- RELEASE-NOTES: synced
Stefan Eissing (18 Jul 2024)
- lib: send eos flag
Adds a `bool eos` flag to send methods to indicate that the data is the
last chunk the invovled transfer wants to send to the server.
This will help protocol filters like HTTP/2 and 3 to forward the
stream's EOF flag and also allow to EAGAIN such calls when buffers are
not yet fully flushed.
Closes #14220
Bhanu Prakash (18 Jul 2024)
- mbedtls: correct the error message for cert blob parsing failure
Closes #14224
Daniel Stenberg (18 Jul 2024)
- curldown: make 'added-in:' a mandatory header field
- generate AVAILABILITY manpage sections automatically - for consistent
wording
- allows us to double-check against other documumentation (symbols-in-version
s
etc)
- enables proper automation/scripting based on this data
- lots of them were wrong or missing in the manpages
- several of them repeated (sometimes mismatching) backend support info
Add test 1488 to verify "added-in" version numbers against
symbols-in-versions.
Closes #14217
Stefan Eissing (18 Jul 2024)
- doh: fix cleanup
When removing an easy handle that had DoH sub-easy handles going, those
were not removed from the multi handle. Their memory was reclaimed on
curl_easy_cleanup() of the owning handle, but multi still had them in
their list.
Add `Curl_doh_close()` and `Curl_doh_cleanup()` as common point for
handling the DoH resource management. Use the `multi` present in the doh
handles (if so), for removal, as the `data->multi` might already have
been NULLed at this time.
Reported-by: 罗朝辉
Fixes #14207
Closes #14212
Daniel Stenberg (18 Jul 2024)
- tests/scripts: call it 'manpage' (single word)
Mostly in comments
Closes #14216
Alex Snast (18 Jul 2024)
- http/3: resume upload on ack if we have more data to send
Currently we're waiting for sendbuf_len_in_flight to hit zero before
resuming upload which means we're blocking and waiting for _all_ acks to
arrive before sending more data. This causes significant delays especially
when ack delay is used on the server side.
The fix addresses several issues in h3 over ngtcp2:
- On ack we now call nghttp3_conn_resume_stream() when we have more
data to send.
- upload_left was incorrectly computed on CF_CTRL_DATA_DONE_SEND as
we need to subtract the ammount of data we have in flight.
- Remove upload_blocked_len as we Curl_bufq_write call will do the
right thing when called from cf_ngtcp2_send.
Fixes #14198
Closes #14209
Daniel Stenberg (18 Jul 2024)
- idn: make macidn fail before trying conversion if name too long
- double the max name length to 512 bytes
Closes #14215
z2_ (18 Jul 2024)
- idn: tweak buffer use when converting with macidn
Closes #14215
Orgad Shaneh (18 Jul 2024)
- lib: add failure reason on bind errors
Closes #14221
Stefan Eissing (18 Jul 2024)
- pytests: scorecard upload tests
- add upload tests to scorecard, invoke with
> python3 tests/http/scorecard.py -u h1|h2|h3
- add a reverse proxy setup from Caddy to httpd for
upload tests since Caddy does not have other PUT/POST handling
- add caddy tests in test_08 for POST/PUT
- increase read buffer in mod_curltest for larger reads
Closes #14208
Viktor Szakats (18 Jul 2024)
- runtests: fix newline glitch in FAIL details
Follow-up to bae555359979016999a9425a2d489f219a78abdd #14174
- runtests: show name and keywords for failed tests in summary
Useful to see what the numbers listed in the `TESTFAIL:` and `IGNORED:`
lines mean. Also list test keywords to help catching failure patterns.
Example:
```
FAIL 1034: 'HTTP over proxy with malformatted IDN host name' HTTP, HTTP GET,
HTTP proxy, IDN, FAILURE, config file
FAIL 1035: 'HTTP over proxy with too long IDN host name' HTTP, HTTP GET, HTTP
proxy, IDN, FAILURE
TESTFAIL: These test cases failed: 1034 1035
```
Closes #14174
Tal Regev (16 Jul 2024)
- GHA/windows: add MSVC wolfSSL job with test
Fix the file of wolfssl.c because of this warning/error:
```
curl\lib\vtls\wolfssl.c(1017,42): error C2220: the following warning is treat
ed as an error [curl\bld\lib\libcurl_object.vcxproj]
curl\lib\vtls\wolfssl.c(1017,42): warning C4267: 'function': conversion from
'size_t' to 'unsigned long', possible loss of data [curl\bld\lib\libcurl_obje
ct.vcxproj]
```
`size_t` in MSVC is different. Change it to `unsigned long` because
`wolfSSL_ERR_error_string_n` last argument is defined as
`unsigned long`.
Closes #14193
Viktor Szakats (16 Jul 2024)
- cmake: delete unused `HAVE_LIBSSH2`, `HAVE_LIBSOCKET` macros
- `HAVE_LIBSSH2`: unused in source. Not defined in CMake.
- `HAVE_LIBSOCKET`: unused in source. Used internally in CMake.
autotools sets them implicitly, so add them to the flag comparison
ignore-list.
Closes #14178
- cmake: create `configurehelp.pm` like autotools does
Required by tests 1119 and 1167 to run a C preprocessor.
Tested OK: https://github.com/curl/curl/actions/runs/9915343826
Besides Apple, it also supports any gcc and clang builds, and MSVC.
For other platforms, it defaults to `cpp` (like autotools).
Follow-up to efc2c5184d008fe2e5910fd03263e1ab0331d4e6 #14124
Cherry-picked from #14097
Closes #14129
- cmake: sync CA bundle/path detection with autotools
- skip the entire CA logic if no selected TLS backend support CA
certs/bundles.
Follow-up to 082bb41311a832ae1b83bb8fe1dfdefcf4e68ea5 #2545
- sync bundle path detection logic with `./configure`.
- fix to not auto-detect CA bundle/path on Windows.
- fix to reflect that BearSSL has CA bundle support.
- show the detected bundle path (as with the cert bundle).
- tidy up CMake syntax, fix typos in comments.
Closes #14182
- configure: CA bundle/path detection fixes
- fix to not auto-detect CA bundle/path on Windows.
- two checks missed BearSSL, but they were only run for supported
TLS backends anyway. Delete these redundant checks.
- fix typos in a comment nearby.
Follow-up to 082bb41311a832ae1b83bb8fe1dfdefcf4e68ea5 #2545
Closes #14186
- runtests: set `SOURCE_DATE_EPOCH` to fix failing around midnight
To make sure that `managen` called by test 1706 uses the same date as
the test expects in the `%DATE` macro.
Before this patch when tests started running before UTC midnight and
reached test 1706 after, these dates were different and the test failed.
Follow-up to 0e73b69b3dd6d174226c60406d3c4266754d70f8
Fixes #14173
Closes #14187
- GHA/windows: verify 1448 2046 2047 in IDN Unicode jobs
These IDN tests pass with Unicode and fail without.
Follow-up to cb22cfca69bded45bf7f9c72c8e6764990490f11 #14077
Closes #14188
- tests: sync feature names with `curl -V`
Some feature names used in tests had minor differences compared to
the well-known ones from `curl -V`. This patch syncs them to make test
results easier to grok.
Closes #14183
Stefan Eissing (15 Jul 2024)
- sendf: fix CRLF conversion of input
When CRLF line end conversion was enabled (--crlf), input after the last
newline in the upload buffer was not sent, if the buffer contained a
newline.
Reported-by: vuonganh1993 on github
Fixes #14165
Closes #14169
- test2600: disable on win32
- disbable this test on WIN32 platforms. It uses the file describtor '1'
as valid socket without events. Not portable.
- reduce trace output somewhat on other runs
Fixes #14177
Reported-by: Viktor Szakats
Closes #14191
- smtp: for starttls, do full upgrade
- make sure the TLS handshake after a successful STARTTLS command is
fully done before further sending/receiving on the connection.
Reported-by: tomy2105 on github
Fixes #14166
Closes #14190
Daniel Stenberg (14 Jul 2024)
- RELEASE-NOTES: synced
Viktor Szakats (14 Jul 2024)
- build: use `#error` instead of invalid syntax
It reduces configure log noise.
Follow-up to 20c1b2d75ee38189ffa75d21ed04108e1e0630ae #13287
Closes #14181
Daniel Stenberg (14 Jul 2024)
- libcurl-docs: make option lists alpha-sorted
The man pages for curl_easy_getinfo, curl_easy_setopt and
curl_multi_setopt now feature the lists of options alphabetically
sorted. Test 1139 verify that they are.
The curl_multi_setopt page also got brief explanations of the listed
options.
Closes #14156
Christian Schmitz (14 Jul 2024)
- IDN: fix ß with AppleIDN
Add flags UIDNA_NONTRANSITIONAL_TO_ASCII and
UIDNA_NONTRANSITIONAL_TO_UNICODE to encode ß correctly.
It fixes test 165.
Reported-by: Viktor Szakats
Bug: #14176
Closes #14179
Viktor Szakats (14 Jul 2024)
- cmake: fix builds with detected libidn2 lib but undetected header
It caused IDN to appear in `curl-config`, `libidn2` referenced from
`libcurl.pc`, fail to fallback to `pkg-config` detection. But libidn2
not actually used.
It came up in macOS CI builds after enabling cmake build tests. It
remained hidden for a while due to setting `-DUSE_APPLE_IDN=ON`.
(The half-detection of Homebrew libidn2 was the result of configuring
with `-DCMAKE_EXE_LINKER_FLAGS=-L$(brew --prefix)/lib`, to fix
linking GnuTLS that needs the `nettle` lib from the brew prefix.)
```
FAIL 1014: [Compare curl --version with curl-config --features] curl-config
```
Ref: https://github.com/curl/curl/actions/runs/9919357748/job/27405080722
Cherry-picked from #14097
Closes #14175
- cmake: fix building `unit1600` due to missing `ssl/openssl.h`
In specific builds configs, cmake failed to build test `unit1600`,
due missing an OpenSSL (or wolfSSL) header.
The test code relies on `lib/curl_ntlm_core.h`, which in turn included
TLS library headers. But, dependency header directories are not setup
in cmake for tests, because they should not normally be needed.
The issue was hidden in most builds because TLS headers are usually
found under the system prefix. One counterexample is macOS + Homebrew
LibreSSL builds, where OpenSSL is purposefully unlinked from there to
avoid a mixup with LibreSSL that resides under its own prefix. It was
also hidden in autotools, possibly because it sets up header directories
globally, tests included.
The actual bug however is that `lib/curl_ntlm_core.h` should not include
TLS headers. None of its internal users need it, and `curl_ntlm_core.c`
included them already directly.
Fix it by deleting the TLS header includes from this internal header.
Fixes:
```
In file included from curl/tests/unit/unit1600.c:27:
curl/lib/curl_ntlm_core.h:32:12: fatal error: 'openssl/ssl.h' file not found
# include <openssl/ssl.h>
^~~~~~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/9912684737/job/27388041520#ste
p:12:1694
Follow-up to 48eb71ade41d4b37f416b643063cab846ac027a2 #10322
Cherry-picked from #14097
Closes #14172
- sectransp: fix clang compiler warnings, stop silencing them
Fix `-Wpointer-bool-conversion` warnings with the method suggested by
both Apple clang and mainline llvm. This was already tried and dropped
in #1705 (in year 2017), but the issue reported there no longer
replicates.
Verified with Apple clang 14, llvm 15, llvm 18 and gcc 11, 14 that the
generated objects are bit by bit identical before and after this patch.
Also:
- stop silencing `-Wtautological-pointer-compare`. This warning don't
seem to be appearing anymore (with or without this patch), at least
with the tested compilers and SDKs (clang 13.1.6-16.0.0beta, llvm 15,
18, gcc 11, 14) and minimum macOS target of 10.8. Older targets fail
to build curl with SecureTransport.
- silence `-Wunreachable-code` for clang only. Previously I applied it
also to GCC, by mistake.
Ref: https://github.com/curl/curl/pull/12331/commits/8d7172d20a48ebc6c1b1d9
4a76e2c5fb19dd9bfa
Apple clang `-Wpointer-bool-conversion`:
```
curl/lib/vtls/sectransp.c:1103:6: error: address of function 'SSLCreateContex
t' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]
if(SSLCreateContext) { /* use the newer API if available */
~~ ^~~~~~~~~~~~~~~~
curl/lib/vtls/sectransp.c:1103:6: note: prefix with the address-of operator t
o silence this warning
if(SSLCreateContext) { /* use the newer API if available */
^
&
```
Ref: https://github.com/curl/curl/actions/runs/9819538439/job/27113201384#ste
p:8:382
llvm `-Wpointer-bool-conversion`:
```
curl/lib/vtls/sectransp.c:2663:8: error: address of function 'SSLCreateContex
t' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]
if(SSLCreateContext)
~~ ^~~~~~~~~~~~~~~~
curl/lib/vtls/sectransp.c:2663:8: note: prefix with the address-of operator t
o silence this warning
if(SSLCreateContext)
^
&
```
Ref: https://github.com/curl/curl/actions/runs/9819538439/job/27113200291#ste
p:8:417
gcc still needs `-Waddress` suppressed to avoid these:
```
curl/lib/vtls/n/sectransp.c: In function 'getsubject':
curl/lib/vtls/n/sectransp.c:379:6: warning: the address of 'SecCertificateCop
yLongDescription' will always evaluate as 'true' [-Waddress]
379 | if(&SecCertificateCopyLongDescription)
| ^
[...]
```
Follow-up to 59cadacfcc1d39472245979cdbd614c7a9af6f0d #14128
Follow-up to af271ce9b9717ba289417e9cbb7f278c2a12f959 #1722
Follow-up to 2b7ce3f56dfede107113c6de7d0ca457109d3eda #1706
Cherry-picked from #14097
Closes #14162
- CI/circleci: config tidy-ups, bump up test parallelism
- bump parallel test for Linux jobs.
Credit-to: Dan Fandrich
Cherry-picked from #11510
- bump parallel test for macOS jobs.
- drop no longer necessary `-Wno-vla` option.
- fold long lines.
- drop `--enable-maintainer-mode` `./configure` option.
- replace a hard-coded prefix with `brew --prefix`.
- update documentation link.
- move `--enable-debug` in front.
- tidy up quotes.
Closes #14171
- GHA/windows: re-add gsasl to MSVC jobs
Now that the package reached the CI runner image.
Follow-up to f99c08dba40307c07341013ff5f71fa8e3464ffc #14090
Follow-up to e26cbe20cbedbea0ca743dd33880517309315cb2 #13979
Closes #14170
- tidy-up: adjust casing of project names
Mostly TLS/SSH project name.
Closes #14160
Daniel Stenberg (12 Jul 2024)
- ISSUE_TEMPLATE/docs: correct the field identifiers
Stephen Farrell (12 Jul 2024)
- doh: fix leak and zero-length HTTPS RR crash
This PR fixes a leak and a crash that can happen when curl encounters
bad HTTPS RR values in DNS. We're starting to do better testing of that
kind of thing and e.g. have published bad HTTPS RR values at
dodgy.test.defo.ie.
Closes #14151
Daniel Stenberg (12 Jul 2024)
- curl_global_init.md: polish the thread-safe wording
Since this has been thread-safe for two years now, few users actually
are hurt by the previous unsafe ways.
Closes #14158
Viktor Szakats (12 Jul 2024)
- GHA: FreeBSD 14.1, actions bump
- bump FreeBSD to 14.1
- update cross-platform-actions/action action to v0.25.0
Closes #14157
Closes #14164
- build: fix llvm 17 and older + macOS SDK 14.4 and newer
Fixup faulty target macro initialization in macOS SDK since v14.4 (as of
15.0 beta). The SDK target detection in `TargetConditionals.h` correctly
detects macOS, but fails to set the macro's old name `TARGET_OS_OSX`,
then continues to set it to a default value of 0. Other parts of the SDK
still rely on the old name, and with this inconsistency our builds fail
due to missing declarations. It happens when using mainline llvm older
than v18. Later versions fixed it by predefining these target macros,
avoiding the faulty dynamic detection. gcc is not affected (for now)
because it lacks the necessary dynamic detection features, so the SDK
falls back to a codepath that sets both the old and new macro to 1.
Also move the `TargetConditionals.h` include to the top of to make sure
including it also for c-ares builds, combined with SecureTransport or
other curl features that may call use an Apple SDK.
Before this patch, affected build combinations (e.g. in GHA runners,
llvm@15 + Xcode 15.3, 15.4, 16.0 with their default SDKs +
SecureTransport) fail with:
```
error: use of undeclared identifier 'noErr'
or 'SecCertificateCopyLongDescription'
or 'SecItemImportExportKeyParameters'
or 'SecExternalFormat'
or 'SecExternalItemType'
or 'SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION'
```
Example:
```
curl/lib/vtls/sectransp.c:311:18: error: use of undeclared identifier 'noErr'
OSStatus rtn = noErr;
^
curl/lib/vtls/sectransp.c:379:7: error: use of undeclared identifier 'SecCert
ificateCopyLongDescription'
if(&SecCertificateCopyLongDescription)
^
curl/lib/vtls/sectransp.c:381:7: error: call to undeclared function 'SecCerti
ficateCopyLongDescription'; ISO C99 and later do not support implicit functio
n declarations [-Werror,-Wimplicit-function-declaration]
SecCertificateCopyLongDescription(NULL, cert, NULL);
^
curl/lib/vtls/sectransp.c:380:25: error: incompatible integer to pointer conv
ersion assigning to 'CFStringRef' (aka 'const struct __CFString *') from 'int
' [-Wint-conversion]
server_cert_summary =
^
[...]
```
Ref: https://github.com/curl/curl/actions/runs/9893867519/job/27330135969#ste
p:10:22
llvm v18 patches implementing the predefined macros:
https://github.com/llvm/llvm-project/pull/74676
https://github.com/llvm/llvm-project/commit/6e1f19168bca7e3bd4eefda50ba03eac8
441dbbf
https://github.com/llvm/llvm-project/pull/82833
https://github.com/llvm/llvm-project/commit/e5ed7b6e2fd368b722b6359556cd01258
81e7638
Cherry-picked from #14097
Closes #14159
- macos: undo `availability` macro enabled by Homebrew gcc
Homebrew gcc builds starting with 12.4.0, 13.3.0 and 14.1.0 enabled
the `availability` attribute.
This broke builds because the way the Apple SDK uses attributes (when
available) are incompatible with how gcc accepts them. Causing these
errors:
```
error: attributes should be specified before the declarator in a function d
efinition
error: expected ',' or '}' before
```
Upstream commits implementing the `availability` macro:
gcc-12: https://github.com/iains/gcc-12-branch/commit/fd5530b7cb0012bf4faeddd
45e13054a1dfa6783
gcc-13: https://github.com/iains/gcc-13-branch/commit/cb7e4eca68cfc4763474e2e
b0935a844458842a8
gcc-14: https://github.com/iains/gcc-14-branch/commit/ff62a108865a6403f501738
0d7018250c1d3306f
The project above is a Darwin gcc compatibility pack, that is applied
to Homebrew gcc builds.
This patch works by redefining the `availability` macro to an invalid
value, making `__has_attribute(availability)` checks fail, stopping
Apple SDK from inserting the incompatible attributes.
It also replaces the previous, local workaround for `lib/macos.c`.
Example with gcc 12.4.0 with macOS SDK 14.0 (Xcode 15.0.1):
```
In file included from <path-to-sdk>/MacOSX14.0.sdk/System/Library/Frameworks/
CoreFoundation.framework/Headers/CoreFoundation.h:54,
from <path-to-sdk>/MacOSX14.0.sdk/System/Library/Frameworks/
SystemConfiguration.framework/Headers/SCDynamicStoreCopySpecific.h:30,
from /Users/runner/work/curl/curl/lib/macos.c:33,
from /Users/runner/work/curl/curl/build/lib/CMakeFiles/libcu
rl_shared.dir/Unity/unity_0_c.c:244:
<path-to-sdk>/MacOSX14.0.sdk/System/Library/Frameworks/CoreFoundation.framewo
rk/Headers/CFUserNotification.h:126:1: error: attributes should be specified
before the declarator in a function definition
126 | CF_INLINE CFOptionFlags CFUserNotificationCheckBoxChecked(CFIndex i)
API_AVAILABLE(macos(10.0)) API_UNAVAILABLE(ios, watchos, tvos) {return ((CFOp
tionFlags)(1UL << (8 + i)));}
| ^~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/9787982387/job/27025351601?pr=
14096#step:7:18
The gcc vs. llvm/clang incompatibility possibly tracked here upstream:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796
More info:
https://github.com/llvm/llvm-project/issues/81767
https://github.com/gcc-mirror/gcc/commit/8433baadec88e5f31fa141b6d78094e912
56079d
https://discourse.llvm.org/t/changing-attribute-ast-printing-location-for-g
cc-compatibility/73215
https://reviews.llvm.org/D159362
Follow-up to db135f8d7207b20d531e7e2100a49f3e16bdcfab #14119
Ref: https://github.com/curl/curl/pull/14091#issuecomment-2222703468
Fixes #13700
Cherry-picked from #14097
Closes #14155
Daniel Stenberg (11 Jul 2024)
- ISSUE_TEMPLATE/docs: add a separate GitHub issue template for documentation
As such problems don't really fit the code related template
Closes #14161
Dan Fandrich (11 Jul 2024)
- DISTROS: add AlmaLinux package source link
Viktor Szakats (11 Jul 2024)
- GHA/windows: ignore FTP test results for old-mingw-w64 [ci skip]
Missed from previous commit. They are flaky here as well.
Follow-up to 0b81eccd22fb915aa6b679c0fd23a8a89332dc9e
Daniel Stenberg (11 Jul 2024)
- libcurl-easy.md: now *more* than 300 options
it previously said "almost 300".
Also cleaned up the language somewhat.
Closes #14153
Martin Peck (10 Jul 2024)
- MANUAL.md: wrap two example urls that overrun styling
Closes #14149
renovate[bot] (10 Jul 2024)
- GHA: update wolfSSL and mod_h2
- wolfSSL/wolfssl to v5.7.2
- icing/mod_h2 to v2.0.29
Closes #14131
Closes #14148
Dominik Piątkowski (10 Jul 2024)
- docs: start markdown headers with capital letter where applicable
Closes #14115
CMD (10 Jul 2024)
- hostip: skip error check for infallible function call
Closes #14147
Daniel Stenberg (10 Jul 2024)
- cf-socket: remove two "useless" assignments
'nread' is already -1, no need to assign it again
Pointed out by CodeSonar
Closes #14145
Viktor Szakats (10 Jul 2024)
- cmake: detect `libidn2` also via `pkg-config`
Also:
- GHA/non-native: install `pkg-config` to detect libidn2 with cmake
on NetBSD and FreeBSD.
- GHA/non-native: tidy-up `curl --version` command if here.
Cherry-picked from #14097
Closes #14137
- build: fix llvm 16 or older + Xcode 15 or newer, and gcc
Xcode v15 (2023) or newer requires the built-in macro
`__ENVIRONMENT_OS_VERSION_MIN_REQUIRED__`. This macro is missing from
mainline llvm versions released earlier. llvm v17 introduced it here:
https://github.com/llvm/llvm-project/commit/c8e2dd8c6f490b68e41fe663b44535a8a
21dfeab
This patch defines the missing macro when the necessary conditions
align, by using the value via the macro's old name.
The issue affected SecureTransport builds: The SecureTransport code,
`lib/md4.c` and `lib/md5.c`.
Existing gcc versions (as of v14) also don't define this macro, so apply
the patch to it as well. Even though gcc is incompatible in other ways,
so this isn't fixing an actual curl build case that I could find yet.
GHA macOS runner images have llvm v15 pre-installed, which broke builds
when building with an affected Xcode:
```
curl/lib/md4.c:80:14: error: '__ENVIRONMENT_OS_VERSION_MIN_REQUIRED__' is not
defined, evaluates to 0 [-Werror,-Wundef]
(__MAC_OS_X_VERSION_MIN_REQUIRED < 101500)) || \
^
/Applications/Xcode_15.1.app/Contents/Developer/Platforms/MacOSX.platform/Dev
eloper/SDKs/MacOSX14.2.sdk/usr/include/AvailabilityInternal.h:40:53: note: ex
panded from macro '__MAC_OS_X_VERSION_MIN_REQUIRED'
#define __MAC_OS_X_VERSION_MIN_REQUIRED __ENVIRONMENT_OS_VERSION_
MIN_REQUIRED__
^
In file included from curl/build/lib/CMakeFiles/libcurl_shared.dir/Unity/unit
y_0_c.c:250:
curl/lib/md5.c:75:14: error: '__ENVIRONMENT_OS_VERSION_MIN_REQUIRED__' is not
defined, evaluates to 0 [-Werror,-Wundef]
(__MAC_OS_X_VERSION_MIN_REQUIRED < 101500)) || \
^
/Applications/Xcode_15.1.app/Contents/Developer/Platforms/MacOSX.platform/Dev
eloper/SDKs/MacOSX14.2.sdk/usr/include/AvailabilityInternal.h:40:53: note: ex
panded from macro '__MAC_OS_X_VERSION_MIN_REQUIRED'
#define __MAC_OS_X_VERSION_MIN_REQUIRED __ENVIRONMENT_OS_VERSION_
MIN_REQUIRED__
^
2 errors generated.
```
Ref: https://github.com/curl/curl/actions/runs/9811974634/job/27095218578#ste
p:4:20
Cherry-picked from #14097
Closes #14134
- build: tidy up `__builtin_available` feature checks (Apple)
- sync detection snippet between autotools and cmake
It wasn't causing issues, but it's useful to avoid unnecessary
differences while debugging.
- cmake: limit check to `APPLE`.
Ref: b05dc7eb3592305de9fa85640767f3dd2a8d4c93 #14122
Cherry-picked from #14097
Closes #14127
- configure: limit `SystemConfiguration` test to non-c-ares, IPv6 builds
The framework this check detects is necessary for the function
`SCDynamicStoreCopyProxies()` used in `lib/macos.c`. Non-c-ares,
IPv6-enabled builds touch this codepath.
Limit the feature check for builds that actually need it.
It brings this in sync with CMake which already worked this way.
Cherry-picked from #14097
Closes #14126
- configure: fix `SystemConfiguration` detection
Before this patch, `SystemConfiguration` detection failed due to this
error when compiling the detection snippet:
```
/Applications/Xcode_15.3.app/Contents/Developer/Platforms/MacOSX.platform/Dev
eloper/SDKs/MacOSX.sdk/usr/include/TargetConditionals.h:140:50: error: missin
g binary operator before token "("
140 | #if !defined(__has_extension) || !__has_extension(define_target_os_ma
cros)
| ^
```
Ref: https://github.com/curl/curl/actions/runs/9821817534/job/27117929218#ste
p:6:1079
It occured with gcc-11 when combined with macOS SDK 14.4 and 14.5
(default SDKs in Xcode 15.3 and 15.4 respectively). It did not happen
with earlier releases.
Despite the failure in `./configure`, `lib/macos.c` compiled with
Apple's `TargetConditionals.h` just fine.
Turns out that including the `sys/types.h` header before the SDK
header fixes the error and makes the detection snippet compile.
Cherry-picked from #14097
Closes #14130
- build: sync warning options between autotools, cmake & compilers
- cmake: enable Apple-specific `-Werror=partial-availability` to match
autotools.
- autotools: enable `-pedantic-errors` with llvm/clang to match gcc and
CMake.
- autotools: enable `-Werror-implicit-function-declaration` for
llvm/clang to match gcc.
- cmake: enable `-Werror-implicit-function-declaration` to match
autotools.
- move `-Wpointer-bool-conversion` from autotools to the local file
(`sectransp.c`) it was meant to apply. This way it applies to all
build methods.
- autotoos: show `CURL_CFLAG_EXTRAS` in the `./configure` summary.
(it may contain `-Werror` and/or `-pedentic-errors`.)
Cherry-picked from #14097
Closes #14128
- CI: simplify running curl with DLLs
- update `PATH` instead of copying DLLs around.
- drop redundant `export` from `export PATH`.
- delete ending pathseps.
Closes #14143
Alex Snast (9 Jul 2024)
- wolfssl: use larger error buffer when formatting errors
Currently we're using WOLFSSL_MAX_ERROR_SZ to define the error buffer
size, this value is user defined which means it can be overwritten with
-DWOLFSSL_MAX_ERROR_SZ=512 when building wolfssl and this overwrite is
not exported to the users of wolfssl.
Instead of relying on WOLFSSL_MAX_ERROR_SZ we'll just use a 256 bytes
error buffer and use wolfSSL_ERR_error_string_n to fill it thus dropping
the dependency on WOLFSSL_MAX_ERROR_SZ altogether.
Closes #14114
Viktor Szakats (9 Jul 2024)
- CI: bump FreeBSD Python packages
Closes #14141
- GHA/curl-for-win: don't run if only another CI was changed
Closes #14142
Daniel Stenberg (9 Jul 2024)
- RELEASE-NOTES: synced
Stefan Eissing (9 Jul 2024)
- vtls: replace addsessionid with set_sessionid
- deduplicate the code in many tls backends that check
for an existing id and delete it before adding the new one
- rename ssl_primary_config's `sessionid` bool to `cache_session`
Closes #14121
Daniel Stenberg (9 Jul 2024)
- test1175: scan libcurl-errors.md, not the generated .3 version
Closes #14133
- test1139: scan .md files instead of .3 ones
As they are the canonical sources.
It still uses the curl.1 for command line option info.
Closes #14132
Stefan Eissing (9 Jul 2024)
- cf-socket: remove obsolete recvbuf
- recvbuf was never enabled, remove all its code
- remove `fdsave`ing the socket as that is not longer needed
Closes #14138
Viktor Szakats (9 Jul 2024)
- test1119: adapt for `.md` input
Replace logic dealing with `.3` files to handle the Markdown syntax.
Follow-up to eefcc1bda4bccd800f5a56a0fe17a2f44a96e88b #12730
Cherry-picked from #14097
Closes #14125
- tests: include current directory when running test Perl commands
Necessary to find generated files in the out-of-tree build directory.
E.g. `tests/configurehelp.pm`, for tests 1119 and 1167.
Before this patch macOS autotools builds were failing these two tests
due to falling back to the default preprocessor (`cpp`) instead of
the actual one configured. Then `cpp` failing to compile Apple SDK
headers referenced by curl headers.
Cherry-picked from #14097
Closes #14124
- configure: sort feature list, lowercase protocols, use backticks
- sort features case-insensitively to match `curl -V` and cmake.
`sort -f` is POSIX, but check if it's available anyway.
- make protocols lowercase to match `curl -V` and cmake.
- replace two outlier `$()` with backticks.
Closes #14117
Yedaya Katsman (8 Jul 2024)
- variable.md: make example use expand
I used double quotes since it seemed required for powershell, so this
example works in both (ba)sh and powershell as well as cmd.exe.
Closes #14118
Andy Reitz (8 Jul 2024)
- GIT-INFO.md: remove version requirements
Keep them in docs/INTERNALS.md
Bump lowest perl to 5.8
Closes #14112
Viktor Szakats (8 Jul 2024)
- sectransp: fix `HAVE_BUILTIN_AVAILABLE` checks to not emit warnings
`HAVE_BUILTIN_AVAILABLE` is a curl macro set via autotools and cmake.
Like other `HAVE_`s it signals availability if defined.
SecureTransport code was specifically looking for the value 1, which
triggered compiler warnings when the feature was not present.
Replace the existing workaround of locally suppressing the compiler
warning with using `defined()`.
autotools:
```
767 | #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILAB
LE == 1
| ^~~~~~~~~~~~~~~~~~
~~~~
../../lib/vtls/sectransp.c: In function 'sectransp_connect_step1':
../../lib/vtls/sectransp.c:1140:52: error: "HAVE_BUILTIN_AVAILABLE" is not de
fined, evaluates to 0 [-Werror=undef]
1140 | #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAIL
ABLE == 1
| ^~~~~~~~~~~~~~~~~~
~~~~
../../lib/vtls/sectransp.c:1240:52: error: "HAVE_BUILTIN_AVAILABLE" is not de
fined, evaluates to 0 [-Werror=undef]
1240 | #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAIL
ABLE == 1
| ^~~~~~~~~~~~~~~~~~
~~~~
../../lib/vtls/sectransp.c: In function 'sectransp_connect_step2':
```
Ref: https://github.com/curl/curl/actions/runs/9815428701/job/27104448045#ste
p:6:499
cmake gcc:
```
1140 | #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAIL
ABLE == 1
| ^~~~~~~~~~~~~~~~~~
~~~~
/Users/runner/work/curl/curl/lib/vtls/sectransp.c:1240:52: error: "HAVE_BUILT
IN_AVAILABLE" is not defined, evaluates to 0 [-Werror=undef]
1240 | #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAIL
ABLE == 1
| ^~~~~~~~~~~~~~~~~~
~~~~
/Users/runner/work/curl/curl/lib/vtls/sectransp.c: In function 'sectransp_con
nect_step2':
/Users/runner/work/curl/curl/lib/vtls/sectransp.c:2231:51: error: "HAVE_BUILT
IN_AVAILABLE" is not defined, evaluates to 0 [-Werror=undef]
2231 | #if(CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILA
BLE == 1
| ^~~~~~~~~~~~~~~~~~~
~~~
```
Ref: https://github.com/curl/curl/actions/runs/9815428701/job/27104445425#ste
p:8:355
Cherry-picked from #14097
Closes #14122
- examples: suppress deprecation warnings locally
Simplify making clean builds by silencing deprecation warnings inside
the example code where these may occur.
Drop related build tweaks/comments from GHA jobs.
Example warning:
```
curl/docs/examples/postit2-formadd.c:65:16: error: 'CURLFORM_COPYNAME' is dep
recated: since 7.56.0. Use curl_mime_name() [-Werror=deprecated-declarations]
65 | CURLFORM_COPYNAME, "sendfile",
| ^~~~~~~~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/9841099503/job/27166970904#ste
p:10:829
Closes #14123
- GHA/macos: bump parallel tests to -j5
Credit-to: Dan Fandrich
Cherry-picked from #11510 #14097
- GHA/windows: usability improvements
- move `curl --version` into separate step.
- move configure log to separate step. Run on success, too.
- add step with `curl_config.h` dump (full and brief/sorted).
- make `autoreconf` a separate step.
- add each job configuration a short name.
- shorten job names.
Dedupe/drop redundant info, introduce abbreviations:
AM = autotools, CM = CMake, U = Unicode, R = Release, not -> `!`, etc.
Instead of mentioning `debug`, mentioned when it's not.
- simplify `PATH` forming for MSVC jobs.
It's sufficient to add the release binary directory of vcpkg, the debug one
is redundant.
Follow-up to e26cbe20cbedbea0ca743dd33880517309315cb2 #13979
- other minor tidy-ups.
Closes #14116
- GHA/macos: delete misplaced `CFLAGS`, drop redundant CMake option
With macOS there is a long-term struggle with deprecation warnings.
In curl they occur with LDAP, SecureTransport and in docs/examples.
There are three ways to fix them:
- by CFLAGS `-Wno-deprecated-declarations` as a workaround.
- by CFLAGS `-mmacosx-version-min` set to a version where the the
feature was not deprecated.
- by CMake option `-DCMAKE_OSX_DEPLOYMENT_TARGET=`.
In GHA CMake jobs, all three were used, and `-mmacosx-version-min` was
set in a bogus way. Delete that bogus option, and delete the lone,
redundant CMake option too.
In a future commit I might replace the suppression option to properly
setting the target OS.
Follow-up to dfdd978f7c60224dffe2aac25b436dc0a5cd0186 #13491
Cherry-picked from #14097
- macos: add workaround for gcc, non-c-ares, IPv6, compile error
Apple macOS SDK 13.0 and later are increasingly incompatible with gcc,
which started causing CI errors with the 20240701.9 revision of the
`macos-latest` (= `macos-14-arm64`) runner image.
This error is happening inside an Apple SDK header. We use the header
for calling a function in a resolver-related hack, in non-c-ares, IPv6
builds. You can avoid the problem by using c-ares or disabling IPv6
(or using clang, llvm, or a compatible gcc + SDK combination).
This patch fixes affected builds by declaring the ncessary framework
function manually, and not including the problematic header.
This workaround is ugly, doesn't cover all combinations, and fragile.
Other options are to disable this resolver-related hack for GCC, or to
replace it with a solution that doesn't rely on Apple SDK.
If you are aware of a stable fix or workaround, let us know.
gcc 12.4.0 + macOS SDK 14.0 (Xcode 15.0.1) error example:
```
In file included from /Applications/Xcode.app/Contents/Developer/Platforms/Ma
cOSX.platform/Developer/SDKs/MacOSX14.0.sdk/System/Library/Frameworks/CoreFou
ndation.framework/Headers/CoreFoundation.h:54,
from /Applications/Xcode.app/Contents/Developer/Platforms/Ma
cOSX.platform/Developer/SDKs/MacOSX14.0.sdk/System/Library/Frameworks/SystemC
onfiguration.framework/Headers/SCDynamicStoreCopySpecific.h:30,
from /Users/runner/work/curl/curl/lib/macos.c:33,
from /Users/runner/work/curl/curl/build/lib/CMakeFiles/libcu
rl_shared.dir/Unity/unity_0_c.c:244:
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Develope
r/SDKs/MacOSX14.0.sdk/System/Library/Frameworks/CoreFoundation.framework/Head
ers/CFUserNotification.h:126:1: error: attributes should be specified before
the declarator in a function definition
126 | CF_INLINE CFOptionFlags CFUserNotificationCheckBoxChecked(CFIndex i)
API_AVAILABLE(macos(10.0)) API_UNAVAILABLE(ios, watchos, tvos) {return ((CFOp
tionFlags)(1UL << (8 + i)));}
| ^~~~~~~~~
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Develope
r/SDKs/MacOSX14.0.sdk/System/Library/Frameworks/CoreFoundation.framework/Head
ers/CFUserNotification.h:127:1: error: attributes should be specified before
the declarator in a function definition
127 | CF_INLINE CFOptionFlags CFUserNotificationSecureTextField(CFIndex i)
API_AVAILABLE(macos(10.0)) API_UNAVAILABLE(ios, watchos, tvos) {return ((CFOp
tionFlags)(1UL << (16 + i)));}
| ^~~~~~~~~
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Develope
r/SDKs/MacOSX14.0.sdk/System/Library/Frameworks/CoreFoundation.framework/Head
ers/CFUserNotification.h:128:1: error: attributes should be specified before
the declarator in a function definition
128 | CF_INLINE CFOptionFlags CFUserNotificationPopUpSelection(CFIndex n) A
PI_AVAILABLE(macos(10.0)) API_UNAVAILABLE(ios, watchos, tvos) {return ((CFOpt
ionFlags)(n << 24));}
| ^~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/9787982387/job/27025351601?pr=
14096#step:7:18
The exact conditions are fuzzy. Oddly enough gcc 12.3.0 and the SDK
same as above are _compatible_:
https://github.com/curl/curl/actions/runs/9791701214/job/27036037162
Also notice that similar errors can also happen in SecureTransport
builds, due to the SDK headers required.
Ref: https://github.com/curl/curl/pull/14097#issuecomment-2208639046
Ref: https://github.com/curl/curl/pull/14091#issuecomment-2205870854
Cherry-picked from #14097
Closes #14119
- cmake: feature casing fix and tidy-ups
- fix casing of a feature (`Unicode`) in the feature list.
- sort TLS backends case-insensitively.
- sync feature/protocol list heading with `curl -V` and autotools.
Closes #14120
- GHA: ignore FTP test result in Windows jobs
They are flaky.
E.g.:
- old-mingw-w64 7.3.0: 2001, 2039, 2083
- msvc: 1501, 593 (multiple)
Ref: https://github.com/curl/curl/pull/13599#issuecomment-2119372376
Cherry-picked from #14116
- GHA: improve vcpkg cache, add BoringSSL ECH and LibreSSL MSVC jobs
- cache on a per-package basis.
Replace manual caching with a built-in solution. It shares cached
package builds between jobs, e.g. libssh2 only builds once
per platform (instead of once per job). Individual packages are built
as needed (not the whole per-job tree). It also fixes the duplicate
cache entry issues.
Ref: https://learn.microsoft.com/en-us/vcpkg/consume/binary-caching-github-
actions-cache
Follow-up to e26cbe20cbedbea0ca743dd33880517309315cb2 #13979
Follow-up to cb22cfca69bded45bf7f9c72c8e6764990490f11 #14077
- add BoringSSL job with ECH enabled. The first such job in the curl CI.
- add LibreSSL job.
- use vcpkg pre-installed on the runner image, instead of rolling our
own. This is quicker, simpler and more robust.
Follow-up to e26cbe20cbedbea0ca743dd33880517309315cb2 #13979
- show pre-installed vcpkg and ports version.
- drop `gsasl` dependency till it reaches the pre-installed vcpkg ports.
- re-add `find .` to see the binaries generated.
- simplify setting up `PATH`.
- exclude failing tests for any job enabling WinIDN.
- drop collecting and uploading log archives. We already dump CMake
logs, and our build doesn't use Ninja. Rest of files weren't generated
by the curl build. We don't aim to debug vcpkg package builds.
Closes #14090
Tal Regev (7 Jul 2024)
- GHA: add MSVC UWP job, expand jobs with more options
- add new dependencies: brotli, libpsl (requires libicu2) and gsasl.
- enable WinIDN in a job. Exclude failing tests.
- add UWP job and fix the build logic to support it.
- increase timeouts to build the new dependencies.
Assisted-by: Viktor Szakats
Closes #14077
Dan Fandrich (6 Jul 2024)
- tests: fix sshd UserKnownHostsFile path for MinGW/Cygwin
This is the same thing as the previous commit fd194f46 but on the next
line.
Follow-up to 70d2fca2
Ref: #10818
- tests: fix sshd IdentityFile path for MinGW/Cygwin
This was missed during some refactoring more than a year ago and is
causing a warning "Use of uninitialized value $path in pattern match".
Follow-up to 70d2fca2
Ref: #10818
Closes #14113
Viktor Szakats (7 Jul 2024)
- build: add Debug, TrackMemory, ECH to feature list
Also:
- remove stray `ECH` and `HTTPSRR` from cmake protocol list.
- stop excluding `Debug` and `TrackMemory` in `test1013.pl`.
- configure: delete `CURL_CHECK_CURLDEBUG` check.
Ref: 065047dc62cba3efde597fa5420d112fc2f4c500
This check was effectively doing nothing, except disabling
`--enable-curldebug` in `curl-config` for
Cygwin/MSYS/cegcc/OS2/AIX targets with c-ares enabled.
Closes #14096
Dan Fandrich (5 Jul 2024)
- CI: bump the libc6 on the linux-old build
This contains some security fixes for nscd.
Viktor Szakats (6 Jul 2024)
- reuse: fix typo in comment
Follow-up to 9104bad82004d908e1fe66a425f8ca78f975045d #14107
Dan Fandrich (5 Jul 2024)
- CI: Fix typo in comment
- curl: follow-up to fix categories in --help
The commit 6483813b was missing changes necessitated by 2abfc75 that
causes a crash. Also, use ARRAYSIZE() for cleaner code.
Follow-up to 6483813b
Ref #14055
- curl: list categories in --help
This eliminates the need to run an extra help subcommand to get the
possible categories, reducing the friction in getting relevant help. The
help wording was also slightly tweaked for grammatical accuracy.
Closes #14055
Daniel Stenberg (5 Jul 2024)
- RELEASE-NOTES: synced
renovate[bot] (5 Jul 2024)
- GHA: update actions/upload-artifact and actions/download-artifact
update actions/upload-artifact digest to 0b2256b
update actions/download-artifact digest to fa0a91b
Closes #14111
Closes #14110
Max Mehl (5 Jul 2024)
- reuse: switch to REUSE 3.2 and REUSE.toml
- remove scripts/copyright.pl
Closes #14107
Yedaya Katsman (5 Jul 2024)
- curl: move more options to deprecated category
--no-npn, --sslv2, --sslv3
Closes #14109
Stefan Eissing (5 Jul 2024)
- multi: pollset assertion only when IP connected
Give warning for an empty pollset only when the connection has at least
IP connectivity. There are cases where the connect in QUIC makes another
attempt on a timeout and no socket will be available during that.
Closes #14108
Daniel Stenberg (5 Jul 2024)
- cmdline-opts: category cleanup
Option cleanups:
--get is not upload
--form* are post
- added several options into ldap, smtp, imap and pop3
- shortened the category descriptions in the list
category curl fixes:
--create-dirs removed from 'curl'
--ftp-create-dirs removed from 'curl'
--netrc moved to 'auth' from 'curl'
--netrc-file moved to 'auth' from 'curl'
--netrc-optional moved to 'auth' from 'curl'
--no-buffer moved to 'output' from 'curl'
--no-clobber removed from 'curl'
--output removed from 'curl'
--output-dir removed from 'curl'
--remove-on-error removed from 'curl'
Add a "global" category:
- Made all "global" options set this category
Add a "deprecated" category:
- Moved the deprecated options to it (maybe they should not be in any
category long term)
Add a 'timeout' category
- Put a number of appropriate options in it
Add an 'ldap' category
- Put the LDAP related option in there
Remove categories "ECH" and "ipfs"
- They should not be categories. Had only one single option each.
Remove category "misc"
- It should not be a category as it is impossible to know when to browse
it.
--use-ascii moved to ftp and output
--xattr moved to output
--service-name moved to auth
Managen fixes:
- errors if an option is given a category name that is not already setup
for in code
- verifies that options set `scope: global` also is put in category
`global´
Closes #14101
Stefan Eissing (5 Jul 2024)
- GHA: configure OpenSSL's libdir as 'lib' only
Also mention in HTTP3.md
OpenSSL has a bug that messes the config `--libdir=path` to become the
wrong path in its pkgconfig files. If we just pass `--libdir=lib` it
should avoid this.
Ref: #14099
See also: https://github.com/openssl/openssl/issues/23569
Closes #14102
Daniel Stenberg (5 Jul 2024)
- tool_operate: simplify return code handling from url_proto()
The additional checks were superfluous as it would only ever return
error if one of those protocols were set. Also: a returned error
*should* mean get out of there, without having to check more conditions.
Closes #14104
- tool_operate: check for --disable case *sensitively*
curl command line options are specified with the correct casing or they
don't match
Closes #14103
Stefan Eissing (4 Jul 2024)
- transfer: avoid polling socket every transfer loop
Improve download performance, minimal effort.
Do not poll the socket for pending data every transfer loop iteration.
This gives 10-20% performance gains on large HTTP/1.1 downloads (on my
machine).
Closes #14098
Viktor Szakats (4 Jul 2024)
- tests: delete `CharConv` remains
Closes #14100
- GHA: bump macOS CMake job parallelism to 4 (nproc+1) [ci skip]
To match autotools ones and the rest of workflows.
Follow-up to 464282ddfb214917be3d143c035f178f3b77f209 #13807
Yedaya Katsman (4 Jul 2024)
- help: add flags to output and ssh categories
- Add --output, --remove-on-error, --output-dir and --created-dirs to
the output help category
- Add --hostpubmd5, --hostpubsha256, --insecure (-k), and --pubkey to
the ssh help category
Closes #14076
Stefan Eissing (4 Jul 2024)
- TODO: remove item about 'SSL_peak'
GnuTLS todo item about using an equivalent of `SSL_peak()`, which
nicely escaped the word checks, is no longer relevant.
We do not use `SSL_peek()` anymore since connection filters were
introduced.
Closes #14091
renovate[bot] (4 Jul 2024)
- GHA: update dependency gnutls/gnutls to v3.8.6
Closes #14094
- GHA: update fsfe/reuse-action action to v4
Closes #14095
Viktor Szakats (3 Jul 2024)
- GHA: Windows job exclusions tweaks
- disable SMTP tests in MSYS2/mingw-w64 and MSVC jobs.
On the suspicion of sometimes hanging:
https://github.com/curl/curl/actions/runs/9346162475/job/25720437944?pr=138
55#step:14:2838
https://github.com/curl/curl/actions/runs/9758011305/job/26931678639?pr=140
84#step:14:2834
https://github.com/curl/curl/actions/runs/9774468536/job/26982805294#step:1
1:4731
- run TFTP, MQTT, WebSockets tests in MSYS2/msys jobs again.
- switch hanging old-mingw-w64 7.3.0 job to Release (from Debug).
Guessing here, 9.5.0 is more solid, and one difference is
Debug/Release mode. Let's match 7.3.0 with that and see how it changes
hangs and flakiness.
The other difference is Unicode ON in 7.3.0. Flaky 6.3.0 was also
Debug, with Unicode OFF:
217878bade884202ee5fb2e80186c5fd130392e8 #13566.
(Unicode unlikely to play a role here IMO.)
If 7.3.0 keeps hanging / remains flaky I'll consider disabling its
test runs.
- opt-out from vcpkg telemetry.
Ref: https://github.com/curl/curl/pull/13599#issuecomment-2119372376
Closes #14085
renovate[bot] (3 Jul 2024)
- Dockerfile: update debian:bookworm-slim to 39868a6
Closes #14083
Daniel Stenberg (3 Jul 2024)
- FEATURES.md: refresh
- added lots of missing stuff
- rearranged a little
- remove all footnotes
Closes #14086
- RELEASE-NOTES: synced
- curl_easy_perform.md: call it network transfer, not file transfer
Viktor Szakats (2 Jul 2024)
- winbuild: MS-DOS batch tidy-ups
- prefer `.bat` extension over `.cmd` for MS-DOS batch, which also
avoids confusion with OS/400 `.cmd` files.
- cleanup `echo` quotes, drop them consistently.
- delete empty output line from one of the error branches.
- prefer lowercase commands like the rest of MS-DOS batches.
- delete a contraction.
- drop backticks from error message.
- use `nmake.exe` consistently.
- use equal/not-equal operator style consistently.
- inline a single-line `if` branch.
- delete exceptions and rules dealing with Windows `.cmd` extension.
Closes #14084
Stefan Eissing (2 Jul 2024)
- multi: fix pollset during RESOLVING phase
- add a DEBUGASSERT for when a transfer's pollset should not be empty.
- move write unpausing from transfer loop into curl_easy_pause. This
make sure that the url_updatesocket() finds the correct state when
updating socket events.
- fix HTTP/2 proxy during connect phase to set sockets correctly
- fix test2600 to simulate a socket set
- move write unpausing from transfer loop into curl_easy_pause. This
make sure that the url_updatesocket() finds the correct state when
updating socket events.
- waiting for the resolver to deliver might not involve any sockets to
wait for. Do not generate a warning.
Fixes #14047
Closes #14074
Daniel Stenberg (2 Jul 2024)
- cmdline-opts: shorten six help texts
o --location-trusted
o --next
o --parallel-immmediate
o --pinnedpubkey
o --proxy-pass
o --proxy-ssl-allow-beast
Closes #14075
- managen: fix removing backticks from subtitles
It erroneously removed them from the wrong variable.
Closes #14081
Viktor Szakats (2 Jul 2024)
- cmake: show protocols, then features
To match the order used by `curl -V` and `./configure`.
Closes #14082
- cmdline-docs: fix `--proxy-ca-native` example + tidy-ups
Also:
- fix an indentation.
- fix capitalized option in comment.
Closes #14078
- cmake: sync protocol/feature list with `curl -V` output
- sort features case-insensitively.
Requires CMake v3.13.0.
Follow-up to 0f26abeef1dd1d1a02f8e12dbc3d51e73e9d2e9c #14063
- convert protocol list to lowercase.
But leave it uppercase in `curl-config`.
Closes #14066
- GHA/badwords.yml: fixup indent for yamllint [ci skip]
renovate[bot] (1 Jul 2024)
- GHA: update dependency awslabs/aws-lc to v1.31.0
Closes #14080
Daniel Stenberg (1 Jul 2024)
- GHA/badwords.yml: check source code wording
Closes #14073
- code: language cleanup in comments
Based on the standards and guidelines we use for our documentation.
- expand contractions (they're => they are etc)
- host name = > hostname
- file name => filename
- user name = username
- man page => manpage
- run-time => runtime
- set-up => setup
- back-end => backend
- a HTTP => an HTTP
- Two spaces after a period => one space after period
Closes #14073
Yedaya Katsman (1 Jul 2024)
- docs: add RELEASE-TOOLS.md.dist to .gitignore
Closes #14079
Viktor Szakats (1 Jul 2024)
- libcurl.pc: add more `Requires.private`/`Requires` dependencies
- add `libmsh3` reference from cmake and autotools.
- add `mit-krb5-gssapi` reference from cmake.
It leaves GSS not set from autotools. The handling of heimdal in cmake
is fuzzy, that's probably missing too.
Follow-up to f057de5a1a950a90d1920021db152a4b695f1a8a #13911
Closes #14072
- cmake: improve wolfSSL detection
- support detecting wolfSSL via pkg-config (like autotools.)
- detect wolfSSL version.
- detect `HAVE_WOLFSSL_DES_ECB_ENCRYPT`.
(needs e.g. `--enable-curl` when building wolfSSL)
- detect `HAVE_WOLFSSL_FULL_BIO` and enable HTTPS-proxy feature.
(needs e.g. `--enable-opensslall` when building wolfSSL)
- fix to show `HTTPS-proxy` in cmake feature list.
Ref: 55807e6c056f27846d70cec70ee6ac3f0e5b3bbe #9962
- fix to show `NTLM` in cmake feature list.
- fix to show `smb` and `smbs` in cmake protocol list.
- add wolfSSL CMake job to GHA (for macOS).
- fix mqtt and wolfSSL symbol clash.
```
./curl/lib/mqtt.c: In function 'mqtt_doing':
./curl/lib/mqtt.c:746:17: error: declaration of 'byte' shadows a global dec
laration [-Werror=shadow]
746 | unsigned char byte;
| ^~~~
/opt/homebrew/Cellar/wolfssl/5.7.0_1/include/wolfssl/wolfcrypt/types.h:85:3
6: note: shadowed declaration is here
85 | typedef unsigned char byte;
| ^~~~
```
- format `FindWolfSSL.cmake` closer to neighbours.
Closes #14064
Daniel Stenberg (1 Jul 2024)
- curl_url_set: elaborate on scheme guessing
Explain a little more and refer to the CURLU_NO_GUESS_SCHEME flag
for getting scheme or URL.
Closes #14071
- docs: misc language polish
- CURLINFO_FILETIME*: improve language
- add '32bit' and '64bit' as bad words, use 32-bit and 64-bit
- mksymbolsmanpage.pl: avoid "will"
Closes #14070
- curl_easy_escape: elaborate a little on encoding a URL
Closes #14069
Viktor Szakats (1 Jul 2024)
- cmake: fix feature and protocol lists for SecureTransport
NTLM was missing from the features list, and SMB/SMBS from
the protocols list in SecureTransport builds.
Follow-up to 76a9c3c4be10b3d4d379d5b23ca76806bbae536a #3619
Reported-by: Tal Regev
Bug: https://github.com/curl/curl/pull/13963#issuecomment-2178791390
Closes #14065
Daniel Stenberg (1 Jul 2024)
- curl_str[n]equal.md: tidy up text to make them stand-alone
Previously this was one single manpage for two functions but as they are
two separate ones since a while back, they should each clearly document
their single specific functions.
Follow-up to eefcc1bda4bc
Closes #14068
- RELEASE-NOTES: synced
Tal Regev (30 Jun 2024)
- GHA: use vcpkg to install packages for MSVC jobs
- enable new dependencies for existing jobs.
- add cache for vcpkg packages.
- tidy-up CMake options and environment for vcpkg.
Closes #13979
Daniel Stenberg (30 Jun 2024)
- curl_mprintf.md: add missing comma
- CURLOPT_TLSAUTH_PASSWORD/USERNAME.md: language fixups
- relies *on* TLS SRP
- *for* the specific TLS backends
Closes #14061
- docs/libcurl: polish the single-line descriptions
- use imperative form
- use lowercase
- no period
- unify some phrases
- fix curl_multi_socket and curl_multi_socket_all to keep their own
descriptions
Closes #14062
Viktor Szakats (30 Jun 2024)
- cmake: alpha-sort feature list
Like autotools does.
Closes #14063
renovate[bot] (29 Jun 2024)
- GHA: update github/codeql-action digest to b611370
Closes #14058
Tatsuhiro Tsujikawa (29 Jun 2024)
- vquic: fix UDP_GRO struct cmsghdr data type
The data type for UDP_GRO in struct cmsghdr is int. Limit the usage of
UDP_GRO to linux only because it is not portable.
Closes #14056
Sertonix (29 Jun 2024)
- mk-ca-bundle.pl: delay 'curl -V' execution until it is needed
Avoid an `Can't exec "curl"` message when curl is not actually needed.
Closes #14060
Daniel Stenberg (29 Jun 2024)
- src/Makefile.am: remove SUBDIRS assignment
It was once used to continue into ../docs but is just leftovers now.
Closes #14054
z2_ (28 Jun 2024)
- x509asn1: remove superfluous free()
Stefan Eissing (28 Jun 2024)
- ngtcp2+quictls: fix cert-status use
- add test for --cert-status on all http versions
Reported-by: Dexter Gerig
Fixes #14049
Closes #14050
Daniel Stenberg (28 Jun 2024)
- RELEASE-PROCEDURE.md: update release date
- managen: insert final .fi for files ending with a quote
When an individual file ended with a quote (typically an example), the
render function would return without ending the quote correctly with a
".fi" (fill in) in the manpage output.
This made the additional text provided below to render wrongly.
Closes #14048
Junho Choi (28 Jun 2024)
- quic: update to quiche 0.22.0
quiche 0.22.0 will set SONAME in libquiche.so (libquiche.so.0) for
linux/BSDs. Install a symlink with SONAME.
Closes #14030
Closes #14046
Daniel Stenberg (28 Jun 2024)
- managen: introduce "Multi: per-URL"
For -O, -o and -T that are used once per specified URL.
Closes #14045
- quiche: fix operand of ‘?:’ changes signedness
... from ‘int’ to ‘curl_uint64_t’
Closes #14041
- GHA: add --enable-werror to the quiche job
Closes #14041
- KNOWN_BUGS: three new bugs
These have lingered in the issue tracker for a long time without action.
We don't expect any fixes in the near term either. Move them to the
KNOWN_BUGS document.
Closes #12177
Closes #12171
Closes #13350
Closes #14042
Viktor Szakats (27 Jun 2024)
- CI: add whitespace checker
Fix issues detected.
Also:
- One of the `.vc` files used LF EOLs, while the other didn't.
Make that one also use LF EOLs, as this is apparently supported by
`nmake`.
- Drop `.dsw` and `.btn` types from `.gitattributes`.
The repository doesn't use them.
- Sync section order with the rest of files in
`tests/certs/EdelCurlRoot-ca.prm`.
- Indent/align `.prm` and `.pem` files.
- Delete dummy `[something]` section from `.prm` and `.pem` files.
Mental note:
MSVC `.sln` files seem to accept spaces for indentation and also support
LF line-endings. I cannot test this and I don't know what's more
convenient when updating them, so left them as-is, with specific
exclusions.
Closes #14031
- CI: fix typo in job name
Closes #14040
Stefan Eissing (27 Jun 2024)
- tests/httpd: adjust ReadBufferSize for better performance
- list httpd and caddy versions in scorecard run
Closes #14039
Daniel Stenberg (27 Jun 2024)
- runtests: fix %VERNUM
It needs to be set to the leading digits and dots only, so that the
`-[date]` suffix strings are not included, as those used in the daily
snapshots.
Fixes #14035
Reported-by: Marcel Raad
Closes #14036
Philip Heiduck (27 Jun 2024)
- CI/synopsis.yml: run on `.md` files
Reported-by: Viktor Szakats
Fixes #14032
Closes #14037
Daniel Stenberg (27 Jun 2024)
- verify-synopsis.pl: work with .md files
Ref: #14037
Closes #14038
- conncache: done always evaluates to false
Follow-up to c9b95c0bb30f88bf00e1ac
Spotted by CodeSonar
Reviewed-by: Stefan Eissing
Closes #14034
- lib: add a few DEBUGASSERT(data) to aid code analyzers
... where 'data' is assumed to always work.
Closes #14033
- RELEASE-NOTES: synced
Viktor Szakats (26 Jun 2024)
- tidy-up: use `/usr/bin/env perl` shebang
Most Perl scripts already used it. Sync up the few outliers.
Closes #14029
Stefan Eissing (26 Jun 2024)
- quic: openssl quic, cmake and doc version update to 3.3.0
Closes #14028
- http/3: add shutdown support
- openssl-quic shutdown handling
- ngtcp2 shutdown handling
- quiche shutdown handling
- add test_19_06 for verfication
Reported-by: Dexter Gerig
Closes #14027
Fixes #14022
Daniel Stenberg (26 Jun 2024)
- tests: verify managen
1705: verifies the manpage output
1706: verifies the ascii output
Closes #14025
- runtests: support %DATE for YYYY-MM-DD of right now
- runtests: support %VERNUM
For the plain version number of the built curl without -DEV etc. Only
digits and dots.
- managen: only output .RE for manpage output
For ascii they are just rubbish.
Closes #14025
Tatsuhiro Tsujikawa (26 Jun 2024)
- quic: enable UDP GRO
Closes #14012
Stefan Eissing (26 Jun 2024)
- quic: require at least OpenSSL 3.3 for QUIC
- when checking for QUIC support in OpenSSL, also check
for it being at least 3.3.0
- remove workarounds for features buggy or missing in 3.2
Closes #14026
Daniel Stenberg (26 Jun 2024)
- FILEFORMAT.md: mentioned <file[num]> for "client"
They can be used to create more files.
Closes #14024
Marcel Raad (26 Jun 2024)
- system_win32: add missing curl.h include
It's required for `CURLcode`.
Closes https://github.com/curl/curl/pull/14019
Daniel Stenberg (26 Jun 2024)
- TODO: specify which response codes that make -f/--fail return error
Suggestion from the user survey 2024
Closes #14020
Stefan Eissing (26 Jun 2024)
- lib: graceful connection shutdown
When libcurl discards a connection there are two phases this may go
through: "shutdown" and "closing". If a connection is aborted, the
shutdown phase is skipped and it is closed right away.
The connection filters attached to the connection implement the phases
in their `do_shutdown()` and `do_close()` callbacks. Filters carry now a
`shutdown` flags next to `connected` to keep track of the shutdown
operation.
Filters are shut down from top to bottom. If a filter is not connected,
its shutdown is skipped. Notable filters that *do* something during
shutdown are HTTP/2 and TLS. HTTP/2 sends the GOAWAY frame. TLS sends
its close notify and expects to receive a close notify from the server.
As sends and receives may EAGAIN on the network, a shutdown is often not
successful right away and needs to poll the connection's socket(s). To
facilitate this, such connections are placed on a new shutdown list
inside the connection cache.
Since managing this list requires the cooperation of a multi handle,
only the connection cache belonging to a multi handle is used. If a
connection was in another cache when being discarded, it is removed
there and added to the multi's cache. If no multi handle is available at
that time, the connection is shutdown and closed in a one-time,
best-effort attempt.
When a multi handle is destroyed, all connection still on the shutdown
list are discarded with a final shutdown attempt and close. In curl
debug builds, the environment variable `CURL_GRACEFUL_SHUTDOWN` can be
set to make this graceful with a timeout in milliseconds given by the
variable.
The shutdown list is limited to the max number of connections configured
for a multi cache. Set via CURLMOPT_MAX_TOTAL_CONNECTIONS. When the
limit is reached, the oldest connection on the shutdown list is
discarded.
- In multi_wait() and multi_waitfds(), collect all connection caches
involved (each transfer might carry its own) into a temporary list.
Let each connection cache on the list contribute sockets and
POLLIN/OUT events it's connections are waiting for.
- in multi_perform() collect the connection caches the same way and let
them peform their maintenance. This will make another non-blocking
attempt to shutdown all connections on its shutdown list.
- for event based multis (multi->socket_cb set), add the sockets and
their poll events via the callback. When `multi_socket()` is invoked
for a socket not known by an active transfer, forward this to the
multi's cache for processing. On closing a connection, remove its
socket(s) via the callback.
TLS connection filters MUST NOT send close nofity messages in their
`do_close()` implementation. The reason is that a TLS close notify
signals a success. When a connection is aborted and skips its shutdown
phase, the server needs to see a missing close notify to detect
something has gone wrong.
A graceful shutdown of FTP's data connection is performed implicitly
before regarding the upload/download as complete and continuing on the
control connection. For FTP without TLS, there is just the socket close
happening. But with TLS, the sent/received close notify signals that the
transfer is complete and healthy. Servers like `vsftpd` verify that and
reject uploads without a TLS close notify.
- added test_19_* for shutdown related tests
- test_19_01 and test_19_02 test for TCP RST packets
which happen without a graceful shutdown and should
no longer appear otherwise.
- add test_19_03 for handling shutdowns by the server
- add test_19_04 for handling shutdowns by curl
- add test_19_05 for event based shutdowny by server
- add test_30_06/07 and test_31_06/07 for shutdown checks
on FTP up- and downloads.
Closes #13976
Daniel Stenberg (25 Jun 2024)
- managen: fix blank line detection
Follow-up to d14a53eea7b87 which ruined the output somewhat.
Closes #14017
- managen: output tabs for each 8 leading spaces
This replacing of eight leading spaces into tabs was already done for
the embedded uncompressed version in tool_hugehelp.c so it does not save
anything there. But the gzip compressed version ends up almost 2K
smaller.
The output in a terminal should be identical.
Before using TABs:
curl.txt 282492 bytes
curl.txt.gz 73261 bytes
With this change applied:
curl.txt 249382 bytes
curl.txt.gz 71470 bytes
Closes #14016
- managen: error on trailing blank lines in input files
Ref: #14014
Closes #14015
Viktor Szakats (25 Jun 2024)
- tidy-up: more whitespace
Closes #14014
Stefan Eissing (25 Jun 2024)
- multi: multi_getsock(), check correct socket
- in phase CONNECTING/TUNNELING/PROTOCONNECT, retrieve
the socket from the connection filters and do not rely
on `conn->sockfd` being already set by the transfer.
- this applies to the default behaviour, a protocol handler
may override this via its callbacks.
- add a warning message in multi_getsock() when the transfer
is expected to have something in its pollset, but instead
it is empty.
Reported-by: saurabhsingh-dev on github
Fixes #13998
Closes #14011
Daniel Stenberg (25 Jun 2024)
- managen: fix each options footer to end with newline
A previous change sometimes made a command line option's description not
end with a newline immediately before the next command line.
Also widened the lines to wrap on column 79 instead of 78.
Closes #14010
Alex Snast (25 Jun 2024)
- wolfssl: assume key_file equal to clientcert in the absence of key_file
When user sets CURLOPT_SSLCERT but leaves CURLOPT_SSLKEY unset assume
the path passed in CURLOPT_SSLCERT holds the ssl key which is what we do
in openssl implementation.
Fixes #14007
Closes #14008
Viktor Szakats (24 Jun 2024)
- autotools: fix pkg-config names (zstd, ngtcp2*)
Also verified that all names now match up with CMake.
Follow-up to f057de5a1a950a90d1920021db152a4b695f1a8a #13911
Follow-up to eeab0ea7aa19af61af881e8a0bf9ff1f2e28ef79 #13994
Reported-by: 李四
Fixes #14005
Closes #14006
- tidy-up: whitespace [ci skip]
Daniel Stenberg (24 Jun 2024)
- cmdline-docs: "added in" cleanups
- markup fixes
- remove some mentions of < 7.60.0 changes
Closes #14003
- RELEASE-NOTES: synced
- managen: "added in" fixes
- up the limit: remove all mentions of 7.60 or earlier from manpage
7.60 is 6 years old now.
- warn on "broken" added in lines, as they avoid detection
- fixup added in markup in a few curldown files
Closes #14002
Matt Jolly (24 Jun 2024)
- configure: fix pkg-config library name 'libnghttp3'
Closes #13994
Daniel Stenberg (24 Jun 2024)
- managen: cleanups to generate nicer-looking output
- output "see also" last
- when there are multiple mutex items, use commas between all of them
except the last.
- call them mututally exclusive WITH not TO other options.
- remove trailing space from added in, add newline prefix
- smoother language for requires
Closes #14001
- configure: require a QUIC library if nghttp3 is used
Instead of just silently disabling HTTP/3.
Reported-by: Matt Jolly
Fixes #13995
Closes #13999
- docs/cmdline-opts: remove two superfluous "Added in" mentions
The key "added in" phrase for the option itself is added automatically.
Closes #14000
- cookie-jar.md: see also --junk-session-cookies
Closes #13996
- runtests: support crlf="yes" for the <stderr> section
- TODO: -h option
Support "curl -h --insecure" etc to output the manpage section for the
--insecure command line option in the terminal. Should be possible to
work with either long or short versions of command line options.
Closes #13990
- trace-ascii.md: mention "%" for stderr
Closes #13991
- connect-to.md: expand with examples
- add referer from the resolve section to connect-to if user wants
wildcard for the port number
Closes #13989
- TODO: connect to multiple IPs in parallel
Closes #13986
- dump-header.md: mention minus for stdout
Closes #13985
- CURLOPT_RESOLVE.md: mention hostname can be wildcard ('*')
Closes #13983
Andy Pan (22 Jun 2024)
- cf-socket: optimize curlx_nonblock() and check its return error
Reviewed-by: Stefan Eissing
Closes #13942
z2_ (22 Jun 2024)
- x509asn1: prevent NULL dereference
Closes #13978
Daniel Stenberg (19 Jun 2024)
- unit2604: use 'unitfail' instead of 'error' variable
Since the framework is already returning that variable by default.
Avoids a warning for unreachable code.
Reported-by: Tal Regev
Fixes #13967
Closes #13973
- KNOWN_BUGS: TFTP tests fail on OpenBSD
Closes #13623
Closes #13975
- VULN-DISCLOSURE-POLICY: NULL dereferences and crashes
If a malicious server can trigger a NULL dereference in curl or
otherwise cause curl to crash (and nothing worse), chances are big that
we do not consider that a security problem.
Closes #13974
- RELEASE-NOTES: synced
Sergey Markelov (19 Jun 2024)
- mbedtls: support CURLOPT_CERTINFO
Closes #13113
Daniel Stenberg (19 Jun 2024)
- x509asn1: ASN1tostr() should fail when 'constructed' is set
This is a regression from my refactor in 623c3a8fa0bdb (#12808)
Follow-up to 623c3a8fa0bdb2751f14b37417
Closes #13972
- x509asn1: remove two static variables
cnOID and sanOID were not used outside of the OID table anyway
Closes #13971
brian m. carlson (18 Jun 2024)
- TODO: TLS channel binding
Closes #13483
Tal Regev (17 Jun 2024)
- cmake: add CURL_USE_GSASL option with detection + CI test
Reviewed-by: Viktor Szakats
Closes #13948
Daniel Stenberg (16 Jun 2024)
- x509asn1: make Curl_extract_certinfo store error message
To help us all better understand where the error actually comes from.
Ref: #13958
Closes #13959
Viktor Szakats (15 Jun 2024)
- appveyor: dump build logs on failure in VS2008 jobs
This seems to be the only way to see what actual toolchain commands were
run, and with what arguments.
Without `dos2unix`, `cat` output comes out empty.
Closes #13957
- cmake: fix quotes when appending multiple options (SecureTransport)
Copied from a vcpkg distro patch:
https://github.com/microsoft/vcpkg/blob/02745e0f4749d1f51d2025824209408f5a6c3
614/ports/curl/dependencies.patch#L43C38-L44
Ref: https://github.com/microsoft/vcpkg/pull/38847
Ref: https://github.com/microsoft/vcpkg/commit/795f2f137e6cf6d985fcc927bffcaf
9c0a96e4ac
Ref: https://github.com/microsoft/vcpkg/pull/38847/commits/36f0c917de5319e953
61451fc0aef0698b264874#diff-ab5c23e5dc5df412539cc93e24b37abbc588e1918236f8abc
019d676b270c85fR39 (sub-commit)
Authored-by: Kai Pastor
Closes #13953
Daniel Stenberg (15 Jun 2024)
- CURLOPT_NETRC.md: clarify what it does on Windows
Closes #13956
- KNOWN_BUGS: "HTTP/2 + TLS spends a lot of time in recv"
Closes #13416
Closes #13955
- RELEASE-NOTES: synced
Yedaya Katsman (14 Jun 2024)
- examples: add missing binaries to .gitignore
They were showing as changed when built. Add them sorted alphabetically,
while also moving a few more entries to sorted order.
Closes #13952
- docs: reference non deprecated libcurl options
There are a places where man pages reference deprecated CURLOPT options,
where it doesn't make sense, replace them with the reccomended
replacement option.
also remove reference to the removed mesalink TLS backend
Closes #13951
Daniel Stenberg (14 Jun 2024)
- gnutls: pass in SNI name, not hostname when checking cert
The function we use is called 'gnutls_x509_crt_check_hostname()' but if
we pass in the hostname with a trailing dot, the check fails. If we pass
in the SNI name, which cannot have a trailing dot, it succeeds for
https://pyropus.ca./
I consider this as a flaw in GnuTLS and have submitted this issue
upstream:
https://gitlab.com/gnutls/gnutls/-/issues/1548
In order to work with old and existing GnuTLS versions, we still need
this change no matter how they view the issue or might change it in the
future.
Fixes #13428
Reported-by: Ryan Carsten Schmidt
Closes #13949
- BINDINGS: update java link to one that exists
The previous java binding seems to have vanished. Link to one that still
exists.
Bug: https://github.com/curl/everything-curl/issues/456
Reported-by: Jiang Wenjian
Closes #13950
renovate[bot] (14 Jun 2024)
- GHA: update pinned actions
- github/codeql-action digest to 23acc5c
- actions/checkout digest to 692973e
- rojopolis/spellcheck-github-actions digest to d354a4d
Closes #13935
Closes #13945
Closes #13946
Jay Satiro (14 Jun 2024)
- tool_cb_hdr: allow etag and content-disposition for 3xx reply
- Parse etag and content-disposition headers for 3xx replies.
For example, a server may send a content-disposition filename header
with a redirect reply (3xx) but not with the final response (2xx).
Without this change curl would ignore the server's specified filename
and continue to use the filename extracted from the user-specified URL.
Prior to this change, 75d79a4 had limited etag and content-disposition
to 2xx replies only.
Tests-by: Daniel Stenberg
Reported-by: Morgan Willcock
Fixes https://github.com/curl/curl/issues/13302
Closes #13484
Daniel Stenberg (13 Jun 2024)
- transfer: set CSELECT_IN if there is data pending
When aborting the transfer loop early, like when there is rate limiting
in effect, there might be buffered data already read off the socket so
the socket might not signal reability. Therefore we must set the
CSELECT_IN manually if data_pending_() suggests there might be more data
to get. This is particularly noticeable with SSH when the underlying
library has drained the socket and holds pending data in its buffer.
Reported-by: alervd on github
Fixes #13695
Closes #13943
Viktor Szakats (13 Jun 2024)
- cmake: enable SOVERSION for Cygwin and `CMAKE_DLL_NAME_WITH_SOVERSION`
- enable SOVERSION when `CMAKE_DLL_NAME_WITH_SOVERSION=ON` is set.
Ref: https://cmake.org/cmake/help/v3.27/variable/CMAKE_DLL_NAME_WITH_SOVERS
ION.html
Use: https://github.com/search?q=-DCMAKE_DLL_NAME_WITH_SOVERSION&type=code
- enable SOVERSION for Cygwin builds by default.
Ref: #13936
Ref: #13944
Closes #13898
- cmake: allow SOVERSION override with `CURL_LIBCURL_SOVERSION`
Allow overriding SOVERSION with the new CMake option:
`CURL_LIBCURL_SOVERSION=ON/OFF`
For certain target platforms the shared libcurl library filename
contains the SOVERSION. This new option allows to enable/disable
this behavior manually. If set, it takes precedence over the default
setting.
Ref: #13898
Closes #13944
renovate[bot] (13 Jun 2024)
- Dockerfile: update debian:bookworm-slim to 84d83b2
Closes #13934
Daniel Stenberg (13 Jun 2024)
- configure: use AC_MSG_WARN for TLS/experimental warning texts
- no longer warns for mbedtls
- warns for each item on individual lines
- no longer shows irrelevant TLS libraries when multiple are selected
- removes ech repetition
Closes #13941
- GHA: detect and warn for more English contractions
As we try to avoid them in curl documentation
Closes #13940
Stefan Eissing (13 Jun 2024)
- transfer: do not use EXPIRE_NOW while blocked
- When a transfer sets `data->state.select_bits`, it is
scheduled for rerun with EXPIRE_NOW. If such a transfer
is blocked (due to PAUSE, for example), this will lead to
a busy loop.
- multi.c: check for transfer block
- sendf.*: add Curl_xfer_is_blocked()
- sendf.*: add client reader `is_paused()` callback
- implement is_paused()` callback where needed
Closes #13908
renovate[bot] (13 Jun 2024)
- ci: update dependency ngtcp2/ngtcp2 to v1.6.0
Closes #13939
- ci: update ngtcp2/nghttp3 to v1.4.0
Closes #13938
Viktor Szakats (13 Jun 2024)
- cmake: stop setting SOVERSION for the static lib target
Also move the logic closer to its use and related tidy-ups.
Cherry-picked from #13898
Closes #13936
Patrick Monnerat (13 Jun 2024)
- os400: make it compilable again
A newly introduced use of getsockname() in the cli tool makes it require
the ascii wrapper module, which is not available outside of the library:
as the tool only uses the address family field (binary), disable
wrappers outside of libcurl.
Fix setsockopt() parameter type mismatch using a (void *) cast.
Sync ILE/RPG binding.
Closes #13930
Viktor Szakats (13 Jun 2024)
- libcurl.pc: add `Requires.private`, `Requires` for static linking
- cmake: populate for dependencies.
- autotools: populate for dependencies.
(including mbedtls, though the script does not detect
mbedtls through pkgconfig. mbedtls 3.6.0 now supports it.)
Skip dealing with gssapi in this patch.
Fixes #864
Closes #13911
- cmake: bring `curl-config.cmake` closer to `FindCURL`
Set `CURL_LIBRARIES` and `CURL_INCLUDE_DIRS` variables
for compatibility with CMake's `FindCURL.cmake`:
https://github.com/Kitware/CMake/blob/b411d0146c2e06acfb0c823bb039e99f0191b61
1/Modules/FindCURL.cmake#L209
For dependent projects, CMake's suggestion is to replace
`CURL_LIBRARIES` with `CURL::libcurl`, and drop `CURL_INCLUDE_DIRS`.
Reported-by: Aurélien Pierre
Ref: https://curl.se/mail/lib-2024-06/0014.html
Ref: https://gitlab.kitware.com/cmake/cmake/-/issues/24580
Closes #13897
Daniel Stenberg (13 Jun 2024)
- tool_getparam: fix the bsearch call for ip-tos names
Follow-up to 3c20ae08b9591
Reported-by: Samuel Chiang
Fixes #13932
Closes #13933
- request: change the struct field bodywrites to a bool, only for hyper
Only hyper needs to know this, and it can use it as a boolean.
Closes #13928
Andy Pan (12 Jun 2024)
- test: fix CURLOPT_TCP_KEEPCNT typo
Follow up to b77d627d242
Closes #13931
Daniel Stenberg (12 Jun 2024)
- http: remove "struct HTTP"
It is not actually used anymore and only contained a dummy struct field.
Remove all traces and uses of it.
Closes #13927
- cd2nroff: convert two warnings to errors
Since the warnings tend to get missed too easily and these are problems
we rather want addressed than letting slide.
Closes #13929
- urlapi: use a correct value for CURLU_NO_GUESS_SCHEME
It was mistakenly set to the same value as CURLU_GET_EMPTY uses.
Reported-by: Patrick Monnerat
Bug: https://github.com/curl/curl/commit/655d44d139489625e77cf6790d36
Closes #13926
- file: separate fake headers and body with a stand-alone CRLF
Instead of bolting on the extra CRLF to the final header - as that makes
the behavior inconsistent and not as documented. The final CRLF is now
also made unconditional, just like it is for HTTP.
Reported-by: dogma
Bug: https://curl.se/mail/lib-2024-06/0033.html
Closes #13925
- RELEASE-NOTES: synced
Andy Pan (12 Jun 2024)
- tcpkeepalive: add CURLOPT_TCP_KEEPCNT and --keepalive-cnt
Closes #13885
Daniel Stenberg (12 Jun 2024)
- TODO: make it "Add missing features to TLS backends"
... instead of just mentioning CA caching.
Closes #13924
Orgad Shaneh (11 Jun 2024)
- curl: support VLAN Priority: --vlan-priority
Add --vlan-priority option to the command line tool for setting VLAN
priority.
Closes #13907
RainRat (11 Jun 2024)
- misc: fix typos
Closes #13923
Daniel Stenberg (11 Jun 2024)
- CURLOPT_ECH.md: remove repeated 'if'
Closes #13922
- vms: fixed language in comment
It started with me fixing a repeated "are are" but the wording was
incomprehensible so I tried to untangle it.
Closes #13921
Stefan Eissing (11 Jun 2024)
- lib: xfer_setup and non-blocking shutdown
- clarify Curl_xfer_setup() with RECV/SEND flags and different calls for
which socket they operate on. Add a shutdown flag for secondary
sockets
- change Curl_xfer_setup() calls to new functions
- implement non-blocking connection shutdown at the end of receiving or
sending a transfer
Closes #13913
Daniel Stenberg (11 Jun 2024)
- test1486: verify that write-out.md and tool_writeout.c are in sync
- also verify alphabetialal order in the source
- add two missing variables to write-out.md
Closes #13920
Viktor Szakats (11 Jun 2024)
- GHA: add cmake MSYS2 native job
curl, libcurl, examples, build-only.
To compare build behaviour with autotools.
Closes #13917
Daniel Stenberg (11 Jun 2024)
- openssl: shortcut store_expired for negative timeouts
Avoid some unnecessary computation if the timeout is negative.
Spotted by CodeSonar
Closes #13919
- RELEASE-NOTES: synced
- curl: support -w '%{num_retries}
Suggested-by: Jay Guerette
Ref: https://github.com/curl/curl/discussions/13901
Closes #13910
Guilherme Puida (11 Jun 2024)
- pytest: include testenv/vsftpd.py in dist tarball
Closes #13918
Viktor Szakats (11 Jun 2024)
- DISTROS: add MSYS2 (native) links
Also rename existing 'MSYS2' to 'MSYS2 (mingw-w64)'.
Closes #13915
Daniel Stenberg (10 Jun 2024)
- tool_writeout: get certinfo only when needing it
Removes a fairly expensive libcurl call when not necessary
Closes #13914
- tool_writeout: bsearch the variable name
As the list of variable names grows, doing a simple loop to find the
name get increasingly worse. This switches to a bsearch.
Also: do a case sensitive check for the variable name. The names have
not been documented to be case insensitive and there is no point in
having them so.
Closes #13914
Stefan Eissing (10 Jun 2024)
- multi: prepare multi_wait() for future shutdown usage
- new struct curl_pollfds and struct curl_waitfds
- add structs and methods to init/add/cleanup an array of pollfd and
struct curl_waitfd. Use in multi_wait() and multi_waitfds() to
populate the sets for polling.
- place USE_WINSOCK WSAEventSelect() setting into a separate loop over
all collected pfds
Closes #13900
- connection: shutdown TLS (for FTP) better
This adds connection shutdown infrastructure and first use for FTP. FTP
data connections, when not encountering an error, are now shut down in a
blocking way with a 2sec timeout.
- add cfilter `Curl_cft_shutdown` callback
- keep a shutdown start timestamp and timeout at connectdata
- provide shutdown timeout default and member in
`data->set.shutdowntimeout`.
- provide methods for starting, interrogating and clearing
shutdown timers
- provide `Curl_conn_shutdown_blocking()` to shutdown the
`sockindex` filter chain in a blocking way. Use that in FTP.
- add `Curl_conn_cf_poll()` to wait for socket events during
shutdown of a connection filter chain.
This gets the monitoring sockets and events via the filters
"adjust_pollset()" methods. This gives correct behaviour when
shutting down a TLS connection through a HTTP/2 proxy.
- Implement shutdown for all socket filters
- for HTTP/2 and h2 proxying to send GOAWAY
- for TLS backends to the best of their capabilities
- for tcp socket filter to make a final, nonblocking
receive to avoid unwanted RST states
- add shutdown forwarding to happy eyeballers and
https connect ballers when applicable.
Closes #13904
Daniel Stenberg (7 Jun 2024)
- CURLOPT_CONNECTTIMEOUT*: clarify, document the milliseond version
Provide an explanation in the CURLOPT_CONNECTTIMEOUT_MS page instead of
just referring to the non-MS version.
Closes #13905
- cmdline-opts: tidy up --ip-tos and --mptcp
To make them render nicer in the manpage and minor polish.
Closes #13906
- RELEASE-NOTES: synced
Dorian Craps (7 Jun 2024)
- curl: (on linux) add MPTCP support
Multipath TCP (MPTCP), standardized in RFC8684 [1], is a TCP extension
that enables a TCP connection to use different paths.
Multipath TCP has been used for several use cases. On smartphones, MPTCP
enables seamless handovers between cellular and Wi-Fi networks while
preserving established connections. This use-case is what pushed Apple
to use MPTCP since 2013 in multiple applications [2]. On dual-stack
hosts, Multipath TCP enables the TCP connection to automatically use the
best performing path, either IPv4 or IPv6. If one path fails, MPTCP
automatically uses the other path.
To benefit from MPTCP, both the client and the server have to support
it. Multipath TCP is a backward-compatible TCP extension that is enabled
by default on recent Linux distributions (Debian, Ubuntu, Redhat, ...).
Multipath TCP is included in the Linux kernel since version 5.6 [3]. To
use it on Linux, an application must explicitly enable it when creating
the socket. No need to change anything else in the application.
This attached patch adds an --mptcp option which allows the creation of
an MPTCP socket instead of TCP on Linux. If Multipath TCP is not
supported on the system, an error will be reported. It is important to
note that if the end server doesn't support MPTCP, the connection will
continue after a seamless fallback to TCP.
Link: https://www.rfc-editor.org/rfc/rfc8684.html [1]
Link: https://www.tessares.net/apples-mptcp-story-so-far/ [2]
Link: https://www.mptcp.dev [3]
Co-developed-by: Dorian Craps (@CrapsDorian) <doriancraps@gmail.com>
Co-developed-by: Olivier Bonaventure (@obonaventure) <Olivier.Bonaventure@ucl
ouvain.be>
Co-developed-by: Matthieu Baerts (@matttbe) <matttbe@kernel.org>
Signed-off-by: Dorian Craps <dorian.craps@student.vinci.be>
Closes #13278
Orgad Shaneh (7 Jun 2024)
- curl: support IP Type of Service / Traffic Class: --ip-tos
Add --ip-tos option to the command line tool for setting TOS for IPv4 or
Traffic Class for IPv6.
Closes #13606
Andy Pan (7 Jun 2024)
- socketpair: provide `Curl_socketpair` only when `!CURL_DISABLE_SOCKETPAIR`
Ref: https://curl.se/dev/log.cgi?id=20240605035856-3529577
Reported-by: Marcel Raad
Closes #13888
Daniel Stenberg (7 Jun 2024)
- noproxy: test bad ipv6 net size first
No need to parse anything if the size is out of range.
Added some tests to this effect to test 1614.
Closes #13902
- managen: warn on excessively long help texts
Help texts at 49 characters or longer get a warning displayed because
they make --help output uglier and we should make an effort to keep the
help texts short and succinct.
The warning is only for display, it does not break the build. That is
left for the future if necessary.
I picked 49 because the longest current text is 48.
Closes #13895
Viktor Szakats (5 Jun 2024)
- lib: tidy up types and casts
Cherry-picked from #13489
Closes #13862
Daniel Stenberg (5 Jun 2024)
- cmdline-opts/ech.md: shorten the help text
To make --help look sensible again
Closes #13894
- cmdline-opts/_PROTOCOLS.md: mention WS(S)
Closes #13891
Viktor Szakats (5 Jun 2024)
- GHA: disable TFTP and WebSockets tests in old-mingw-w64
Follow-up to 03bd16e5339b069aa9409b75fcab2b21fd3a4b16 #13860
Follow-up to def7d05382743ea7aa1d356d1e41dcb22ecdd4d7
Daniel Stenberg (5 Jun 2024)
- cmdline-opts/fail.md: expand and clarify
Closes #13890
- doh-insecure.md: expand
Closes #13889
- cmdline: expand proxy option explanations
- do less references to other options
- provide more specific text about proxies
- added more see-also references
Closes #13887
- cmdline-opts: expand the parallel explanations
Closes #13886
- RELEASE-NOTES: synced
Stefan Eissing (5 Jun 2024)
- vtls: new io_need flags for poll handling
- decouple need to recv/send from negotiation state, we need
this later in shutdown handling as well
- move ssl enums from urldata.h to vtls_int.h
- implement use of `connssl->io_need` in vtls.c. and all backends
Closes #13879
Daniel Stenberg (5 Jun 2024)
- cfilters: make Curl_conn_connect always assign 'done'
It could return error without assigning it, and we have a caller in
multi.c that assumes it gets set.
Spotted by CodeSonar
Closes #13884
- CURLOPT_INTERFACE.md: quote the less-than and larger-than
Fixes the warnings shown on stderr.
Follow-up from 3060557af702dd5
Closes #13883
- cmdline-opts/interface.md: expand the documentation
Explain the syntax it supports.
Closes #13882
- url: allow DoH transfers to override max connection limit
When reaching the set maximum limit of allowed connections, allow a new
connection anyway if the transfer is created for the (internal) purpose
of doing a DoH name resolve. Otherwise, unrelated "normal" transfers can
starve out new DoH requests making it impossible to name resolve for new
transfers.
Bug: https://curl.se/mail/lib-2024-06/0001.html
Reported-by: kartatz
Closes #13880
Viktor Szakats (5 Jun 2024)
- windows: fix UWP builds, add GHA job
Add new job to test building for UWP (aka `CURL_WINDOWS_APP`).
Fix fallouts when building for UWP:
- rand: do not use `BCryptGenRandom()`.
- cmake: disable using win32 LDAP.
- cmake: disable telnet.
- version_win32: fix code before declaration.
- schannel: disable `HAS_MANUAL_VERIFY_API`.
- schannel: disable `SSLSUPP_PINNEDPUBKEY`
and make `schannel_checksum()` a stub.
Ref: e178fbd40a896f2098278ae61e1166c88e7b31d0 #1429
- schannel: make `cert_get_name_string()` a failing stub.
- system_win32: make `Curl_win32_impersonating()` a failing stub.
- system_win32: try to fix `Curl_win32_init()` (untested).
- threads: fix to use `CreateThread()`.
- src: disable searching `PATH` for the CA bundle.
- src: disable bold text support and capability detection.
- src: disable `getfiletime()`/`setfiletime()`.
- tests: make `win32_load_system_library()` a failing stub.
- tests/server/util: make it compile.
- tests/server/sockfilt: make it compile.
- tests/lib3026: fix to use `CreateThread()`.
See individual commits for build error details.
Some of these fixes may have better solutions, and some may not work
as expected. The goal of this patch is to make curl build for UWP.
Closes #13870
Orgad Shaneh (4 Jun 2024)
- socket: support binding to interface *AND* IP
Introduce new notation for CURLOPT_INTERFACE / --interface:
ifhost!<interface>!<host>
Binding to an interface doesn't set the address, and an interface can
have multiple addresses.
When binding to an address (without interface), the kernel is free to
choose the route, and it can route through any device that can access
the target address, not necessarily the one with the chosen address.
Moreover, it is possible for different interfaces to have the same IP
address, on which case we need to provide a way to be more specific.
Factor out the parsing part of interface option, and add unit tests:
1663.
Closes #13719
Andy Pan (4 Jun 2024)
- socketpair: add `eventfd` and use `SOCK_NONBLOCK` for `socketpair()`
Currently, we use `pipe` for `wakeup_create`, which requires ***two***
file descriptors. Furthermore, given its complexity inside, `pipe` is a
bit heavyweight for just a simple event wait/notify mechanism.
`eventfd` would be a more suitable solution for this kind of scenario,
kernel also advocates for developers to use `eventfd` instead of `pipe`
in some simple use cases:
Applications can use an eventfd file descriptor instead of a pipe
(see pipe(2) in all cases where a pipe is used simply to signal
events. The kernel overhead of an eventfd file descriptor is much
lower than that of a pipe, and only one file descriptor is required
(versus the two required for a pipe).
This change adds the new backend of `eventfd` for `wakeup_create` and
uses it where available, eliminating the overhead of `pipe`. Also, it
optimizes the `wakeup_create` to eliminate the system calls that make
file descriptors non-blocking by moving the logic of setting
non-blocking flags on file descriptors to `socketpair.c` and using
`SOCK_NONBLOCK` for `socketpair(2)`, `EFD_NONBLOCK` for `eventfd(2)`.
Ref:
https://man7.org/linux/man-pages/man7/pipe.7.html
https://man7.org/linux/man-pages/man2/eventfd.2.html
https://man7.org/linux/man-pages/man2/socketpair.2.html
https://www.gnu.org/software/gnulib/manual/html_node/eventfd.html
Closes #13874
renovate[bot] (4 Jun 2024)
- ci: update github/codeql-action digest to 2e230e8
Closes #13881
Jay Satiro (4 Jun 2024)
- examples/threaded-ssl: remove locking callback code
- Remove the locking callback code that demonstrates how to meet
requirements of threading libraries (mainly OpenSSL).
Locking callback code has not been needed for many years. According to
the documentation for OpenSSL and GnuTLS they are thread-safe by design,
assuming support for the underlying OS threading API is built-in.
Ref: https://github.com/curl/curl/pull/13850#issuecomment-2143538458
Closes https://github.com/curl/curl/pull/13851
Viktor Szakats (4 Jun 2024)
- tests: delete redundant `!MSDOS` guard
This fix was supposed to be committed earlier, but ended up missing from
the final commit.
Follow-up to e9a7d4a1c8377dbcf9a2d94365f60e3e5dff48f8 #12376
Closes #13878
- lib: fix thread entry point to return `DWORD` on WinCE
We already do this in `tests/server/util.c`:
https://github.com/curl/curl/blob/97e5e37cc8269660bc5d4a1936f10f2390b97c5a/te
sts/server/util.c#L604-L606
and in `sockfilt.c`, `lib3026.c`.
Before this patch it returned `unsigned int`.
Closes #13877
Andy Pan (4 Jun 2024)
- socket: use SOCK_NONBLOCK to eliminate extra system call
Every time function `cf_socket_open()` is called to create a socket,
`curlx_nonblock()` is called to make that socket non-blocking. And
`curlx_nonblock()` will cost us 1 or 2 system calls (2 for `fcntl()`, 1
for `ioctl()`, etc.), meanwhile, tucking `SOCK_NONBLOCK` and
`SOCK_CLOEXEC` into the `type` argument for `socket()` is widely
supported across UNIX-like OS: Linux, *BSD, Solaris, etc. With that
ability, we can save 1 or 2 system calls on each socket.
Another change in this PR is to eliminate the redundant
`curlx_nonblock()` call on the socket in `cf_udp_setup_quic()` as that
socket created by `cf_socket_open()` is already non-blocking.
Ref:
https://man7.org/linux/man-pages/man2/socket.2.html
https://man.freebsd.org/cgi/man.cgi?socket(2)
https://man.dragonflybsd.org/?command=socket§ion=2
https://man.netbsd.org/socket.2
https://man.openbsd.org/socket
https://docs.oracle.com/cd/E88353_01/html/E37843/socket-3c.html
https://illumos.org/man/3SOCKET/socket
...
Closes #13855
Viktor Szakats (4 Jun 2024)
- GHA: show cmake error log in Windows and non-native workflows
CMake configure doesn't fail often, but when it does, it helps to see
its `CMakeFiles/CMakeConfigureLog.yaml` output. This file is present
since CMake v3.26:
https://cmake.org/cmake/help/v3.26/manual/cmake-configure-log.7.html
(Older CMake versions save similar contend to
`CMakeFiles\CMakeOutput.log` and
`CMakeFiles\CMakeError.log`. This patch doesn't deal with that because
the workflows touched are all running a newer CMake.)
After this patch, we dump the content if cmake fails. Syncing this with
autotools, where we already did that.
Closes #13872
- GHA: switch a Windows job to UCRT (gcc)
Cherry-picked from #13870
- curl-config: revert to backticks to support old target envs
Make an exception for `curl-config` because this script that may be
running on any target system, including old ones, e.g. SunOS 5.10.
Reported-by: Alejandro R. Sedeño
Ref: https://github.com/curl/curl/pull/13307#issuecomment-2146427358
Follow-up to fa69b41c7790fab86fd363242c81d8ef2e89e183 #13307
Closes #13871
Stefan Eissing (4 Jun 2024)
- mbedtls: v3.6.0 workarounds
- add special sauce to disable unwanted peer verification by mbedtls
when negotiating TLS v1.3
- add special sauce for MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET
return code on *writing* TLS data. We assume the data had not been
written and EAGAIN.
- return correct Curl error code when peer verification failed.
- disable test_08_05 with 50 HTTP/1.1 connections, as mbedtls reports a
memory allocation failed during handshake.
- bump CI mbedtls version to 3.6.0
Fixes #13653
Closes #13838
- gnutls: support CA caching
- similar to openssl, use a shared 'credentials' instance
among TLS connections with a plain configuration.
- different to openssl, a connection with a client certificate
is not eligible to sharing.
- document CURLOPT_CA_CACHE_TIMEOUT in man page
Closes #13795
Dan Fandrich (3 Jun 2024)
- tests: don't log buffer length in throwing away message
It's not available at that point, and it will be written in the
non-error case right afterward.
- tests: log "Throwing away" messages before throwing away
In case the read that follows hangs we'll get a clue as to what it was
doing.
- CI: reduce memory request for FreeBSD builds
Also, add a comment with link to the Cirrus credit page since it's not
easy to find otherwise.
Andy Pan (3 Jun 2024)
- tcpkeepalive: support setting TCP keep-alive parameters on Solaris <11.4
Solaris didn't support TCP_KEEPIDLE and TCP_KEEPINTVL until 11.4,
before that it use TCP_KEEPALIVE_THRESHOLD and TCP_KEEPALIVE_ABORT_THRESHOLD
as the substitute. Therefore, for Solaris <11.4 we need to use this substitut
e
for setting TCP keep-alive parameters.
Ref:
https://docs.oracle.com/cd/E86824_01/html/E54777/tcp-7p.html
https://docs.oracle.com/cd/E88353_01/html/E37851/tcp-4p.html
Closes #13864
Daniel Stenberg (3 Jun 2024)
- KNOWN_BUGS: quiche: QUIC connection is draining
Closes #12037
Closes #13867
- KNOWN_BUGS: aws-sigv4 has problems with particular URLs
Closes #13058
Closes #13866
- KNOWN_BUGS: aws-sigv4 does not handle multipart/form-data correctly
Closes #13351
Closes #13866
- RELEASE-NOTES: synced
Viktor Szakats (3 Jun 2024)
- GHA: fix old mingw-w64 32-bit job
This toolchain resides in the `mingw32` directory. Make sure to
configure `PATH` accordingly.
Before this patch, it pointed to a non-existing `mingw64` directory,
making the job use the wrong compiler (gcc 12, 64-bit).
Follow-up to e838b341a08b44d4a8486fb0d3f15d12fc794c62 #12927
Closes #13863
Daniel Stenberg (2 Jun 2024)
- tool_cb_hdr: return error for failed header writes
By checking that fflush() works.
Reported-by: Sebastian Andersson
Fixes #13836
Closes #13859
Viktor Szakats (2 Jun 2024)
- GHA: bump all build jobs to nproc+1
- bump rest of the workflows (windows, macos, distrocheck).
- non-native virtualized envs have 2 CPUs, bump down accordingly.
(for `vmactions/omnios-vm` it's just a guess.)
- bump all to nproc + 1.
Follow-up to e838b341a08b44d4a8486fb0d3f15d12fc794c62 #12927
Closes #13807
- GHA: disable MQTT and WebSocket tests in Windows jobs
Trying to figure out which category is causing the remaining hangs.
Follow-up to def7d05382743ea7aa1d356d1e41dcb22ecdd4d7
Closes #13860
- lib/v*: tidy up types and casts
Also add a couple of negative checks.
Cherry-picked from #13489
Closes #13622
- GHA: fix caching old mingw-w64 toolchains in the Windows workflow
- stop altering the `PATH` via `GITHUB_ENV`. This confused the
`actions/cache` post-job, which needs to run in the exact same
environment as its pre-job, to have a consistent cache entry "version"
hash. Altering the `PATH` via `GITHUB_ENV` spills into the the
post-job and breaks this hash. GHA doesn't reset the env automatically
and I have not found a way to do it manually.
- add double-quotes where missing.
- move cache directory under `USERPROFILE` to not rely on absolute
paths.
- make cache directory flatter and versionless.
Follow-up to 0914d8aadddac0d1459673d5b7f77e8f3378b22b #13759
Closes #13856
renovate[bot] (2 Jun 2024)
- ci: pin actions/github-script action to 60a0d83
Closes #13846
Bo Anderson (2 Jun 2024)
- x509asn1: add some common ECDSA OIDs
Closes #13857
renovate[bot] (2 Jun 2024)
- ci: update rojopolis/spellcheck-github-actions digest to e36f662
Closes #13852
Bo Anderson (2 Jun 2024)
- x509asn1: fallback to dotted OID representation
Reported-by: Luke Hamburg
Fixes #13845
Closes #13858
Lee Li (2 Jun 2024)
- request.md: language fix
improved for better readability and correctness
Closes #13854
Christian Schmitz (2 Jun 2024)
- vtls: deprioritize Secure Transport
Moved Secure Transport behind OpenSSL, so we can build CURL with both
and prefer using OpenSSL over Secure Transport by default.
Closes #13547
Daniel Stenberg (1 Jun 2024)
- urlapi: add CURLU_NO_GUESS_SCHEME
Used for extracting:
- when used asking for a scheme, it will return CURLUE_NO_SCHEME if the
stored information was a guess
- when used asking for a URL, the URL is returned without a scheme, like
when previously given to the URL parser when it was asked to guess
- as soon as the scheme is set explicitly, it is no longer internally
marked as guessed
The idea being:
1. allow a user to figure out if a URL's scheme was set as a result of
guessing
2. extract the URL without a guessed scheme
3. this makes it work similar to how we already deal with port numbers
Extend test 1560 to verify.
Closes #13616
- wolfssl: support CA caching
As a bonus, add SSLSUPP_CA_CACHE to let TLS backends signal its support
for this so that *setopt() return error if there is no support.
Closes #13786
Andy Pan (1 Jun 2024)
- socket: change TCP keepalive from ms to seconds on DragonFly BSD
DragonFly BSD changed the time unit for TCP keep-alive from milliseconds
to seconds since v5.8, thus setting the keepalive options with
milliseconds with curl/libcurl will result in unexpected behaviors on
DragonFlyBSD 5.8+
Distinguish the DragonFly BSD versions and use the proper time units
accordingly.
Ref:
https://lists.dragonflybsd.org/pipermail/commits/2019-July/719125.html
https://github.com/DragonFlyBSD/DragonFlyBSD/blob/965b380e960908836b97aa034
fa2753091e0172e/sys/sys/param.h#L207
Fixes #13847
Closes #13848
Daniel Stenberg (1 Jun 2024)
- curlver.h: aiming for 8.9.0
- noproxy: patterns need to be comma separated
or they will not parse correctly.
Mentioned in DEPRECATED since Janurary 2023 (in 7ad8a7ba9ebdedc).
Closes #13789
Jan Venekamp (1 Jun 2024)
- sectransp: remove large cipher table
Previously a large table of ciphers was used to determine the default
ciphers and to lookup manually selected ciphers names.
With the lookup of the manually selected cipher names moved to
Curl_cipher_suite_walk_str() the large table is no longer needed for
that purpose.
The list of manually selected cipher can now be intersected with the
ciphers supported by Secure Transport (SSLGetSupportedCiphers()),
instead of using the fixed table for that.
The other use of the table was to filter the list of all supported
ciphers offered by Secure Transport to create a list of ciphers to
use by default, excluding ciphers in the table marked as weak.
Instead of using a complement based approach (exclude weak), switch
to using an intersection with a smaller list of ciphers deemed
appropriate.
Closes #13823
Tatsuhiro Tsujikawa (1 Jun 2024)
- GHA: unify http3 workflows into one
This commit unifies the following http3 workflows into http3-linux.yml:
- ngtcp2-linux.yml
- osslq-linux.yml
- quiche-linux.yml
The idea is better use of the build cache. Previously, they
independently create caches with the same key. Some of the caches
include source code and intermediate object files, which makes cache
quite large. In this commit, only built artifacts are cached, which
drastically reduces the cache size. OpenSSL v3, mod_h2 and quiche caches
still include all stuff, but they are left for the later improvement.
Because the contents of the cache have been changed, the cache keys are
also changed to include the word "http3".
Closes #13841
Stephen Farrell (1 Jun 2024)
- openSSL: fix hostname handling when using ECH
Reported-by: vvb2060
Fixes #13818
Closes #13822
renovate[bot] (1 Jun 2024)
- ci: update github/codeql-action digest to f079b84
Closes #13837
Daniel Stenberg (1 Jun 2024)
- RELEASE-NOTES: synced
- curl_multi_poll.md: expand the example with an custom file descriptor
Closes #13842
Christian Heusel (1 Jun 2024)
- DISTROS: add a link to the list archive
Related to https://github.com/curl/curl/discussions/13833
Signed-off-by: Christian Heusel <christian@heusel.eu>
Closes #13843
Matt Jolly (31 May 2024)
- autoconf: remove 'deeper' checks for `AC_CHECK_FUNCS`
The net effect of the deeper checks is to raise implicit function decls
on modern compilers.
These checks appear to have been added ~20 years ago, relating to an
unverifiable claim about HP-UX. Autoconf support for the platform has
grown in leaps and bounds since.
It didn't cause a real problem here, but when investigating a FP this
came up. No evidence has been identified that this was actually broken
in the past, and there is no evidence that this is necessary now.
`-Werror=implicit-function-declarations` is enabled for both checks;
without a working prototype they will both fail regardless. In the
second case there will in fact never be a working prototype and
therefore it will always fail unconditionally.
`AC_CHECK_FUNCS` does effectively the same thing as the removed checks,
except it actually defines a dummy prototype to see if it links.
If `AC_CHECK_FUNCS` is broken on a given platform we have bigger
problems than trying to build cURL. This should also be faster.
Bug: https://bugs.gentoo.org/932827
Reviewed-By: Eli Schwartz <eschwartz93@gmail.com>
Closes #13830
Jay Satiro (30 May 2024)
- cf-socket: improve SO_SNDBUF update for Winsock
- Rename: Curl_sndbufset => Curl_sndbuf_init
- Rename: win_update_buffer_size => win_update_sndbuf_size
- Save the last set SO_SNDBUF size to compare against so that we can
avoid setsockopt calls every second.
This is a follow-up to 0b520e12 which moved the SO_SNDBUF update check
into cf-socket. This change improves it further by making the function
names easier to understand and reducing the amount of setsockopt calls.
Closes https://github.com/curl/curl/pull/13827
Viktor Szakats (30 May 2024)
- tidy-up: use consistent casing for Windows directories
C:\Windows\System32
Closes #13832
- GHA: use ubuntu-latest with OmniOS job
It's the same as ubuntu-22.04.
Also update OmniOS package search link.
Closes #13831
Ayesh Karunaratne (30 May 2024)
- GHA: adjust parallel job counts
Adjusts the `make -j` flag to match the latest GitHub-hosted runner
hardware specs[^1]:
- `ubuntu-latest` on 4 CPU cores
- `macos-latest` on 3 CPU cores
The processor count is ideally obtained from `nproc`, but setting env
vars from the current CI yaml files is not possible because they expect
literal strings.
[^1]: https://docs.github.com/en/actions/using-github-hosted-runners/about-gi
thub-hosted-runners/about-github-hosted-runners#standard-github-hosted-runner
s-for-public-repositories
Closes #12927
pszlazak (30 May 2024)
- get.d: clarify the explanation
Closes #13706
Daniel Stenberg (30 May 2024)
- curl_url_set.md: libcurl only parses :// URLs
Make it clearer in the documentation.
Closes #13821
Stefan Eissing (30 May 2024)
- multi: fix multi_wait() timeout handling
- determine the actual poll timeout *after* all sockets
have been collected. Protocols and connection filters may
install new timeouts during collection.
- add debug logging to test1533 where the mistake was noticed
Reported-by: Matt Jolly
Fixes #13782
Closes #13825
Viktor Szakats (29 May 2024)
- lib: prefer `var = time(NULL)` over `time(&var)`
Following up on previous occurrences showing up as gcc warnings, replace
the remaining `time(&var)` calls with `var = time(NULL)`, though these
aren't specifically causing compiler warnings. These are in the TFTP
client code (`lib/tftp.c`), except one which is in a debug branch in
`lib/http_aws_sigv4.c`.
What's unexplainable is that this patch seems to mitigate TFTP tests
often hanging or going into an infinite loop on GHA windows workflows
with MSYS2, mingw-w64 and MSVC (Cygwin is unaffected):
https://github.com/curl/curl/pull/13599#issuecomment-2119372376
TFTP hangs did not entirely disappear though, so could be unrelated.
`time()` docs:
https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/time-time32
-time64
https://manpages.debian.org/bookworm/manpages-dev/time.2.en.html
Follow-up to 58ca0a2f0743a586716ca357c382b29e3f08db69 #13800
Follow-up to d0728c9109629ee82b855b350a4c3f1f52ee61df #13643
Closes #13815
Stefan Eissing (29 May 2024)
- winsock: move SO_SNDBUF update into cf-socket
- Move the code that updates the SO_SNDBUF size for Windows to
cf_socket_send.
Prior to this change the code was in readwrite_upload but the socket
filter is the more appropriate place because it applies to all sends.
Background:
For Windows users SO_SNDBUF (the total per-socket buffer size reserved
by Winsock for sends) is updated dynamically by libcurl during the
transfer. This is because Windows does not do it automatically for
non-blocking sockets and without it the performance of large transfers
may suffer.
Closes https://github.com/curl/curl/pull/13763
Jan Venekamp (29 May 2024)
- sectransp: use common code for cipher suite lookup
Take advantage of the Curl_cipher_suite_walk_str() and
Curl_cipher_suite_get_str() functions introduced in commit fba9afe.
Closes #13521
Matthias Gatto (29 May 2024)
- aws-sigv4: url encode the canonical path
Refactors canon_query, so it could use the encoding part of the function
to use it in the path.
As the path doesn't encode '/', but encode '=', I had to add some
conditions to know If I was doing the query or path encoding.
Also, instead of adding a `bool in_path` variable, I use `bool
*found_equals` to know if the function was called for the query or path,
as found_equals is used only in query_encoding.
Test 472 verifies.
Reported-by: Alexander Shtuchkin
Fixes #13754
Closes #13814
Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
Daniel Stenberg (29 May 2024)
- cd2nroff: use an empty "##" to signal end of .IP sequence
Like when we list a series of options and then want to add "normal" text
again afterwards.
Without this, the indentation level wrongly continues even after the
final "##" header, making following text wrongly appear to belong to the
header above.
Adjusted several curldown files to use this.
Fixes #13803
Reported-by: Jay Satiro
Closes #13806
vvb2060 (28 May 2024)
- openssl: fix %-specifier in infof() call
Closes #13816
Daniel Stenberg (28 May 2024)
- curl: make warnings and other messages aware of terminal width
This removes unnecessary line wraps when the terminal is wider than 79
columns and it also makes messages look better in narrower terminals.
The get_terminal_columns() function is not split out into its own source
file.
Suggested-by: Elliott Balsley
Fixes #13804
Closes #13808
Viktor Szakats (28 May 2024)
- GHA: enable tests 1139, 1177, 1477 on Windows
These exclusions came from the AppVeyor CI config, but they do pass now
and they are static tests with no flakiness risk.
Follow-up to 0914d8aadddac0d1459673d5b7f77e8f3378b22b #13759
Closes #13817
Dan Fandrich (28 May 2024)
- CI: Improve labeler tag detection
Also, simplify patterns with a single glob.
Viktor Szakats (28 May 2024)
- GHA: disable TFTP tests in Windows jobs
Shot in the dark trying to find out which tests are
hanging / going to an infinite loop.
The ones failing after 45 minutes (mingw-w64) or 30 minutes (MSVC).
Ref: https://github.com/curl/curl/pull/13599#issuecomment-2119372376
renovate[bot] (28 May 2024)
- ci: update vmactions/omnios-vm digest to a61ca1e
Closes #13801
Daniel Stenberg (28 May 2024)
- openssl/gnutls: rectify the TLS version checks for QUIC
The versions check wrongly complained and return error if the *minimum*
version was set to something less than 1.3. QUIC is always TLS 1.3, but
that means minimum 1.2 is still fine to ask for.
This also renames the local variable to make the mistake harder to make
in the future.
Regression shipped in 8.8.0
Follow-up to 3210101088dfa3d6a125
Reported-by: fds242 on github
Fixes #13799
Closes #13802
Stefan Eissing (28 May 2024)
- gnutls: improve TLS shutdown
local ftp upload tests sometimes failed with an invalid TLS record being
reported by gnutls. vsftp did log that the shutdown was not regarded as
clean, failing the control connection thereafter.
These changes make test_31_05 work reliable locally.
- on closing the SSL filter, shutdown READ *and* WRITE
- on closing, try a receive after shutdown is sent
- convert to DEBUGF to CURL_TRC_CF
Closes #13790
Daniel Stenberg (28 May 2024)
- RELEASE-NOTES: synced
- tests: run with "--trace-config all" to provide even more info
in case of problems.
Closes #13791
Viktor Szakats (28 May 2024)
- build: untangle `CURLDEBUG` and `DEBUGBUILD` macros
`CURLDEBUG` is meant to enable memory tracking, but in a bunch of cases,
it was protecting debug features that were supposed to be guarded with
`DEBUGBUILD`.
Replace these uses with `DEBUGBUILD`.
This leaves `CURLDEBUG` uses solely for its intended purpose: to enable
the memory tracking debug feature.
Also:
- autotools: rely on `DEBUGBUILD` to enable `checksrc`.
Instead of `CURLDEBUG`, which worked in most cases because debug
builds enable `CURLDEBUG` by default, but it's not accurate.
- include `lib/easyif.h` instead of keeping a copy of a declaration.
- add CI test jobs for the build issues discovered.
Ref: https://github.com/curl/curl/pull/13694#issuecomment-2120311894
Closes #13718
- examples: delete unused includes
Delete a bunch of unnecessary-looking headers from some examples. This
is known to be tricky on AIX (perhaps also in other less-tested envs).
Let me know if any of this looks incorrect or outright fails on some
systems.
Follow-up to d4b85890555388bec212b75f47a5c1a48705b156 #13771
Closes #13785
- appveyor: fixup job name [ci skip]
Follow-up to fc8e0dee3045658f293452121f5290d81ba3aa1e #13694
- cmake: fix `-Wredundant-decls` in unity/mingw-w64/gcc/curldebug/DLL builds
It affected cmake-unity shared-curltool curldebug mingw-w64 gcc builds
when building the `testdeps` target.
Apply the solution already used in `lib/base64.c` and `lib/dynbuf.c`
to fix it.
Also update an existing GHA CI job to test the issue fixed.
```
In file included from curl/lib/version_win32.c:35,
from curl/_bld/src/CMakeFiles/curl.dir/Unity/unity_0_c.c:145
:
curl/lib/memdebug.h:52:14: error: redundant redeclaration of 'curl_dbg_logfil
e' [-Werror=redundant-decls]
52 | extern FILE *curl_dbg_logfile;
| ^~~~~~~~~~~~~~~~
In file included from curl/src/slist_wc.c:32,
from curl/_bld/src/CMakeFiles/curl.dir/Unity/unity_0_c.c:4:
curl/lib/memdebug.h:52:14: note: previous declaration of 'curl_dbg_logfile' w
ith type 'FILE *' {aka 'struct _iobuf *'}
52 | extern FILE *curl_dbg_logfile;
| ^~~~~~~~~~~~~~~~
curl/lib/memdebug.h:55:44: error: redundant redeclaration of 'curl_dbg_malloc
' [-Werror=redundant-decls]
55 | CURL_EXTERN ALLOC_FUNC ALLOC_SIZE(1) void *curl_dbg_malloc(size_t siz
e,
| ^~~~~~~~~~~~~~~
curl/lib/memdebug.h:55:44: note: previous declaration of 'curl_dbg_malloc' wi
th type 'void *(size_t, int, const char *)' {aka 'void *(long long unsigned
int, int, const char *)'}
55 | CURL_EXTERN ALLOC_FUNC ALLOC_SIZE(1) void *curl_dbg_malloc(size_t siz
e,
| ^~~~~~~~~~~~~~~
[...]
curl/lib/memdebug.h:110:17: error: redundant redeclaration of 'curl_dbg_fclos
e' [-Werror=redundant-decls]
110 | CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *sou
rce);
| ^~~~~~~~~~~~~~~
curl/lib/memdebug.h:110:17: note: previous declaration of 'curl_dbg_fclose' w
ith type 'int(FILE *, int, const char *)' {aka 'int(struct _iobuf *, int, c
onst char *)'}
110 | CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *sou
rce);
| ^~~~~~~~~~~~~~~
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/49840554/job/a4aoet1
7e9qnqx1a#L362
After: https://ci.appveyor.com/project/curlorg/curl/builds/49843735/job/hbo2u
ah2vj0ns523
Ref: #13689 (CI testing this PR with `DEBUGBUILD`/`CURLDEBUG`/shared-static c
ombinations)
Depends-on: #13694
Depends-on: #13800
Closes #13705
- lib: fix gcc warning in certain debug builds
```
curl/lib/http_aws_sigv4.c:536:10: error: 'clock' may be used uninitialized [-
Werror=maybe-uninitialized]
536 | time_t clock;
| ^~~~~
```
Ref: https://github.com/curl/curl/actions/runs/9158755123/job/25177765000#ste
p:13:79
Cherry-picked from #13718
Closes #13800
- cmake: always build unit tests with the `testdeps` target
Before this patch, the `testdeps` build target required `-DCURLDEBUG`
be set either via `ENABLE_DEBUG=ON` or `ENABLE_CURLDEBUG=ON` to build
the curl unit tests.
After fixing build issues in #13694, we can drop this requirement and
build unit tests unconditionally.
Depends-on: #13694
Depends-on: #13697 (fix unit test issue revealed by Old Linux CI job)
Follow-up to 39e7c22bb459c2e818f079984989a26a09741860 #11446
Closes #13698
- CI: disable dependency tracking in most autotools builds
For better build performance. Dependency tracking causes a build
overhead while compiling to help a subsequent build, but in CI there is
never one and the extra work is discarded.
Closes #13794
- build: untangle `UNITTESTS` and `DEBUGBUILD` macros
- fix `DEBUGBUILD` guards that should be `UNITTESTS`, in libcurl code
used by unit tests.
- fix guards for libcurl functions used in unit tests only.
- sync `UNITTEST` attribute between declarations and definitions.
- drop `DEBUGBUILD` guard from test `unit2600`.
- fix guards for libcurl HSTS code used by both a unit test (`unit1660`)
and `test0446`.
- update an existing AppVeyor CI job to test the issues fixed.
This fixes building tests with `CURLDEBUG` enabled but `DEBUGBUILD`
disabled. This can happen when building tests with CMake with
`ENABLE_DEBUG=ON` in Release config, or with `ENABLE_CURLDEBUG=ON`
and _without_ `ENABLE_DEBUG=ON`. Possibly also with autotools
when using `--enable-curldebug` without `--enable-debug`.
Test results:
- before:
https://ci.appveyor.com/project/curlorg/curl/builds/49835609
https://ci.appveyor.com/project/curlorg/curl/builds/49898529/job/k8qpbs8idb
y70smw
https://github.com/curl/curl/actions/runs/9259078835/job/25470318167?pr=137
98#step:13:821
- after: https://ci.appveyor.com/project/curlorg/curl/builds/49839255
(the two failures are unrelated, subject to PR #13705)
Ref: #13592 (issue discovery)
Ref: #13689 (CI testing this PR with `DEBUGBUILD`/`CURLDEBUG` combinations)
Closes #13694
- GHA: ignore flaky MQTT and FTP test results [ci skip]
MQTT / OmniOS:
```
TESTFAIL: These test cases failed: 1190 1198 3017
```
Ref: https://github.com/curl/curl/actions/runs/9258522297/job/25468730731?pr=
13694#step:3:10251
MQTT / OmniOS:
```
TESTFAIL: These test cases failed: 1194 2200 2203 2205
```
Ref: https://github.com/curl/curl/actions/runs/9150523540/job/25155409832#ste
p:3:10233
FTP / OmniOS:
```
TESTFAIL: These test cases failed: 1096
```
Ref: https://github.com/curl/curl/actions/runs/9150702711/job/25155793948#ste
p:3:10247
FTP / OmniOS:
```
TESTFAIL: These test cases failed: 381
```
Ref: https://github.com/curl/curl/actions/runs/9163863822/job/25193897640#ste
p:3:10230
FTP / OmniOS:
```
TESTFAIL: These test cases failed: 340
```
Ref: https://github.com/curl/curl/actions/runs/9233804752/job/25406671742?pr=
13771#step:3:10245
Ref: https://github.com/curl/curl/pull/13583#issuecomment-2119376898
- CI: tidy up skipping tests build/run in Windows jobs
Simplify controlling whether to build and/run tests in a CI job.
Apply the TFLAGS='skipall' (do not build nor run tests) or
'skiprun' (build, but do not run) method already used with old-mingw-w64
and msvc jobs to existing Windows jobs in GHA and AppVeyor.
Also:
- add Cygwin/cmake test build and run steps while here.
- replace `DISABLED_TESTS` with `TFLAGS` in AppVeyor.
Closes #13796
- cmake: use `APPLE` instead of `CMAKE_SYSTEM_NAME` string
Follow-up to a86254b39307af1a53735b065a382567805cd9b8 #12515
Closes #13713
- cmake: whitespace, formatting/tidy-up in comments
Also correct casing in a few option descriptions.
Closes #13711
- cmake: allow `ENABLE_CURLDEBUG=OFF` with `ENABLE_DEBUG=ON`
Before this patch, `ENABLE_CURLDEBUG` (memory tracking) was
unconditionally enabled when `ENABLE_DEBUGBUILD` was set. This made
testing some build configurations complicated. To fix it, this patch
makes `ENABLE_CURLDEBUG` to receive the value of `ENABLE_DEBUG` by
default, while allowing free override by the user.
This allows to use the config:
`ENABLE_DEBUGBUILD=ON ENABLE_CURLDEBUG=OFF`
to enable debug features, without also enabling memory tracking.
This is important because some other build methods allow to set one of
these features but not the other. This patch allows to test any
combination with CMake.
This makes it unnecessary to use the workaround of passing
`-DDEBUGBUILD` via `CMAKE_C_FLAGS`. Which has the disadvantage that our
CMake logic cannot easily detect it, e.g. for disabling symbol hiding on
Windows for `ENABLE_DEBUG`/`DEBUGBUILD` builds.
Cherry-picked from #13718
Closes #13792
- cmake: `ENABLE_DEBUG=ON` to always set `-DDEBUGBUILD`
Before this patch `ENABLE_DEBUG=ON` always enabled the TrackMemory
(aka `ENABLE_CURLDEBUG=ON`) feature, but required the `Debug` CMake
configration to actually enable curl debug features
(aka `-DDEBUGBUILD`).
Curl debug features do not require compiling with C debug options. This
also made enabling debug features unintuitive and complicated to use.
Due to other issues (subject to PR #13694) it also caused an error in
default (and `Release`/`MinSizeRel`/`RelWithDebInfo`) configs, when
building the `testdeps` target:
```
ld: CMakeFiles/unit1395.dir/unit1395.c.o: in function `test':
unit1395.c:(.text+0x1a0): undefined reference to `dedotdotify'
```
Ref: https://github.com/curl/curl/actions/runs/9037287098/job/24835990826#ste
p:3:2483
Fix it by always defining `DEBUGBUILD` when setting `ENABLE_DEBUG=ON`.
Decoupling this option from the selected CMake configuration.
Note that after this patch `ENABLE_DEBUG=ON` unconditionally enables
curl debug features. These features are insecure and unsuited for
production. Make sure to omit this option when building for production
in default, `Release` (and other not-`Debug`) modes.
Also delete a workaround no longer necessary in GHA CI jobs.
Ref: 1a62b6e68c08c7e471ff22dd92932aba7e026817 (2015-03-03)
Ref: #13583
Closes #13592
- GHA: add autotools mingw-64, build-only job
Cherry-picked from #13718
Closes #13793
- GHA: add three MSVC jobs
Continuing the theme, add 3 MSVC jobs with tests, matching
configurations used on AppVeyor. MSVC versions are identical:
19.39.33523.0 + Windows SDK 10.0.22621.0.
Also enable websockets, and build examples. Tests are run in parallel
(`-j14`), with improved performance.
Job performance:
```
AppVeyor GHA
w/examples
-------- ----------
CMake, VS2022, Debug, x64, Schannel, Static, Unicode 38m 4s 11m57s
CMake, VS2022, Debug, x64, no SSL, Static 35m15s 12m 6s
CMake, VS2022, Debug, x64, no SSL, Static, HTTP only 25m25s 10m36s
```
Based on these runs:
https://ci.appveyor.com/project/curlorg/curl/builds/49884748
https://github.com/curl/curl/actions/runs/9229448468
This is the first time examples are built in CI with MSVC: Fix all
warnings and errors that came up via
d4b85890555388bec212b75f47a5c1a48705b156 #13771.
Closes #13766
- GHA: add three old (gcc 6, 7, 9) mingw-w64 jobs
Re-implement old mingw-w64 jobs in GHA. This allows to use the latest
Windows runners, replacing Windows Server 2012 R2 (gcc 6) and Windows
Server 2016 (gcc 7, 9) with Windows Server 2022.
GHA runners are also significantly faster, and allow running tests in
parallel (`-j14`). It also offloads 3 more long-running jobs from
AppVeyor CI.
These jobs download (then cache) the mingw-w64 packages from their
original location, which allows flexibility in choosing which versions
and flavours (win32/POSIX, SEH/DWARF, 64/32-bit) we want to test in CI.
The new jobs use these distros:
- https://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20
Win64/Personal%20Builds/mingw-builds/ (for gcc 7, same as on AppVeyor)
- https://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20
Win32/Personal%20Builds/mingw-builds/ (for gcc 6, same as on AppVeyor)
- https://winlibs.com/ (for gcc 9)
I matched existing AppVeyor job configs, with these differences:
- gcc 6.4.0 instead of 6.3.0.
(same distro as on AppVeyor, but the latest bugfix release)
- gcc 9.5.0 instead of 9.1.0 and a different (but compatible) binary distro.
(in AppVeyor this relies on an old MSYS2 pre-installed on the runner)
- using win32 builds instead of posix for gcc 6.4.0 and 7.3.0.
- websockets enabled.
- always build examples.
- always build tests (this wasn't done for 6.4.0 with AppVeyor CI).
I did not replicate existing test exclusions, and oddly enough the few
failures (so far) were different from MSYS2 jobs and also from their
AppVeyor CI counterparts.
Also:
- delete redundant (default) `-u` option from `cygpath` calls.
- allow matrix options to override default ones in CMake.
- detect and use Windows-supplied curl for `TFLAGS` `-ac` option.
(it's available in modern runners.)
- delete the 3 AppVeyor CI jobs now replicated in GHA.
- appveyor: prefer `SYSTEMROOT` over `WINDIR`.
- tidy-up quotes.
Job performance:
```
AppVeyor GH
A
w/
examples
w/
tests
-------- --
--------
CMake, mingw-w64, gcc 6, Debug, x86, Schannel, Static, no-unity 1m25s 8
m50s
CMake, mingw-w64, gcc 7, Debug, x64, Schannel, Static, Unicode 31m45s 9
m39s
CMake, mingw-w64, gcc 9, Debug, x64, Schannel, Static 28m25s 13
m38s
```
Based on these runs:
https://ci.appveyor.com/project/curlorg/curl/builds/49880799
https://github.com/curl/curl/actions/runs/9218292508
Notice that building examples and tests is time consuming.
We can tweak any build parameter as necessary to make them more useful
and/or without clogging the job queue or introducing flakiness.
Closes #13759
Daniel Stenberg (27 May 2024)
- TODO: remove some old, clarify, add something
Closes #13788
- TODO: Add "Share CA cache" + "CA caching to more TLS backends"
Closes #13787
Viktor Szakats (26 May 2024)
- runtests: sort test IDs in summary lines
Changing this output:
```
TESTFAIL: These test cases failed: 2301 2303 2302 2307
```
Ref: https://github.com/curl/curl/actions/runs/9228638364/job/25393106631#ste
p:6:21181
To:
```
TESTFAIL: These test cases failed: 2301 2302 2303 2307
```
Cherry-picked from #13766
Closes #13774
- examples: fix compiling with MSVC
- `websocket.c`: use `Sleep()` on Windows.
`sleep()` and `unistd.h` are not available in MSVC.
- `http2-upload.c`: use local `gettimeofday()` implementation when
compiled with MSVC.
(Alternate solution is to disable the trace function for MSVC.)
Public domain code copied and adapted from libssh2:
https://github.com/libssh2/libssh2/blob/e973493f992313b3be73f51d3f7ca6d52e2
88558/src/misc.c#L719-L743
- silence compiler warning for deprecated `inet_addr()`.
Also drop duplicate winsock2 include.
```
curl\docs\examples\externalsocket.c(125,32): error C2220: the following war
ning is treated as an error [curl\bld\docs\examples\curl-example-externalsock
et.vcxproj]
curl\docs\examples\externalsocket.c(125,32): warning C4996: 'inet_addr': Us
e inet_pton() or InetPton() instead or define _WINSOCK_DEPRECATED_NO_WARNINGS
to disable deprecated API warnings [curl\bld\docs\examples\curl-example-e
```
Ref: https://github.com/curl/curl/actions/runs/9227337318/job/25389073450#s
tep:4:95
- silence an MSVC compiler warning. This is in conflict with `checksrc`
rules, so silence the rule in favour of the warning-free C syntax.
```
curl\docs\examples\multi-legacy.c(152,1): error C2220: the following warnin
g is treated as an error [curl\bld\docs\examples\curl-example-multi-legacy.vc
xproj]
curl\docs\examples\multi-legacy.c(152,1): warning C4706: assignment within
conditional expression [curl\bld\docs\examples\curl-example-multi-legacy.vcxp
roj]
```
Ref: https://github.com/curl/curl/actions/runs/9227337318/job/25389073450#s
tep:4:226
- do not use `sys/time.h` and `unistd.h` in Windows builds.
Some of these includes look unnecessary. Subject to another PR.
Cherry-picked from #13766
Closes #13771
Jonathan Matthews (26 May 2024)
- docs/cmdline-opts: fix mail-auth example TLD typo
Closes: #13784
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Daniel Stenberg (26 May 2024)
- libssh: remove CURLOPT_SSL_VERIFYHOST check
It was never meant for SSH: it should rely on the knownhosts file (if
set) in the same way libssh2 already does.
Reported-by: James Abbatiello
Fixes #13767
Closes #13781
Stefan Eissing (26 May 2024)
- multi: add multi->proto_hash, a key-value store for protocol data
- add `Curl_hash_add2()` that passes a destructor function for
the element added. Call element destructor instead of hash
destructor if present.
- multi: add `proto_hash` for protocol related information,
remove `struct multi_ssl_backend_data`.
- openssl: use multi->proto_hash to keep x509 shared store
- schannel: use multi->proto_hash to keep x509 shared store
- vtls: remove Curl_free_multi_ssl_backend_data() and its
equivalents in the TLS backends
Closes #13345
Jan Venekamp (25 May 2024)
- tests: add pytest for --ciphers and --tls13-ciphers options
Closes #13530
Orgad Shaneh (25 May 2024)
- tool_operate: avoid explicitly setting verifypeer to 1
Also for the proxy verison. It is the default, just like verifyhost,
since a long time.
Closes #13704
- tests: extend user/password parsing test1620
Closes #13756
Alejandro R. Sedeño (25 May 2024)
- configure: use `$EGREP` in place of `grep -E`
`$EGREP` is set based on an earlier test in configure so that we can
work with systems that have `egrep` and a `grep` that does not support
`-E`.
Closes #13780
renovate[bot] (25 May 2024)
- ci: update dependency awslabs/aws-lc to v1.28.0
Closes #13770
Jan Venekamp (25 May 2024)
- tests: test_17_ssl_use.py clarify mbedtls TLSv1.3 support
Closes #13779
Stefan Eissing (25 May 2024)
- http: write last header line late
- HEADERFUNCTIONS might inspect response properties like
CURLINFO_CONTENT_LENGTH_DOWNLOAD_T on seeing the last header line. If
the line is being written before this is initialized, values are not
available.
- write the last header line late when analyzing a HTTP response so that
all information is available at the time of the writing.
- add test1485 to verify that CURLINFO_CONTENT_LENGTH_DOWNLOAD_T works
on seeing the last header.
Fixes #13752
Reported-by: Harry Sintonen
Closes #13757
Dan Fandrich (24 May 2024)
- tests: use exec when spawning nghttpx
This stops keeping perl and shell processes around that are no longer
needed, plus it eliminates an unneeded shell message when the server is
later terminated.
Closes #13772
Viktor Szakats (24 May 2024)
- GHA: ignore flaky test 3017 (MQTT) on OpenBSD
```
TESTFAIL: These test cases failed: 3017
```
Ref: https://github.com/curl/curl/actions/runs/9223543272/job/25376999226?pr=
13759#step:3:16326
Ref: https://github.com/curl/curl/actions/runs/9230183764/job/25397883193?pr=
13766#step:3:16345
Ref: https://github.com/curl/curl/pull/13583#issuecomment-2119376898
Joseph Chen (24 May 2024)
- build: add more supported attributes to the IAR compiler
Closes #13744
Viktor Szakats (24 May 2024)
- cmake: fix test 1013 with websockets enabled and no TLS
test 1013 is 'Compare curl --version with curl-config --protocols'.
Ref: https://github.com/curl/curl/actions/runs/9228363859/job/25392251955
Closes #13769
- GHA: stop deleting curl in non-native workflows
We do it in Cirrus CI, but for some platforms it's not possible to
delete it and tests work anyway.
The test runner also runs `../src/curl` by default, which is always the
one freshly built. The runner may also need the system curl to talk to
APIs when needed.
Also:
- stop setting `CURL` env. This isn't picked up by the runners,
and works out of the box anyway.
- quote an option just in case.
Follow-up to 90e644f944969bb11c6448bf50c6d441b5c0b1e6 #13583
Closes #13765
Jay Satiro (24 May 2024)
- openssl: stop duplicate ssl key logging for legacy OpenSSL
- Don't call the keylog function if it has already logged the key.
For old OpenSSL versions and its forks that do not have support for
OpenSSL's keylog callback, libcurl has its own legacy key logging
function that logs the TLS 1.2 (and earlier) key (client random + master
key) on a single line.
Prior to this change, since e7de80e8 (precedes 8.8.0), the legacy key
logging function could write the same key line more than once (usually
twice) due to some incorrect logic.
Closes https://github.com/curl/curl/pull/13683
Stefan Eissing (24 May 2024)
- transfer: remove curl_upload_refill_watermark, no longer used
the define applied to upload buffers which we removed
Closes #13764
Daniel Stenberg (24 May 2024)
- RELEASE-NOTES: synced
Viktor Szakats (24 May 2024)
- cmake: fix brotli lib order
Fix root cause that caused missing symbols when linking brotli
statically with e.g. binutils `ld` (and any other "picky" linker,
or "traditional" linker as CMake now calls them).
Also drop existing workaround that added brotli libs twice to the lib
list.
```
x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(decode.c.o
bj):decode.c:(.text$ProcessCommands[ProcessCommands]+0xbb5): undefined refere
nce to `BrotliTransformDictionaryWord'
x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(decode.c.o
bj):decode.c:(.text$SafeProcessCommands[SafeProcessCommands]+0xe8a): undefine
d reference to `BrotliTransformDictionaryWord'
x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(decode.c.o
bj):decode.c:(.rdata$.refptr._kBrotliContextLookupTable[.refptr._kBrotliConte
xtLookupTable]+0x0): undefined reference to `_kBrotliContextLookupTable'
x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(decode.c.o
bj):decode.c:(.rdata$.refptr._kBrotliPrefixCodeRanges[.refptr._kBrotliPrefixC
odeRanges]+0x0): undefined reference to `_kBrotliPrefixCodeRanges'
x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(state.c.ob
j):state.c:(.text$BrotliDecoderStateInit[BrotliDecoderStateInit]+0x21): undef
ined reference to `BrotliDefaultAllocFunc'
x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(state.c.ob
j):state.c:(.text$BrotliDecoderStateInit[BrotliDecoderStateInit]+0x2f): undef
ined reference to `BrotliDefaultFreeFunc'
x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(state.c.ob
j):state.c:(.text$BrotliDecoderStateInit[BrotliDecoderStateInit]+0x10e): unde
fined reference to `BrotliSharedDictionaryCreateInstance'
x86_64-w64-mingw32-ld: .../curl/brotli/_bld/usr/lib/libbrotlidec.a(state.c.ob
j):state.c:(.text$BrotliDecoderStateCleanup[BrotliDecoderStateCleanup]+0xf4):
undefined reference to `BrotliSharedDictionaryDestroyInstance'
collect2: error: ld returned 1 exit status
```
Breakage reproducible with curl-for-win config "`win-gcc`" and deleting
the `LDFLAGS+=' -Wl,--start-group'` line from its `curl.sh` script.
(Above line still required for some non-brotli cases, e.g. libssh2 and
zlib.)
Assisted-by: Kai Pastor
Ref: https://github.com/curl/curl/pull/10857#discussion_r1611714989
Follow-up to 1e3319a167d2f32d295603167486e9e88af9bb4e #10857
Closes #13761
Pavel Pavlov (24 May 2024)
- cmake: fix building in unity mode
- Fix sha256 and sha512 duplicate macro names (eg function-like macro Ch
is now Sha256_Ch and Sha512_Ch).
- Avoid defining short defines like R, S. (eg S is now Sha256_S).
Closes https://github.com/curl/curl/pull/13751
Jay Satiro (24 May 2024)
- winbuild: remove outdated WIN32 defines
- Remove all instances in the makefile of compiler option /DWIN32.
This is a follow-up to e9a7d4a1 which replaced all defined(WIN32) checks
with defined(_WIN32) in the codebase, since only the latter is
automatically defined by all compilers for Windows builds.
Bug: https://github.com/curl/curl/pull/13739#issuecomment-2123937859
Reported-by: Viktor Szakats
Closes https://github.com/curl/curl/pull/13742
renovate[bot] (24 May 2024)
- ci: update github/codeql-action digest to 9fdb3e4
Closes #13726
Pavel Pavlov (23 May 2024)
- asyn-thread: avoid using GetAddrInfoExW with impersonation
Multiple reports suggest that GetAddrInfoExW fails when impersonation is
used. This PR checks if thread is impersonating and avoids using
GetAddrInfoExW api.
Reported-by: Keerthi Timmaraju
Assisted-by: edmcln on github
Fixes #13612
Closes #13738
Stefan Eissing (23 May 2024)
- transfer: conn close on paused upload
- add 2 variations on test_07_42 which PAUSEs uploads
and response connections terminating either right away
or after the 100-continue response
- when detecting the connection being closed in transfer.c
readwrite_data(), clear ALL send bits in data->req.keepon.
It no longer makes send to wait for a KEEP_SEND_PAUSE or HOLD.
- in the protocol client writer add the check for incomplete
response bodies. When an EOS is seen and the length is known,
check that and fail if bytes are missing.
Reported-by: Sergey Bronnikov
Fixes #13740
Closes #13750
- CI GHA: add vsftpd to ngtcp2-linux runs
- not using HTTP/3, but gnutls does not seem to run
somewhere else right now
Closes #13760
Orgad Shaneh (23 May 2024)
- GHA: increase timeout for Cygwin autotools build tests step
Apparently 10 minutes are not (always) enough:
https://github.com/curl/curl/actions/runs/9197003907/job/25296439556#step:8:1
936
Closes #13753
Stefan Eissing (22 May 2024)
- mbedtls: send close-notify on close
- send the TLS close notify message when cloding down
the mbedtls connection filter
- this is a "least" effort version and, as other TLS filters,
is lacking a graceful send/receive/timeout for a really
clean shutdown.
Closes #13745
- mbedtls: check version for cipher id
mbedtls_ssl_get_ciphersuite_id_from_ssl() seems to have been added in
mbedtls 3.2.0. Check for that version.
Closes #13749
Viktor Szakats (22 May 2024)
- cmake: fix building with both md4 and md5 in unity mode
Macro and static function names were colliding between
`lib/md4.c` and
`lib/md5.c`.
Fix it by namespacing these symbols.
Seen with a basic macOS build using these options:
`-DCMAKE_UNITY_BUILD=ON -DCURL_USE_SECTRANSP=ON`
Closes #13737
Daniel Stenberg (22 May 2024)
- docs/Makefile.am: make curl-config.1 install
on "make install" like it should
Follow-up to 60971d665b9b1df87082
Closes #13741
dependabot[bot] (22 May 2024)
- GHA: bump actions/checkout from 4.1.4 to 4.1.6
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.4 to 4
.1.6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/0ad4b8fadaa221de15dce
c353f45205ec38ea70b...a5ac7e51b41094c92402da3b24376905380afc29)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Closes #13720
Stefan Eissing (22 May 2024)
- pytest: add ftp upload tests
- refs #13556
- allow anon uploads on vsftpd test server
- add test_30_05 for plain upload of 1k, 100k, 1m
- add test_31_05 for SSL upload of 1k, 100k, 1m
- verify file size and contents
Closes #13734
- test: add test1546, chunked not last transfer encoding
with more than one transfer-encoding, 'chunked' must be the last added
to the writer stack (and therefore the first to decode). RFC 9112, ch.
6.1.
Closes #13736
- test: add test1484, for HEAD with content
- test HEAD request with 'Transfer-Encoding:chunked' and
non-encoded response content
- verifies #13725
Closes #13735
Daniel Stenberg (22 May 2024)
- RELEASE-NOTES: synced
bump to 8.8.1 for now
Viktor Szakats (22 May 2024)
- (lib)curl.rc: set debug flag also for `CURLDEBUG` and `UNITTESTS`
These macros also enable debug features in both libcurl and curl.
Enable `VS_FF_DEBUG` version resource flag when they are set.
Closes #13730
Jay Satiro (22 May 2024)
- winbuild: fix PE version info debug flag
- Only set PE file flag VS_FF_DEBUG if curl.exe and libcurl.dll were
built with winbuild option DEBUG=yes which builds with debug info.
VS_FF_DEBUG is a PE flag (Portable Executable file flag - dll, exe, etc)
that indicates the file contains or was built with debug info.
Prior to this change when winbuild was used to build curl, curl.exe
and libcurl.dll always had VS_FF_DEBUG set, regardless of build option
DEBUG=yes/no, due to some bad logic.
Closes https://github.com/curl/curl/pull/13739
Version 8.8.0 (22 May 2024)
Daniel Stenberg (22 May 2024)
- RELEASE-NOTES: synced
- THANKS: add contributors from 8.8.0
Nathan Moinvaziri (21 May 2024)
- url: remove duplicate call to Curl_conncache_remove_conn when pruning
- remove unnecessary prunedead struct from prune_dead_connections
- rename extract_if_dead to prune_if_dead for clarity
Closes #13710
Joseph Chen (21 May 2024)
- curl_setup.h: add support for IAR compiler
Closes #13728
Stephen Farrell (21 May 2024)
- docs/ECH: typo/clarification
Closes #13727
Viktor Szakats (21 May 2024)
- hash: delete unused debug function
It had no use in the curl codebase and was also protected by the macro
`AGGRESSIVE_TEST` (renamed in 2020), also with no local reference.
Added in ca6e77083768858aa34207f8c5dce38b3c05336d (2002-11-11)
Closes #13729
Stefan Eissing (21 May 2024)
- content_encoding: reject transfer-encoding after chunked
reject a response that applies a transfer-encoding after a 'chunked'
encoding. RFC 9112 ch. 6.1 required chunked to be the final encoding.
Closes #13733
- http: HEAD response body tolerance
- as reported in #13725, some servers wrongly send body bytes in
responses to a HEAD request. This used to be tolerated in curl
8.4 and before and leads to failed transfers in newer versions.
- restore previous behaviour for HTTP/1.1 and HTTP/2:
* 1.1: do not add 'Transfer-Encoding' writers from HEAD
responses. RFC 9112 says they do not apply.
* 2: when the transfer expects 'no_body', to not report stream
resets as error when all response headers have been received.
Reported-by: Jeroen Ooms
Fixes #13725
Closes #13732
Viktor Szakats (20 May 2024)
- tests: fix TFTP test 2305 on Windows
Ref: #13692
Closes #13724
Jay Satiro (20 May 2024)
- openssl: revert keylog_callback support for LibreSSL
- Revert to the legacy TLS 1.2 key logging code for LibreSSL.
- Document SSLKEYLOGFILE for LibreSSL is TLS 1.2 max.
Prior to this change if the user specified a filename in the
SSLKEYLOGFILE environment variable and was using LibreSSL 3.5.0+ then
an empty file would be created and no keys would be logged.
This is effectively a revert of e43474b4 which changed openssl.c to use
SSL_CTX_set_keylog_callback for LibreSSL 3.5.0+. Unfortunately LibreSSL
added that function only as a stub that doesn't actually do anything.
Reported-by: Gonçalo Carvalho
Fixes https://github.com/curl/curl/issues/13672
Closes https://github.com/curl/curl/pull/13682
renovate[bot] (19 May 2024)
- GHA: pin dependencies
Closes #13712
Viktor Szakats (19 May 2024)
- appveyor: drop unnecessary `--clean-first` cmake option
In CI all machines are fresh on startup, making the `clean` operation
unnecessary. This can save some time/energy for each job run.
Closes #13707
- cmake: merge two `if(BUILD_TESTING)` branches
Closes #13708
Tatsuhiro Tsujikawa (19 May 2024)
- GHA: bump nghttp2 to v1.62.1
Use gcc-12 explicitly to compile C++20 source files.
Closes #13702
Viktor Szakats (19 May 2024)
- GHA: add NetBSD, OpenBSD, FreeBSD/arm64 and OmniOS jobs
Add these jobs to GHA:
- NetBSD, cmake-unity, clang, OpenSSL, x86_64, with tests, w/o python,
no parallelism (was flaky sometimes)
- OpenBSD, cmake-unity, clang, LibreSSL, x86_64, with tests,
with python, -j8, TFTP results ignored due to #13623.
- FreeBSD, cmake-unity and autotools, clang, OpenSSL, arm64
(Tests disabled for arm64, because they are slow. It's available for
x86_64 with python, -j12.)
Configuration matches our existing Cirrus CI one.
- OmniOS, autotools, gcc, OpenSSL, x86_64, with tests, -j12.
All build with websockets and examples.
Closes #13583
- GHA: disable TFTP test on native Windows
Some TFTP tests seem to enter into a loop and maybe hang?
E.g. 1007, 1009, 1238
Try fixing it by skipping all TFTP tests.
Ref: https://github.com/curl/curl/actions/runs/9141987545/job/25137038249?pr=
13698
Also drop mingw-w64 test exclusions copy-pasted from MSYS jobs.
Possibly related: cffbcc3110c1eda2e333f9cfe2e269154618793a #5364
Close #13699
renovate[bot] (18 May 2024)
- GHA: pin dependencies
Closes #13691
Viktor Szakats (18 May 2024)
- cmake: do not pass linker flags to the static library tool
Do not add linker flags to the global CMake static library tool (aka
"static linker") (e.g. `ar`) flags list. They don't mix well. This was
only done after successfully detecting GSSAPI.
Linker flags seen on Old Linux CI:
```
-- |GSS_LINKER_FLAGS|-Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/lib/x86_64-li
nux-gnu/heimdal|
-- |CMAKE_STATIC_LINKER_FLAGS| -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/lib
/x86_64-linux-gnu/heimdal|
```
Ref: https://github.com/curl/curl/actions/runs/9138988036/job/25130791712#ste
p:6:85
Causing:
```
/usr/bin/ar qc libcurltool.a -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/lib/
x86_64-linux-gnu/heimdal
CMakeFiles/curltool.dir/slist_wc.c.o CMakeFiles/curltool.dir/tool_binmode.c
.o CMakeFiles/curltool.dir/tool_bname.c.o
[...]
CMakeFiles/curltool.dir/tool_writeout_json.c.o CMakeFiles/curltool.dir/tool
_xattr.c.o CMakeFiles/curltool.dir/var.c.o
CMakeFiles/curltool.dir/__/lib/base64.c.o CMakeFiles/curltool.dir/__/lib/dy
nbuf.c.o
/usr/bin/ar: invalid option -- 'W'
Usage: /usr/bin/ar [emulation options] [-]{dmpqrstx}[abcDfilMNoPsSTuvV] [--pl
ugin <name>] [member-name] [count] archive-file file...
/usr/bin/ar -M [<mri-script]
```
Ref: https://github.com/curl/curl/actions/runs/9138988036/job/25130791712#ste
p:9:125
This problem is invisible at the moment because of another bug (#13698)
that misses building unit tests when not using either the
`ENABLE_DEBUG=ON` or `ENABLE_CURLDEBUG=ON` options (to set
`-DCURLDEBUG`):
```
test 1300 SKIPPED: curl lacks unittest support
```
Ref: https://github.com/curl/curl/actions/runs/9135571781/job/25123104557#ste
p:9:2883
With that fixed, this becomes the next issue.
It's possible this bug also required an older CMake version and/or
a specific OS environment which uses linker flags in GSSAPI that are not
playing well with `ar` options, to reproduce.
Follow-up to 558814e16d84aa202c5ccc0c8108a9d728e77a58 (2014-09-25)
Ref: #13698
Closes #13697
- GHA: ignore flaky test2302 results on Windows
WebSockets:
```
TESTFAIL: These test cases failed: 2302
```
Ref: https://github.com/curl/curl/actions/runs/9139155361/job/25131144383?pr=
13689#step:14:9892
Follow-up to 36fd2dd6ee874726c628e67fcf6415a2e52bfe29 #13599
Ref: #13692
Closes #13696
- GHA: add MSYS, mingw-w64, Cygwin jobs
- re-implement autotools MSYS and Cygwin AppVeyor jobs in GHA.
Now build with SSL and PSL to improve test coverage.
- re-implement MSYS2 mingw-w64 gcc 13 AppVeyor job in GHA.
`CMake, mingw-w64, gcc 13, Debug, x64, Schannel, Static, Unicode`
- add new cmake Cygwin job (build-only).
- enable `-j14` parallelism when running tests.
- delete the 5 migrated jobs from AppVeyor CI.
- add 2 build-only mingw-w64 builds, gcc Release and clang OpenSSL.
- also enable brotli, libssh2, nghttp2 for more test coverage.
These jobs offer better performance, more flexibility and
parallelization compared to the AppVeyor ones they replace. It also
offloads AppVeyor, allowing to iterate faster. They also appear more
reliable than e.g. Azure Windows jobs, where runners are prone to fail
[1].
Closes #13599
[1]:
`Exit code 143 returned from process: file name 'C:\Windows\system32\docker.E
XE',
arguments 'exec -i 6b13a669c6dfe7fb9f59414369872fd64d61c7182f880c3d39c135cb
4c115c8f
C:\__a\externals\node\bin\node.exe C:\__w\_temp\containerHandlerInvoker.js'.`
Stefan Eissing (17 May 2024)
- pytest: fixes for recent python, add FTP tests
Fixes:
- in uds tests, abort also silently on os errors
- be conservative on the h3 goaway duration
- detect curl debug build and use in checks
- fix caddy version check for slight difference under linux
- set caddy default path fitting for linux
- fix deprecation warnings in valid time checks
FTP tests:
- add '--with-test-vsftpd=path' to configure
- use vsftpd default path suitable for linux
- add test_30 with plain FTP tests
- add test_31 with --ssl-reqd FTP tests
- add vsftpd to linux GHA for pytest workflows
Closes #13661
- rustls: fix handshake done handling
- rustls report it has finished the TLS handshake *before*
all relevant data has been sent off, e.g. it FINISHED message
- On connections the send data immediately, this was never noticed
as the FINISHED in rustls buffers was send with the app data
- On passive FTP connections, curl does not send any data after
the handshake, leaving FINISHED unsent and the server never
responded as it was waiting on this.
Closes #13686
Daniel Stenberg (17 May 2024)
- x509asn1: return error on missing OID
to avoid crash when dereferencing a NULL pointer.
Reported-by: Trzik on github
Patch-by: Trzik on github
Fixes #13684
Closes #13685
- CURLOPT_WRITEFUNCTION.md: fix the callback proto in the example
Reported-by: Michael Litwak
Fixes #13681
Closes #13687
Viktor Szakats (17 May 2024)
- src: tidy up types, add necessary casts
Cherry-picked from #13489
Closes #13614
- lib: fix compiler warnings (gcc)
Seen when setting `ENABLE_DEBUG=ON` and `-DDEBUGBUILD` for mingw-w64
gcc 13.2.0 CMake unity builds in 'Release' configurations.
```
curl/lib/curl_gethostname.c:71:5: error: 'strncpy' specified bound 1025 equal
s destination size [-Werror=stringop-truncation]
71 | strncpy(name, force_hostname, namelen);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from curl/_bld/lib/CMakeFiles/libcurl_object.dir/Unity/unity
_0_c.c:175:
In function 'hostcache_timestamp_remove',
inlined from 'Curl_hash_clean_with_criterium' at curl/lib/hash.c:265:19,
inlined from 'Curl_hash_clean_with_criterium' at curl/lib/hash.c:247:1,
inlined from 'hostcache_prune' at curl/lib/hostip.c:228:3,
inlined from 'Curl_hostcache_prune' at curl/lib/hostip.c:256:21:
curl/lib/hostip.c:205:12: error: 'now' may be used uninitialized [-Werror=may
be-uninitialized]
205 | time_t age = prune->now - c->timestamp;
| ^~~
curl/lib/hostip.c: In function 'Curl_hostcache_prune':
curl/lib/hostip.c:241:10: note: 'now' was declared here
241 | time_t now;
| ^~~
In function 'hostcache_timestamp_remove',
inlined from 'fetch_addr' at curl/lib/hostip.c:310:8:
curl/lib/hostip.c:205:23: error: 'user.now' may be used uninitialized [-Werro
r=maybe-uninitialized]
205 | time_t age = prune->now - c->timestamp;
| ~~~~~^~~~~
curl/lib/hostip.c: In function 'fetch_addr':
curl/lib/hostip.c:304:33: note: 'user' declared here
304 | struct hostcache_prune_data user;
| ^~~~
In file included from curl/_bld/lib/CMakeFiles/libcurl_object.dir/Unity/unity
_0_c.c:40:
curl/lib/cf-socket.c: In function 'cf_socket_send':
curl/lib/cf-socket.c:1294:10: error: 'c' may be used uninitialized [-Werror=m
aybe-uninitialized]
1294 | if(c >= ((100-ctx->wblock_percent)*256/100)) {
| ~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
curl/lib/cf-socket.c:1292:19: note: 'c' was declared here
1292 | unsigned char c;
| ^
In file included from curl/_bld/lib/CMakeFiles/libcurl_object.dir/Unity/unity
_0_c.c:364:
In function 'tftp_state_timeout',
inlined from 'tftp_multi_statemach' at curl/lib/tftp.c:1230:27:
curl/lib/tftp.c:1208:5: error: 'current' may be used uninitialized [-Werror=m
aybe-uninitialized]
1208 | if(current > state->rx_time + state->retry_time) {
| ^
curl/lib/tftp.c: In function 'tftp_multi_statemach':
curl/lib/tftp.c:1192:10: note: 'current' was declared here
1192 | time_t current;
| ^~~~~~~
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/49792835/job/91c8dj5
qb36spfe0#L112
Ref: https://github.com/curl/curl/actions/runs/9082968838/job/24960616145#ste
p:12:62
Ref: #13592
Closes #13643
Andrew (16 May 2024)
- wakeup_create: use FD_CLOEXEC/SOCK_CLOEXEC
for `pipe()`/`socketpair()`
Fixes #13618
Closes #13625
Stefan Eissing (16 May 2024)
- rustls: fix partial send handling
When TLS bytes could not completely sent off, the amount of plain bytes
already added to rustls were forgotten. This lead to send those byte
duplicate, corrupting the request send to the server.
Closes #13676
- pytest: add DELETE tests, check server version
- add tests for DELETE working
- check apache version in keepalive test
- fix some comments
Closes #13679
Juliusz Sosinowicz (16 May 2024)
- vquic-tls: use correct cert name check API for wolfSSL
wolfSSL_X509_check_host checks the peer name against the alt names and
the common name.
Fixes #13487
Closes #13680
Viktor Szakats (16 May 2024)
- cmake: initialize `BUILD_TESTING` before first use
Before this patch `BUILD_TESTING` was used once, then initialized, then
used again. This caused the `curlu` library not being built when relying
on an implicit `BUILD_TESTING=ON` setting, and ending up with a link
error when building the `testdeps` target.
It did not cause issues when `BUILD_TESTING` was explicitly set.
Move the initialization before the first use to fix it.
Regression from aace27b0965c10394544d1dacc9c2cb2fe0de3d3 #12287
Closes #13668
Daniel Stenberg (16 May 2024)
- libtest: 2308 verifies CURLE_WRITE_ERROR after write callback error
Verifies that the issue in #13669 actually is fixed. This return code is
what the CURLOPT_WRITEFUNCTION manpage documents should be returned.
This code is mostly from the
Source-written-by: Trumeet on github
Closes #13671
Antoine Bollengier (16 May 2024)
- socketpair: fix compilation when USE_UNIX_SOCKETS is not defined
Closes #13666
Stefan Eissing (16 May 2024)
- rustsls: fix error code on receive
- use CURLE_RECV_ERROR instead of CURLE_READ_ERROR when receiving
data fails.
Closes #13670
Max Dymond (16 May 2024)
- ci: disable Renovate dashboard
The Renovate dashboard insists on an open issue,
which is a problem. Disable the dashboard. Status
can still be seen at https://developer.mend.io/github/curl/curl.
Fixes #13630
Closes #13673
Daniel Stenberg (16 May 2024)
- RELEASE-NOTES: synced
renovate[bot] (16 May 2024)
- GHA: update awslabs/aws-lc to v1.27.0
Closes #13667
Daniel Stenberg (15 May 2024)
- curl_easy_pause.md: use correct defines in example
Spotted-by: Harry Sintonen
Closes #13664
Viktor Szakats (15 May 2024)
- appveyor: more tidy-ups
- use `--disable` when calling `curl --version`. Just in case.
- use single-quotes for a constant.
Closes #13662
- reuse: migrate standalone license file to dep5
Follow-up to 73a36021207284ad2b4340ffde34a51b0ba4d47a
Closes #13660
- appveyor: guard against crash-build with VS2008
The combination of `-DDEBUGBUILD`, a shared `curl.exe`, and the VS2008
compiler creates a `curl.exe` segfaulting on startup:
```
+ _bld/src/curl.exe --version
./appveyor.sh: line 122: 793 Segmentation fault "${curl}" --version
Command exited with code 139
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/49817266/job/651iy6q
n1e238pqj#L191
Add job that triggers the issue and add the necessary logic to skip
running the affected `curl.exe`.
Ref: #13592
Closes #13654
renovate[bot] (15 May 2024)
- GHA: pin dependencies
Closes #13628
Orgad Shaneh (15 May 2024)
- socket: remove redundant call to getsockname
The result "add" is unused.
Closes #13655
renovate[bot] (15 May 2024)
- CI: renovate updates
- GHA: update actions/checkout action to v4
- GHA: update wolfSSL/wolfssh to v1.4.17
- GHA: update wolfSSL/wolfssl to v5.7.0
- Update the regex config in renovate.json
Closes #13632
Closes #13641
Closes #13658
Closes #13659
Max Dymond (15 May 2024)
- ci: fix renovate config for WolfSSL/WolfSSH tagging scheme
WolfSSL/WolfSSH use a different versioning scheme;
stable builds end with `-stable`. Renovate requires
some extra configuration to extract the version
from these types of tags.
Closes #13644
- ci: set semantic type as CI and include digests as CI operations
Replace "chore" with "ci" for renovate's semantic
type, and include digests with "pin" and
"pinDigest" as ci operations.
Closes #13644
Daniel Stenberg (15 May 2024)
- DEPRECATE.md: TLS libraries without 1.3 support
curl drops support for TLS libraries without TLS 1.3 capability after
May 2025.
It requires that a curl build using the library should be able to
negotiate and use TLS 1.3, or else it is not good enough. We support a
vast amount of other TLS libraries that are likely to satisfy users
better.
Closes #13544
- Revert "ci: update nghttp2/nghttp2 to v1.62.0"
This reverts commit 14f2c767555b7598d7783ccd9093670b84d28488.
We need to also upgrade the C++ compiler for that bump to work.
Closes #13656
renovate[bot] (15 May 2024)
- Dockerfile: update debian digest to 911821c
Closes #13629
- ci: update gnutls/gnutls to v3.8.5
Closes #13640
- ci: update awslabs/aws-lc to v1.26.0
Closes #13647
- ci: update cloudflare/quiche to v0.21.0
Closes #13648
- ci: update libressl-portable/portable to v3.9.2
Closes #13649
- ci: update nghttp2/nghttp2 to v1.62.0
Closes #13650
- ci: update ngtcp2/nghttp3 to v1.3.0
Closes #13651
- ci: update ngtcp2/ngtcp2 to v1.5.0
Closes #13652
Max Dymond (14 May 2024)
- ci: handle git submodules for mbedTLS
- ci: reconfigure renovate
- set prefix for github actions updates to be gha:
- set prefix for other renovate actions to be ci:
- disable debian updates in linux-old.yml
Viktor Szakats (14 May 2024)
- tidy-up: whitespace [ci skip]
- warnless: delete orphan declarations
Follow-up to 358f7e757781857c4b498a68634726609fa3884a #11932
Closes #13639
Daniel Stenberg (14 May 2024)
- BUG-BOUNTY.md: clarify the third party situation
We do not pay bounties for problems in other libraries.
Closes #13560
Stefan Eissing (14 May 2024)
- http tests: in CI skip test_02_23* for quiche
For unknown reasons, these tests fail in CI often, but run fine locally.
Skip them in CI to avoid unrelated PRs to have failures.
Closes #13638
Daniel Gustafsson (14 May 2024)
- hsts: explicitly skip blank lines
Keep blank lines or lines containing only whitespace to make it all
the way to the more expensive sscanf call in hsts_add.
Closes: #13603
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- autotools: Only probe for SGI MIPS compilers on IRIX
MIPSPro and the predecessor compiler which was part of the IDO (IRIS
Development Option) were only ever shipped on the SGI IRIX operating
system (with MIPSPro on 6.0+ which was released in 1994). Limit the
autoconf check to IRIX when probing for these compilers to save some
cycles on other platforms.
Closes: #13611
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Viktor Szakats (14 May 2024)
- tests: fix test 1167 to skip digit-only symbols
This avoids mistaking symbols with their numeric value when using
certain C preprocessors which output these numeric values at the
beginning of the line as part of an expression.
Seen on OpenBSD 7.5 + clang.
Example `test1167.pl -v` output, before this patch:
```
Source: cpp /home/runner/work/curl/curl/tests/../include/curl/curl.h
Symbol: 20000
Line #3835: 20000 + 142,
[...]
Bad symbols in public header files:
20000
[...]
```
Ref: https://github.com/curl/curl/actions/runs/9069136530/job/24918015357#ste
p:3:7513
Ref: #13583
Closes #13634
Daniel Stenberg (14 May 2024)
- lib: call Curl_strntolower instead of doing crafted loops
Closes #13627
- setopt: acknowledge errors proper for CURLOPT_COOKIEJAR
Error out on error, do not continue.
Closes #13624
- vtls: remove duplicate assign
Curl_ssl_peer_cleanup() already clears the ->sni field, no point in
assigning it again.
Spotted by CodeSonar
Closes #13626
Max Dymond (13 May 2024)
- Group all non-major updates together to reduce PR spam
- Add the remainder of the workflows
- Add some basic versioning for some workflows to check whether this is detecte
d properly
renovate[bot] (13 May 2024)
- Add renovate.json
Daniel Stenberg (13 May 2024)
- vauth: make two functions void that always just returned OK
Removes the need to check return values when they can never fail.
Pointed out by CodeSonar
Closes #13621
- setopt: remove check for 'option' that is always true
- make sure that passing in option set to NULL clears the fields
correctly
- remove the weird second take if Curl_parse_login_details() returns
error
Follow-up to 7333faf00bf25db7cd1e0012d6b140
Spotted by CodeSonar
Closes #13619
Viktor Szakats (13 May 2024)
- tests: tidy up types in server code
Cherry-picked from #13489
Closes #13610
Daniel Stenberg (13 May 2024)
- setopt: make the setstropt_userpwd args compulsory
They were always used so no point in allowing them to be optional.
follow-up to 0e37b42dc956bd8a
Closes #13608
Reviewed-by: Daniel Gustafsson
- RELEASE-NOTES: synced
Daniel Gustafsson (13 May 2024)
- websocket: Avoid memory leak in error path
In the errorpath for randstr being too long to copy into the buffer
we leak the randstr when returning CURLE_FAILED_INIT. Fix by using
an explicit free on randstr in the errorpath.
Closes: #13602
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- hsts: Remove single-use single-line function
The hsts_entry() function contains of a single line and is only
used in a single place in the code, so move the allocation into
hsts_create instead to improve code readability. C code usually
don't use the factory abstraction for object creation, and this
small example wasn't following our usual code style.
Closes: #13604
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Viktor Szakats (12 May 2024)
- lib: bump hash sizes to `size_t`
Follow-up to cc907e80a2498c0599253271a6f657f614b52a4e #13502
Cherry-picked from #13489
Closes #13601
- tests: make the unit test result type `CURLcode`
Before this patch, the result code was a mixture of `int` and
`CURLcode`.
Also adjust casts and fix a couple of minor issues found along the way.
Cherry-picked from #13489
Closes #13600
- appveyor: tidy-ups
- delete a duplicate line.
- simplify a `make` call.
- merge two `if` branches.
- reorder autotools options for clarity.
- add `--enable-warnings` where missing (it's also the default.)
- add empty lines to YAML for readability.
- use lowercase install prefix/directory.
Closes #13598
Daniel Stenberg (12 May 2024)
- docs/cmdline-opts: mention STARTTLS for --ssl and --ssl-reqd
... since users might look for those terms in the manpage.
Closes #13590
- setopt: warn on Curl_set*opt() uses not using the return value
And switch the invokes that would "set" NULL to instead just plainly
free the pointer, as those were otherwise the invokes that would ignore
the return code. And possibly confuse static code analyzers.
Closes #13591
Orgad Shaneh (12 May 2024)
- autotools: delete unused functions
Closes #13605
Viktor Szakats (11 May 2024)
- examples: fix/silence `-Wsign-conversion`
- extend `FD_SET()` hack to all platforms (was only Cygwin).
Warnings may also happen in other envs, e.g. OmniOS.
Ref: https://github.com/libssh2/libssh2/actions/runs/8854199687/job/2431676
2831#step:3:2021
- tidy-up `CURLcode` vs `int` use.
- cast an unsigned to `long` before passing to `curl_easy_setopt()`.
Cherry-picked from #13489
Follow-up to 3829759bd042c03225ae862062560f568ba1a231 #12489
Closes #13501
Orgad Shaneh (11 May 2024)
- cmake: fix `HAVE_IOCTLSOCKET_FIONBIO` test with gcc 14
The function signature has had u_long flags since ever. This is how it
is defined in the documentation, and implemented in MinGW.
The code that uses ioctlsocket in nonblock.c also has unsigned long.
Error:
CurlTests.c:275:41: error: passing argument 3 of 'ioctlsocket' from incompati
ble pointer type [-Wincompatible-pointer-types]
275 | if(0 != ioctlsocket(0, FIONBIO, &flags))
| ^~~~~~
| |
| int *
In file included from CurlTests.c:266:
/opt/mxe/usr/i686-w64-mingw32.static/include/winsock2.h:1007:76: note: expect
ed 'u_long *' {aka 'long unsigned int *'} but argument is of type 'int *'
1007 | WINSOCK_API_LINKAGE int WSAAPI ioctlsocket(SOCKET s,__LONG32 cmd,u_
long *argp);
| ~~
~~~~~~^~~~
Closes #13578
Jay Satiro (10 May 2024)
- ftp: fix build for CURL_DISABLE_VERBOSE_STRINGS
This is a follow-up to b7c7dffe which changed the FTP state change
verbose debug text (aka infof) to tracing debug text (aka trc).
Prior to this change if libcurl was without DEBUGBUILD and built with
CURL_DISABLE_VERBOSE_STRINGS (ie --disable-verbose) the build would
error.
Caught by Circle CI job openssl-no-verbose.
- lib: clear the easy handle's saved errno before transfer
- Clear data->state.os_errno before transfer.
- Explain the change in behavior in the CURLINFO_OS_ERRNO doc.
- Add to the CURLINFO_OS_ERRNO doc the list of libcurl network-related
errors that may cause the errno to be saved.
data->state.os_errno is saved before libcurl returns a network-related
failure such as connection failure. It is accessible to the user via
CURLINFO_OS_ERRNO so they can get more information about the failure.
Prior to this change it wasn't cleared before transfer, so if a user
retrieved the saved errno it could be from a previous transfer. That is
because an errno is not always saved for network-related errors.
Closes https://github.com/curl/curl/pull/13574
Stefan Eissing (10 May 2024)
- ftp: add tracing support
- add `Curl_trc_feat_ftp` for tracing via trace config
- add macro CURL_TRC_FTP(data, fmt, ...)
- replace DEBUGF(infof()) statements in ftp.c by CURL_TRC_FTP()
- always trace FTP connection state
Closes #13580
Daniel Stenberg (10 May 2024)
- http: remove redundant check
Spotted by CodeSonar
Closes #13582
Viktor Szakats (10 May 2024)
- ldap: fix unused variables (seen on OmniOS)
```
../../lib/ldap.c: In function 'ldap_do':
../../lib/ldap.c:380:11: error: unused variable 'ldap_ca' [-Werror=unused-v
ariable]
380 | char *ldap_ca = conn->ssl_config.CAfile;
| ^~~~~~~
../../lib/ldap.c:379:9: error: unused variable 'ldap_option' [-Werror=unuse
d-variable]
379 | int ldap_option;
| ^~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/9033564377/job/24824192730#ste
p:3:6059
Ref: #13583
Closes #13588
Daniel Stenberg (10 May 2024)
- url: make parse_login_details use memdup0
Also make the user and password arguments mandatory, since all code
paths in libcurl used them anyway.
Adapted unit test case 1620 to the new rules.
Closes #13584
Orgad Shaneh (10 May 2024)
- digest: replace strcpy for empty string with simple assignment
Closes #13586
Viktor Szakats (10 May 2024)
- autotools: fix `HAVE_IOCTLSOCKET_FIONBIO` test for gcc 14
```
conftest.c:152:41: error: passing argument 3 of 'ioctlsocket' from incompatib
le pointer type [-Wincompatible-pointer-types]
152 | if(0 != ioctlsocket(0, FIONBIO, &flags))
| ^~~~~~
| |
| int *
```
Reported-by: LigH
Fixes #13579
Closes #13587
- CI: ignore test 286 on Appveyor gcc 7 build
Disabled earlier for gcc 9 builds. gcc 7 uses the same runner and
prone to similar intermittent failures.
Follow-up to f1e05a6e6e7225fa09952abb2c935ae1abe44f45 #12106 #12040
Closes #13575
Daniel Stenberg (10 May 2024)
- cf-socket: don't try getting local IP without socket
In cf_tcp_connect(), it might fail and not get a socket assigned to
ctx->sock but set_local_ip() is still called which would make
getsockname() get invoked with a negative file desriptor and fail.
By adding this check, set_local_ip() will now instead blank out the
fields correctly.
Spotted by CodeSonar
Closes #13577
- tool_getparam: remove two redundant conditions
When getstr() does not return error, it returns a valid pointer.
Spotted by CodeSonar
Closes #13576
Stefan Eissing (10 May 2024)
- quiche: trust its timeout handling
- set the idle timeout transport parameter
in milliseconds as documented by quiche
- do not calculate the idle timeout, rely on
quiche handling it
Closes #13581
Daniel Stenberg (10 May 2024)
- dmaketgz: accept a SOURCE_DATE_EPOCH as an second argument
to make it easier to reproduce a tarball
Closes #13573
- RELEASE-NOTES: synced
Stefan Eissing (10 May 2024)
- h3/ngtcp2: improve error handling
- identify ngtcp2 and nghttp3 error codes that are fatal
- close quic connection on fatal errors
- refuse further filter operations once connection is closed
- confusion about the nghttp3 API. We should close the QUIC stream on
cancel and not use the nghttp3 calls intended to be invoked when the
QUIC stream was closed by the peer.
Closes #13562
Jay Satiro (10 May 2024)
- docs: fix some CURLINFO examples
- improve getinfo result check for example sections:
CURLINFO_ACTIVESOCKET, CURLINFO_LASTSOCKET, CURLINFO_SSL_VERIFYRESULT,
CURLINFO_PROXY_SSL_VERIFYRESULT
- fix getinfo result check for example sections:
CURLINFO_NUM_CONNECTS, CURLINFO_OS_ERRNO
- fix verify result check for example sections:
CURLINFO_PROXY_SSL_VERIFYRESULT
Bug: https://github.com/curl/curl/discussions/13557#discussion-6625507
Reported-by: farazrbx@users.noreply.github.com
Closes https://github.com/curl/curl/pull/13559
Daniel Stenberg (9 May 2024)
- KNOWN_BUGS: gssapi library name + version is missing in curl_version_info()
Closes #13492
Closes #13570
- krb5: use dynbuf
Closes #13568
- managen: fix the option sort order
... it used to strip off the .d file extension to sort correctly but
ever since the extension changed to .md the operation failed and the
sort got wrong.
Follow-up to 2494b8dd5175cee7f2e
Closes #13567
Stefan Eissing (8 May 2024)
- GHA: repair the linux-old job
package libc6_2.28-10+deb10u2_amd64.deb changed to
libc6_2.28-10+deb10u3_amd64.deb
Closes #13564
Viktor Szakats (8 May 2024)
- appveyor: make gcc 6 mingw64 job build-only
This job has proven to be the flakiest of all, and it's also the oldest
Windows runner we had tests running on: 'Visual Studio 2015', that is
running on Windows Server 2012 R2:
https://www.appveyor.com/docs/windows-images-software/
Turn off tests on this job to help stabilizing CI runs.
This was also one of the slowest running job amongst the AppVeyor CI ones.
Flakiness data:
https://testclutch.curl.se/static/reports/summary.html
Entries:
Appveyor / CMake, mingw-w64, gcc 6, Debug, x86, Schannel, Static, no-unity
(curl) [current]
Appveyor / CMake, mingw-w64, gcc 6, Debug, x86, Schannel, Static (curl) [fo
rmer]
Closes #13566
Stefan Eissing (8 May 2024)
- unit2604: use alloc instead of overlong string const
Closes #13563
Daniel Gustafsson (8 May 2024)
- bufq: remove duplicate word in comment
Inspired by 13552.
Closes: #13554
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Viktor Szakats (8 May 2024)
- lib/cf-h1-proxy: silence compiler warnings (gcc 14)
They came up ealier with gcc 12 (Windows), but apparently gcc 14 is
still reporting them, also under Linux.
```
/home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c: In functi
on 'cf_h1_proxy_close':
/home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:1060:17: w
arning: null pointer dereference [-Wnull-dereference]
1060 | cf->connected = FALSE;
/home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:1061:8: wa
rning: null pointer dereference [-Wnull-dereference]
1061 | if(cf->ctx) {
| ~~^~~~~
In function 'tunnel_free',
inlined from 'cf_h1_proxy_destroy' at /home/runner/work/curl-for-win/curl
-for-win/curl/lib/cf-h1-proxy.c:1053:3:
/home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:198:27: wa
rning: null pointer dereference [-Wnull-dereference]
198 | struct h1_tunnel_state *ts = cf->ctx;
| ^~
```
Ref: https://github.com/curl/curl-for-win/actions/runs/8985369476/job/2467921
9528#step:3:6320
Fixes #13237
Closes #13555
Michał Antoniak (8 May 2024)
- mbedtls: support TLS 1.3
Closes #13539
Daniel Stenberg (8 May 2024)
- version: use msnprintf instead of strncpy
- to ensure a terminating null byte
- to avoid zero-padding the target
debug code only
Closes #13549
- curl_path: make Curl_get_pathname use dynbuf
... instead of malloc and memcpy
- unit test 2604 verifies Curl_get_pathname()
Closes #13550
- lib: make protocol handlers store scheme name lowercase
- saves a lowercase operation when the "[scheme]_proxy" name is
generated
- appears less "shouting"
- update test 970, 972, 1438 and 1536
Closes #13553
- lib: remove two instances of "only only" messages
Fixes #13551
Reported-by: Lucas Nussbaum
Closes #13552
Pavel Pavlov (7 May 2024)
- asyn-thread: fix curl_global_cleanup crash in Windows
- Make sure that asynchronous resolves handled by Winsock are stopped
before WSACleanup is called.
This is implemented by ensuring that when Curl_resolver_kill is called
(eg via multi_done) it will cancel the Winsock asynchronous resolve and
wait for the cancellation to complete. Winsock runs the asynchronous
completion routine immediately when a resolve is canceled.
Prior to this change it was possible that during curl_global_cleanup
"a DNS resolver thread created by GetAddrInfoExW did not terminate yet,
however curl is already shutting down, deinitializing Winsock with
WSACleanup() leading to an access violation."
Background:
If libcurl is built with the asynchronous threaded resolver option for
Windows then it resolves in one of two ways. For Windows 8.1 and later,
libcurl resolves by using the Winsock asynchronous resolver which does
its own thread management. For older versions of Windows, libcurl
resolves by creating a separate thread that calls getaddrinfo. This
change only affects the former and it's already handled for the latter.
Reported-by: Ch40zz@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/13509
Closes https://github.com/curl/curl/pull/13518
Jay Satiro (7 May 2024)
- asyn-thread: fix Curl_thread_create result check
- Compare to curl_thread_t_null instead of 0 for error.
Currently for both supported thread libraries (pthreads and Windows)
curl_thread_t_null is defined as 0. However, the pattern throughout the
code is to check against curl_thread_t_null and not 0 since for
posterity some thread library may not use 0 for error.
Closes https://github.com/curl/curl/pull/13542
- curl_multibyte: remove access() function wrapper for Windows
- Remove curlx_win32_access() which was a wrapper to use access() in
Windows.
This is a follow-up to 602fc213, one of two commits which removed
access() calls from the codebase and banned use of the function.
Closes https://github.com/curl/curl/pull/13529
Daniel Gustafsson (6 May 2024)
- tls: Remove EXAMPLEs from deprecated options
CURLOPT_EGDSOCKET and CURLOPT_RANDOM_FILE are both completely dead
so remove their example sections since the code there is useless.
There is still a way to inject a random file for OpenSSL older than
1.1.0 but it's not what the example showed (and it's not even done
with this option) so we refrain from documenting it here.
Closes: #13540
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- tests: Only require EXAMPLE for non-deprecated options
Manpages which document deprecated CURLOPT_ or CURLINFO_ are not
required to have an EXAMPLE section since they might effectively
be dead no-ops which we don't want to trick users into believing
they can use by copying example code.
Closes: #13540
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Daniel Stenberg (6 May 2024)
- EXPERIMENTAL: add graduation requirements for each feature
Starting now, experimental features should have a set of documentated
requirements of what is needed for the feature to graduate.
This adds requirements to all existing experiments.
Closes #13541
Ivan (6 May 2024)
- misc: fix typos, quoting and spelling
Fix wording of comments, and misquotings where `' is markdown parsed
where it shouldn't be, and remove a misspelled preprocessor comment
which really isn't needed (and removing it makes it match surrounding
code better).
Closes: #13538
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Daniel Gustafsson (6 May 2024)
- tests: Mark tftpd timer function as noreturn
This avoids the below compiler warning:
tftpd.c:280:1: warning: function 'timer' could be declared with
attribute 'noreturn' [-Wmissing-noreturn]
Closes: #13534
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- doh: Remove unused function prototype
Closes: #13536
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Daniel Stenberg (6 May 2024)
- doh: cleanups in ECH related functions
- make local_decode_rdata_name use dynbuf instead of calloc + memcpy
- avoid extra memdup in local_decode_rdata_alpn
- no need to if() before free()
- use memdup instead of calloc + memcpy in Curl_doh_decode_httpsrr
Reviewed-by: Stephen Farrell
Closes #13526
Viktor Szakats (5 May 2024)
- libssh2: delete redundant feature guard
Delete `HAVE_LIBSSH2_VERSION` (equivalent to
`LIBSSH2_VERSION_NUM` > 0x010100) guard surrounding
a `LIBSSH2_VERSION_NUM` > 0x010B00 one.
Reviewed-by: Daniel Gustafsson
Closes #13537
Jan Venekamp (5 May 2024)
- tool_cfgable: free {proxy_}cipher13_list on exit
Author: Jan Venekamp
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Closes: #13531
RainRat (4 May 2024)
- doh: Fix typo in comment
Closes: #13504
Author: RainRat on Github
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Christian Schmitz (4 May 2024)
- dynbuf: Fix returncode on memory error
Curl_dyn_vaddf should return a proper error code in case allocating
memory failed.
Closes: #13533
Author: Christian Schmitz <support@monkeybreadsoftware.de>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Daniel Stenberg (3 May 2024)
- RELEASE-NOTES: synced
Jan Venekamp (2 May 2024)
- bearssl: use common code for cipher suite lookup
Take advantage of the Curl_cipher_suite_walk_str() and
Curl_cipher_suite_get_str() functions introduced in commit fba9afeb.
This also fixes CURLOPT_SSL_CIPHER_LIST not working at all for bearssl
due to commit ff74cef5.
Closes #13464
Daniel Stenberg (2 May 2024)
- curl.h: change CURL_SSLVERSION_* from enum to defines
C++20 and later compilers emit a deprecation warning if values from two
different enums are combined with a bitwise operation the way the
CURL_SSLVERSION_* values were previously created.
Reported-by: Michael Kaufmann
Fixes #13510
Closes #13511
- configure: error on missing perl if docs or manual is enabled
Fixes #13508
Reported-by: Harmen Stoppels
Closes #13514
- tool_cb_rea: limit rate unpause for -T . uploads
To avoid getting stuck in a busy-loop when nothing is read from stdin,
this function now checks the call rate and might enforce a short sleep
when called repeatedly without uploading anything. It is a crude
work-around to avoid a 100% busy CPU.
Reported-by: magisterquis on hackerone
Fixes #13174
Closes #13506
Viktor Szakats (1 May 2024)
- appveyor: enable websockets for VS2017 jobs
Follow-up to eb4fe6c6340c3d5b0c347c6e30be004d4f9117d7 #13232
Closes #13513
Daniel Stenberg (30 Apr 2024)
- if2ip: make the buf_size arg a size_t
sizes should be size_t
Ref: #13489
Closes #13505
- cf-https-connect: use timeouts as unsigned ints
To match the type used in 'set.happy_eyeballs_timeout'.
Ref: #13489
Closes #13503
- hash: change 'slots' to size_t from int
- an unsigned type makes more sense
- size_t seems suitable
- on 64 bit args, the struct alignment makes the new Curl_hash remain
the same size
Closes #13502
Viktor Szakats (30 Apr 2024)
- libssh2: replace `access()` with `stat()`
Prefer `stat()` to verify the presence of key files.
This drops the last uses of `access()` in the codebase, which was
reported to cause issues in some cases.
Also add `access()` to the list of banned functions in checksrc.
Ref: https://github.com/curl/curl/pull/13412#issuecomment-2065505415
Ref: https://github.com/curl/curl/pull/13482#issuecomment-2078980522
Ref: #13497
Co-authored-by: Jay Satiro
Closes #13498
Daniel Stenberg (30 Apr 2024)
- multi: remove useless assignment
Spotted by CodeSonar
Closes #13500
- RELEASE-NOTES: synced
fuzzard (29 Apr 2024)
- cmake: FindNGHTTP2 add static lib name to find_library call
Add the static library name, nghttp2_static as a name to search.
This provides cmake parity with the winbuild Makefile.vc allowing
the cmake build to find and allow the link to static nghttp2 library.
Viktor Szakats (29 Apr 2024)
- DISTROS: add patch and issues link for curl-for-win
curl-for-win sometimes includes curl patches that were already merged in
master, but not yet part of a stable release.
Also include the Issues link. Build-specific issues are handled there.
Ref: #13493
Closes #13499
Daniel Stenberg (29 Apr 2024)
- mime: avoid using access()
If stat() fails, there is no point in calling access()
Also: return error immediately if the stat() fails.
Ref: #13482
Closes #13497
Stefan Eissing (29 Apr 2024)
- tests: add SNI and peer name checks
- connect to DNS names with trailing dot
- connect to DNS names with double trailing dot
- rustls, always give `peer->hostname` and let it
figure out SNI itself
- add SNI tests for ip address and localhost
- document in code and TODO that QUIC with ngtcp2+wolfssl
does not do proper peer verification of the certificate
- mbedtls, skip tests with ip address verification as not
supported by the library
Closes #13486
Daniel Stenberg (29 Apr 2024)
- curl_getdate.md: document two-digit year handling
Mentioned-by: Paul Gilmartin
Ref: https://curl.se/mail/archive-2024-04/0014.html
Closes #13494
Viktor Szakats (29 Apr 2024)
- cmake: add `BUILD_EXAMPLES` option to build examples
You can enable it with `-DBUILD_EXAMPLES=ON`.
To match autotools' `make examples` feature.
Windows (static) builds not tested.
Also enable examples in a pair of CI jobs.
Apply related updates to the macOS CI workflow:
- drop unused `CXX` envs.
- drop no longer needed `-Wno-error=undef -Wno-error=conversion` flags.
- pass `-Wno-deprecated-declarations` to GCC too (for `BUILD_EXAMPLES`).
- document why `-Wno-deprecated-declarations` is necessary.
Closes #13491
Stefan Eissing (26 Apr 2024)
- http3: quiche+ngtcp2 improvements
- quiche: error transfers that try to receive on a closed
or draining connection
- ngtcp2: use callback for extending max bidi streams. This
allows more precise calculation of MAX_CONCURRENT as we
only can start a new stream when the server acknowledges
the close - not when we locally have closed it.
- remove a fprintf() from h2-download client to avoid excess
log files on tests timing out.
Closes #13475
- vtls: TLS session storage overhaul
- add session with destructor callback
- remove vtls `session_free` method
- let `Curl_ssl_addsessionid()` take ownership
of session object, freeing it also on failures
- change tls backend use
- test_17, add tests for SSL session resumption
Closes #13386
- multi: multi_wait improvements
- only call `multi_getsock()` once for all transfers
- realloc pollset array on demand
- fold repeated sockets
Closes #13150
Philip Heiduck (25 Apr 2024)
- ci: remove microsoft-prod.list
This is added by default, and it is often broken, but we don't need
anything from it.
Closes #13473
Evgeny Grin (Karlson2k) (25 Apr 2024)
- curl_setup.h: detect 'inline' support
Closes #13355
Daniel Stenberg (25 Apr 2024)
- multi: avoid memory-leak risk
'newurl' is allocated in some conditions and used in a few scenarios,
but there were theoretical combinations in which it would not get freed.
Move the free to happen unconditionally. Never triggered by tests, but
spotted by Coverity.
Closes #13471
Johann Sebastian Schicho (25 Apr 2024)
- sendf: Curl_cwriter_write: remove comment disallowing zero length writes
They are needed to pass CLIENTWRITE_EOS.
Closes #13477
Stefan Eissing (25 Apr 2024)
- CI: macos fixes for new ARM GHA images
- based on #13478 with additions from #13476
- make homebrew install path flexible
- fix OpenSSL pkgconfig files libdir
- add path to --with-libssh2 target
- disable gcc securetransport due to linker
errors (missing symbols), probably because
the os version is no longer low enough
Assisted-by: Viktor Szakats
Closes #13479
- content_encoding: ignore duplicate chunked encoding
- ignore duplicate "chunked" transfer-encodings from
a server to accomodate for broken implementations
- add test1482 and test1483
Reported-by: Mel Zuser
Fixes #13451
Closes #13461
Daniel Stenberg (25 Apr 2024)
- tool: move tool_ftruncate64 to tool_util.c
... and the prototype to tool_setup.h, to make them both available more
widely and accurately.
Follow-up to 00bef95946d3511
Fixes #13458
Closes #13459
Viktor Szakats (24 Apr 2024)
- lib: silence `-Wsign-conversion` in base64, strcase, mprintf
Closes #13467
- CI: retain failure code after `./configure` with Circle CI
Suggested-by: Dan Fandrich
Follow-up to 43299e93c06b96fea8a8dc9b1c2e49c82bc21801 #13462
Follow-up to d7332e3e46c3ef401b34e6a1a129eb4dd846c452 #12635
Closes #13468
Daniel Stenberg (24 Apr 2024)
- RELEASE-NOTES: synced
Jan Venekamp (24 Apr 2024)
- mbedTLS: implement CURLOPT_SSL_CIPHER_LIST option
Use a lookup list to set the cipher suites, allowing the
ciphers to be set by either openssl or IANA names.
To keep the binary size of the lookup list down we compress
each entry in the cipher list down to 2 + 6 bytes using the
C preprocessor.
Closes #13442
Viktor Szakats (24 Apr 2024)
- CI: show more failed `config.log` on Circle CI
Show last 1000 lines of `config.log` if `./configure` fails. This was
already done for one job, this patch extends it to all.
Ref: #13438
Closes #13462
Daniel Stenberg (24 Apr 2024)
- telnet: check return code from fileno()
and return error if necessary
Spotted by CodeSonar
Closes #13457
Viktor Szakats (24 Apr 2024)
- tls: fix SecureTransport + BearSSL cmake unity builds
Avoid clashing static function names by namespacing them.
Pointed-out-by: Jan Venekamp
Ref: https://github.com/curl/curl/pull/13442#discussion_r1576350700
Closes #13450
Jay Satiro (24 Apr 2024)
- dllmain: Call OpenSSL thread cleanup for Windows and Cygwin
- Call OPENSSL_thread_stop on thread termination (DLL_THREAD_DETACH)
to prevent a memory leak in case OpenSSL is linked statically.
- Warn in libcurl-thread.3 that if OpenSSL is linked statically then it
may require thread cleanup.
OpenSSL may need per-thread cleanup to stop a memory leak. For Windows
and Cygwin if libcurl was built as a DLL then we can do that for the
user by calling OPENSSL_thread_stop on thread termination. However, if
libcurl was built statically then we do not have notification of thread
termination and cannot do that for the user.
Also, there are several other unusual cases where it may be necessary
for the user to call OPENSSL_thread_stop, so in the libcurl-thread
warning I added a link to the OpenSSL documentation.
Co-authored-by: Viktor Szakats
Reported-by: southernedge@users.noreply.github.com
Reported-by: zmcx16@users.noreply.github.com
Ref: https://www.openssl.org/docs/man3.0/man3/OPENSSL_thread_stop.html#NOTES
Fixes https://github.com/curl/curl/issues/12327
Closes https://github.com/curl/curl/pull/12408
Jan Venekamp (24 Apr 2024)
- rustls: remove incorrect SSLSUPP_TLS13_CIPHERSUITES flag
The rustls backend advertises SSLSUPP_TLS13_CIPHERSUITES, but
the code does not actually seem to support it (yet?). Removed
the flag and corrected documentation.
Closes #13452
Stefan Eissing (24 Apr 2024)
- quiche: expire all active transfers on connection close
- when a connection close is detected, all ongoing transfers
need to expire bc no more POLL events are likely to happen
for them.
Fixes #13439
Reported-by: Jay Satiro
Closes #13447
Dan Fandrich (23 Apr 2024)
- tests: fix feature case in test1481
This test was being skipped everywhere because the feature never
matched.
Closes #13445
Gusted (23 Apr 2024)
- tool_operate: don't truncate the etag save file by default
This fixes a regression of 75d79a4486b279100209ddf8c7fdb12955fb66e9. The
code in tool-operate truncated the etag save file, under the assumption
that the file would be written with a new etag value. However since
75d79a4486b279100209ddf8c7fdb12955fb66e9 that might not be the case
anymore and could result in the file being truncated when --etag-compare
and --etag-save was used and that the etag value matched with what the
server responded. Instead the truncation should not be done when a new
etag value should be written.
Test 3204 was added to verify that the file with the etag value doesn't
change the contents when used by --etag-compare and --etage-save and
that value matches with what the server returns on a non 2xx response.
Closes #13432
Abdullah Alyan (22 Apr 2024)
- tests: enable test 1117 for hyper
Closes #13436
Daniel Stenberg (22 Apr 2024)
- sendf: useless assignment in cr_lc_read()
Spotted by CodeSonar
Closes #13437
- tool_paramhlp: remove duplicate assign
Spotted by CodeSonar
Closes #13433
- transfer: remove useless assignment
in Curl_xfer_recv_resp
Spotted by CodeSonar
Closes #13435
- http: acknowledge a returned error code
... and do not overwrite it with a new value that could then hide the
problem.
Spotted by CodeSonar
Closes #13434
- tool_operate: init vars unconditionally in post_per_transfer
In case of (the unlikely) early return, they could otherwise remain
uninitialized
Spotted by CodeSonar
Closes #13430
- RELEASE-NOTES: synced
- urlapi: allow setting port number zero
Also set and check errno when strtoul() parsing numbers for better error
checking.
Updated test 1560
Closes #13427
- http_aws_sigv4: remove useless assignment
This code assigned the variable the same value it already had
Spotted by CodeSonar
Closes #13426
- file: remove useless assignment
This code assigned the variable the same value it already had.
Spotted by CodeSonar
Closes #13425
- test2406: verify -f with HTTP/2
Stefan Eissing (19 Apr 2024)
- http2 + ngtcp2: pass CURLcode errors from callbacks
- errors returned by Curl_xfer_write_resp() and the header variant are
not errors in the protocol. The result needs to be returned on the
next recv() from the protocol filter.
- make xfer write errors for response data cause the stream to be
cancelled
- added pytest test_02_14 and test_02_15 to verify that also for
parallel processing
Reported-by: Laramie Leavitt
Fixes #13411
Closes #13424
Daniel Stenberg (19 Apr 2024)
- request: make Curl_req_init return void
Since it could not return error and therefore this change removes dead
code for the caller.
Spotted by CodeSonar.
Closes #13423
- multi: remove the unused Curl_preconnect function
The implementation has been removed, no point in keeping it around.
Follow-up to 476adfeac019ed
Closes #13422
- Curl_creader_read: init two variables to avoid using them uninited
Spotted by CodeSonar
Closes #13419
- http: reject HTTP major version switch mid connection
A connection that has seen an HTTP major version now refuses any other
major HTTP version in future responses. Previously, a HTTP/1.x
connection would just silently accept HTTP/2 or HTTP/3 in the status
lines as long as it had support for those built-in. It would then just
lead to confusion and badness.
Indirectly Spotted by CodeSonar which identified a duplicate assignment
in this function.
Add test 471 to verify
Closes #13421
- mqtt: when Curl_xfer_recv returns error, don't use nread
A returned error code makes other return value unreliable, and in this
case potentially uninitialized. On error, do not read other return
values like the nread counter.
Spotted by CodeSonar
Closes #13418
- ftp: fix socket leak on rare error
In the function AcceptServerConnect() the newly created socket would
leak if Curl_conn_tcp_accepted_set() returns error. Which basically
should never happen.
Spotted by CodeSonar.
Closes #13417
- urlapi: remove unused flags argument from Curl_url_set_authority
The function is only called from a single place (for HTTP/2 server push)
so might as well just assume this fixed option every time.
Closes #13409
- github/ISSUE_TEMPLATE: tweak the commericual support text
- github/ISSUE_TEMPLATE: link the GitHub discussions too
... and move the feature request line to the bottom.
- curl_url_get.md: clarify queries and fragments and CURLU_GET_EMPTY
Follow-up to 3eac21d86bc5
Closes #13407
Stefan Eissing (18 Apr 2024)
- tests: check caddy server version to match test expectations
- new caddy servers no longer return 200 on POSTs, but 405
as they should
Closes #13405
Daniel Stenberg (18 Apr 2024)
- curl_url_set.md: extended
Closes #13404
- urlapi: add CURLU_GET_EMPTY for empty queries and fragments
By default the API inhibits empty queries and fragments extracted.
Unless this new flag is set.
This also makes the behavior more consistent: without it set, zero
length queries and fragments are considered not present in the URL. With
the flag set, they are returned as a zero length strings if they were in
fact present in the URL.
This applies when extracting the individual query and fragment
components and for the full URL.
Closes #13396
- RELEASE-NOTES: synced
- lib1560: test with leading zeroes and more IPv4 versions
Inspired by WHATWG URL Spec test inputs
Closes #13400
Christian Schmitz (17 Apr 2024)
- smtp: result of Curl_bufq_cread was not used
return the result back to the caller.
Closes #13398
Daniel Stenberg (17 Apr 2024)
- urlapi: fix relative redirects to fragment-only
Using the URL API for a redirect URL when the redirected-to string
starts with a hash, ie is only a fragment, the API would produce the
wrong final URL.
Adjusted test 1560 to test for several new redirect cases.
Closes #13394
Jiwoo Park (17 Apr 2024)
- url: fix use of an uninitialized variable
Closes #13399
Patrick Monnerat (17 Apr 2024)
- os400: sync with latest changes
- Conversion support for new version info character field rtmp_version.
- New ILE/RPG declarations.
Closes #13402
Daniel Stenberg (17 Apr 2024)
- ngtcp2: fix macro use
macro "H3_STREAM_CTX" requires 2 arguments, but only 1 given
Follow-up to c6655f7029ec5c128561e3ecf1f93db3ed0432a4
Closes #13401
Christian Schmitz (17 Apr 2024)
- sendf: fix two typos in comments
The parameters are named data, not date.
Closes #13393
- lib: silence warnings on comma misuse
Building curl with -Wcomma, I see warnings about "possible misuse of
comma operator here" and moving fields assignment out of the for() fixes
it.
Closes #13392
Stefan Eissing (17 Apr 2024)
- http/2, http/3: decouple stream state from easy handle
- add `Curl_hash_offt` as hashmap between a `curl_off_t` and
an object. Use this in h2+h3 connection filters to associate
`data->id` with the internal stream state.
- changed implementations of all affected connection filters
- removed `h2_ctx*` and `h3_ctx*` from `struct HTTP` and thus
the easy handle
- solves the problem of attaching "foreign protocol" easy handles
during connection shutdown
Test 1616 verifies the new hash functions.
Closes #13204
Daniel Stenberg (17 Apr 2024)
- ROADMAP: remove completed entries, mention websocket
- THANKS-filter: name fixes
Christian Schmitz (17 Apr 2024)
- winbuild: add ENABLE_WEBSOCKETS option
Closes #13232
Daniel Stenberg (17 Apr 2024)
- dmaketgz: compacter
Removes the need for disabling shellcheck warnings.
Follow-up to d28f74913c2
Proposed-by: Viktor Szakats
Closes #13391
Dan Fandrich (16 Apr 2024)
- tests: Fix uninitialized value warning
The check for an option must be predicated on options existing at all.
Follow-up to f7cc9e91
Christian Schmitz (17 Apr 2024)
- idn: add native AppleIDN (icucore) support for macOS/iOS
I implemented the IDN functions for macOS and iOS using Unicode
libraries coming with macOS and iOS.
Builds and runs here on macOS 14.2.1. Also verified to load and
run on older macOS version 10.13.
Build requires macOS SDK 13 or equivalent.
Set `-DUSE_APPLE_IDN=ON` CMake option to enable it.
With autotools and other build tools, set these manual options:
```
CPPFLAGS=-DUSE_APPLE_IDN
LIBS=-licucore
```
Completes TODO 1.6.
TODO: add autotools option and feature-detection.
Refs: #5330 #5371
Co-authored-by: Viktor Szakats
Closes #13246
Stefan Eissing (16 Apr 2024)
- http3: extend download abort tests, fixes in ngtcp2
- fix flow handling in ngtcp2 to ACK data on streams
we abort ourself.
- extend test_02_23* cases to also run for h3
- skip test_02_23* for OpenSSL QUIC as it gets stalled
on progressing the connection
Closes #13374
Daniel Stenberg (16 Apr 2024)
- tests: add -q as first option when invoking curl for tests
To reduce the risk that the user running the tests has a .curlrc present
that messes things up.
Support 'option="no-q"' for the <command> tag to switch it off on demand.
Use this new feature in test 433 and 436.
Ref: #13284
Closes #13387
- dmaketgz: release tarball generation using docker
For easier reproducibility.
Mention using this script in RELEASE-PROCEDURE
Closes #13388
Viktor Szakats (16 Apr 2024)
- cmake: update ECH code and minor fixups
- `openssl_check_symbol_exists()` expects a 4th argument now.
Follow-up to edc2702a1fe3a4a5386ffd9aa4f240f0c0197fa2 #13373
- minor comment/script touch-ups.
Follow-up to a362962b7289ec02b412890c9515657cf0ed50ac #11922
- fix indentation.
Closes #13383
- tests: fix shellcheck issues in `ech_tests.sh`
Add double-quotes where missing.
Follow-up to a362962b7289ec02b412890c9515657cf0ed50ac #11922
Closes #13382
- dist: add ECH files to tarball
Also sort `EXTRA_DIST` list in `tests/Makefile.am` and make it diffable.
Follow-up to a362962b7289ec02b412890c9515657cf0ed50ac #11922
Closes #13381
- openvms: look for `USE_IPV6` in `config.h` (was: `ENABLE_IPV6`)
The OpenVMS script `config_h.com` is parsing the config header
generated by autotools. Let's make it look for the macro name we now
use universally across the codebase.
Follow-up to e411c98f702f0fb38dceec95e7507ef15a00d12c #13349
Closes #13360
daniel-j-h (16 Apr 2024)
- Dockerfile: for release automation and reproducibility
Closes #13250
Stefan Eissing (16 Apr 2024)
- cw-out: improved error handling
- remember error encountered in invoking write callback and always fail
afterwards without further invokes
- check behaviour in test_02_17 with h2-pausing client
Reported-by: Pavel Kropachev
Fixes #13337
Closes #13340
Daniel Stenberg (16 Apr 2024)
- version: add "ECH" as a feature
If available
Follow-up to a362962b7
Closes #13378
- CURLOPT_ECH: polish
- remove the pointer to build instructions, it won't work in manpages
- add see-also
- minor white space edits
Closes #13379
Viktor Szakats (16 Apr 2024)
- tidy-up: whitespace [ci skip]
- mbedtls: fix building with v3 in CMake Unity mode
Before this patch the internal feature detection macro
`HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS` was defined in three files,
with an incomplete logic in one of them. In Unity mode that spilled
into another source file and broke the build.
Closes #13377
- cmake: add librtmp/rtmpdump option and detection
Add CMake option `USE_LIBRTMP`. Disabled by default.
This library requires OpenSSL TLS-backend when linked statically.
Follow-up to 6eb9e65781fa1fd8a0bcfe0715187a3a35f09ae4 #13364
Closes #13373
Stephen Farrell (16 Apr 2024)
- TLS: add support for ECH (Encrypted Client Hello)
An EXPERIMENTAL feature used with CURLOPT_ECH and --ech.
Closes #11922
Daniel Stenberg (15 Apr 2024)
- RELEASE-NOTES: synced
- multi: introduce SETUP state for better timeouts
Since we can go to the CONNECT state from PENDING, potentially multiple
times for a single transfer, this change introdues a SETUP state that
happens before CONNECT when doing a new transfer.
Now, doing a redirect on a handle goes back to SETUP (not CONNECT like
before) and we initilize the connect timeout etc in SETUP. Previously,
we would do it in CONNECT but that would make it unreliable in cases
where a transfer goes in and out between CONNECT and PENDING multiple
times.
SETUP is transient, so the handle never actually stays in that state.
Additionally: take care of timeouts of PENDING transfers in
curl_multi_perform()
Ref: #13227
Closes #13371
Tal Regev (15 Apr 2024)
- cmake: forward `USE_LIBRTMP` option to C
Define in C `USE_LIBRTMP` if user requested it from cmake.
Closes #13364
Daniel Stenberg (15 Apr 2024)
- curl_version_info: provide librtmp version
Ref: https://github.com/curl/curl/pull/13364#issuecomment-2054151942
Reported-by: talregev on github
Closes #13368
blankie (15 Apr 2024)
- docs: clarify CURLOPT_MAXFILESIZE and CURLOPT_MAXFILESIZE_LARGE
The bounds of the size parameter were not specified, and nor was it
specified how to disable the maximum file size check.
The documentation also incorrectly stated that CURLOPT_MAXFILESIZE
always returns CURLE_OK and that CURLOPT_MAXFILESIZE_LARGE only returns
CURLE_OK or CURLE_UNKNOWN_OPTION.
It also did not mention what the default value is, which is zero. This
commit updates the documentation to make note of all these things.
Closes #13372
Patrick Monnerat (15 Apr 2024)
- OS400: post-shellcheck changes adjustments
Build scripts must be executed by the os/400 shell (sh), not bash which
is a PASE program.
Shell function get_make_vars() escaping reworked to match $() subcommand
construct.
Follow-up to 8a622baf9e9233241bbe93d6599c99cb46478614
Closes #13366
Viktor Szakats (15 Apr 2024)
- OS400: tidy-up
Drop/fixup mods trying to make some syntax highlighters happier.
Follow-up to 8a622baf9e9233241bbe93d6599c99cb46478614 #13309
Closes #13362
Daniel Stenberg (15 Apr 2024)
- multi: timeout handles even without connection
When there is a "change" in a multi handle and pending handles are moved
back to the main list to be retested if they can proceed further (for
example a previous transfer completed or a connection has a confirmed
multiplexed state), the timeout check in multi_runsingle() would not
trigger because it required an established connection.
This could make a pending tranfer go back to pending state even though
it had been "in progress" for a longer time than permitted. By removing
the requirement for an associated connection, the timeout check will be
done proper even for transfers that has not yet been assigned one.
Ref #13227
Reported-by: Rahul Krishna M
Closes #13276
Patrick Monnerat (15 Apr 2024)
- mprintf: check fputc error rather than matching returned character
OS/400 ascii fputc wrapper deviates from the posix standard by the
fact that it returns the ebcdic encoding of the original ascii
character. Testing for a matching value for success will then always
fail.
This commit replaces the chariacter comparison by an explicit error
return check.
Follow-up to ef2cf58
Closes #13367
Viktor Szakats (14 Apr 2024)
- ci: add CMake build variation, fixup libssh detection in `linux-old`
To test without c-ares and hit `easy_lock.h` on an old system. Use this
new build step to introduce small variations, and also test libssh2.
Also add workaround to existing job to enable libssh. (CMake's generic
auto-detection doesn't seem to work here.):
```
CMake Warning at CMakeLists.txt:908 (find_package):
Could not find a package configuration file provided by "libssh" with any
of the following names:
libsshConfig.cmake
libssh-config.cmake
```
Ref: https://github.com/curl/curl/actions/runs/8661316091/job/23750974358#ste
p:5:69
Closes #13361
- lib: merge `ENABLE_QUIC` C macro into `USE_HTTP3`
Before this patch `lib/curl_setup.h` defined these two macros right
next to each other, then the source code used them interchangeably.
After this patch, `USE_HTTP3` guards all HTTP/3 / QUIC features.
(Like `USE_HTTP2` does for HTTP/2.) `ENABLE_QUIC` is no longer used.
This patch doesn't change the way HTTP/3 is enabled via autotools
or CMake. Builders who enabled HTTP/3 manually by defining both of
these macros via `CPPFLAGS` can now delete `-DENABLE_QUIC`.
Closes #13352
- build: prefer `USE_IPV6` macro internally (was: `ENABLE_IPV6`)
Before this patch, two macros were used to guard IPv6 features in curl
sources: `ENABLE_IPV6` and `USE_IPV6`. This patch makes the source use
the latter for consistency with other similar switches.
`-DENABLE_IPV6` remains accepted for compatibility as a synonym for
`-DUSE_IPV6`, when passed to the compiler.
`ENABLE_IPV6` also remains the name of the CMake and `Makefile.vc`
options to control this feature.
Closes #13349
Dan Fandrich (12 Apr 2024)
- DISTROS: mark rolling release distros
These are ones that are unlikely to have back-ported curl patches.
Closes #13353
Daniel Stenberg (12 Apr 2024)
- mbedtls: cut off trailing newlines from debug logs
To avoid double newlines in the output.
Reported-by: Gisle Vanem
Fixes #13321
Closes #13356
- RELEASE-NOTES: synced
Stefan Eissing (12 Apr 2024)
- CURLINFO_REQUEST_SIZE: fixed, add tests for transfer infos reported
- tests for 'size_request' and other stats reported, for
presence and consistency
Reported-by: Jonatan Vela
Fixes #13269
Closes #13275
Viktor Szakats (11 Apr 2024)
- dist: add files missing from release tarball
Closes #13346
- ci: parallelize more, tidy up cmake commands (distcheck, macos)
Also enable `-DCURL_WERROR=ON` in the Linux cmake build test.
Closes #13343
Toon Claes (11 Apr 2024)
- docs: add CURLOPT_NOPROGRESS to CURLOPT_XFERINFOFUNCTION example
It's important to set `CURLOPT_NOPROGRESS` to `0` if you want your
transfer callback function, set by `CURLOPT_XFERINFOFUNCTION`, getting
called. To emphasize this to the users, add this to the code example.
Closes #13348
RainRat (11 Apr 2024)
- misc: fix typos
Closes #13344
Colin Leroy-Mira (11 Apr 2024)
- file: add support for getting basic directory listings
Not supported on Windows (yet)
Closes #13137
Viktor Szakats (11 Apr 2024)
- ci: add curl-for-win builds: Linux MUSL, macOS, Windows
Linux MUSL (llvm/clang), macOS Apple clang, Windows (llvm/clang).
Configured with HTTP/2 and HTTP/3 and other dependencies (the default
curl-for-win) for a comprehensive build test.
```
curl 8.8.0-DEV (x86_64-unknown-linux-musl) libcurl/8.8.0-DEV LibreSSL/3.9.1 z
lib/1.3.1 brotli/1.1.0 zstd/1.5.6 libpsl/0.21.5 libssh2/1.11.0 nghttp2/1.61.0
ngtcp2/1.4.0 nghttp3/1.2.0
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns
mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Largefil
e libz NTLM PSL SSL threadsafe UnixSockets zstd
curl 8.8.0-DEV (x86_64-apple-darwin) libcurl/8.8.0-DEV LibreSSL/3.9.1 zlib/1.
3.1 brotli/1.1.0 zstd/1.5.6 libpsl/0.21.5 libssh2/1.11.0 nghttp2/1.61.0 ngtcp
2/1.4.0 nghttp3/1.2.0
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns
ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws w
ss
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Largefil
e libz NTLM PSL SSL threadsafe UnixSockets zstd
curl 8.8.0-DEV (x86_64-w64-mingw32) libcurl/8.8.0-DEV LibreSSL/3.9.1 zlib/1.3
.1 brotli/1.1.0 zstd/1.5.6 WinIDN libpsl/0.21.5 libssh2/1.11.0 nghttp2/1.61.0
ngtcp2/1.4.0 nghttp3/1.2.0
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns
ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws w
ss
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerb
eros Largefile libz NTLM PSL SPNEGO SSL SSPI threadsafe UnixSockets zstd
```
Limited to x64, because for build testing the additional CPUs don't add
much value compared to the extra build time. They can be enabled easily
if deemed useful.
To the extent of curl-for-win configuration options, it's trivial to add
further build combinations.
Closes #13335
- OS400: fix shellcheck warnings in scripts
- use `$()` instead of backticks, and re-arrange double-quotes inside.
- add missing `|| exit 1` to `cd` calls. (could be dropped by using `set -eu`
.)
- add `-n` to a few `if`s.
- shorten redirections by using `{} >` (as shellcheck recommended).
- silence warnings where variables were detected as unused (SC2034).
- a couple misc updates to silence warnings.
- switch to bash shebang for `-ot` feature.
- split two lines to unbreak syntax highlighting in my editor. (`$(expr \`, `
$(dirname \`)
Also enable CI checks for OS/400 shell scripts.
Ref: #13307
Closes #13309
Stefan Eissing (11 Apr 2024)
- lib: add Curl_xfer_write_resp_hd
Add method in protocol handlers to allow writing of a single,
0-terminated header line. Avoids parsing and copying these lines.
Closes #13165
- llist: add Curl_llist_append()
- use for better readability in all places where the "insert_next"
actually performs an append to the list
- add some tests in unit1300
Closes #13336
- gnutls: lazy init the trust settings
- delay loading of trust anchors and CRLs after the ClientHello
has been sent off
- add tracing to IO operations
- on IO errors, return the CURLcode of the underlying filter
Closes #13339
Marcel Raad (10 Apr 2024)
- http_negotiate: fix `CURL_DISABLE_PROXY` build
`proxyuserpwd` was removed from `dynamically_allocated_data` in commit
f46385d36df.
Closes https://github.com/curl/curl/pull/13334
Viktor Szakats (10 Apr 2024)
- quic: fixup duplicate static function name (for cmake unity)
Visible in daily curl-for-win builds:
https://github.com/curl/curl-for-win/actions/runs/8621925870
```
lib/vquic/curl_ngtcp2.c:1916:12: error: redefinition of 'ossl_new_session_cb'
static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
^
lib/vtls/openssl.c:2978:12: note: previous definition is here
static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
^
```
https://github.com/curl/curl-for-win/actions/runs/8621925870/job/23631885439#
step:3:6965
Follow-up to 3210101088dfa3d6a125d213226b092f2f866722 #13172
Closes #13332
- appveyor: make VS2010 job build-only, enable Schannel, fix compiler warnings
Tests were consistently flaky for a while.
Also fix compiler warnings in `CertOpenStore()` calls for old MSVC compilers:
```
C:/projects/curl/lib/vtls/schannel.c(688):
warning C4306: 'type cast' : conversion from 'int' to 'LPCSTR' of greater s
ize
C:/projects/curl/lib/vtls/schannel_verify.c(642):
warning C4306: 'type cast' : conversion from 'int' to 'LPCSTR' of greater s
ize
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/49580310/job/ywu2y44
kymgc0nif#L106
Closes #13330
Daniel Stenberg (10 Apr 2024)
- projects: drop MSVC project files for recent versions
We encourage users to generate visual studio project files using CMake.
We keep project files in git for ancient visual studio versions that
cmake cannot generate files for, but we no longer ship the project files
in the tarballs.
appveyor: switch VisualStudioSolution job to VC12 (Visual Studio 2013)
Co-Authored-by: Viktor Szakats
Co-Authored-by: Jay Satiro
Closes #13311
Viktor Szakats (9 Apr 2024)
- cmake: use namespaced custom target names
Rename custom target to namespaced (unique) names to avoid colliding
with 3rd-party projects (e.g. libzip) built together with curl.
Reported-by: hammlee96 on github
Fixes #13324
Closes #13326
- appveyor: re-enable OpenSSL 3, bump to 3.2.1
Ref: b62454a875d70f93ab5347c050903596feb45a23 #13266
Closes #13329
Stefan Eissing (9 Apr 2024)
- CI: upgrade openssl version to 3.3.0 for openssl-quic
Closes #13328
Daniel Stenberg (9 Apr 2024)
- RELEASE-NOTES: synced
Bump to 8.8.0-DEV
- curl_multi_waitfds.md: add protocol mention
Follow-up to 02beac6bb6b
Dmitry Karpov (9 Apr 2024)
- lib: add curl_multi_waitfds
New function call, similar to curl_multi_fdset()
Closes #13135
Viktor Szakats (9 Apr 2024)
- dist: verify tarball reproducibility in CI
Closes #13327
Stefan Eissing (9 Apr 2024)
- tests: stabilitze test_02_23*
- h2-download now always opens the output file on first write callback
invocation, if it will pause the transfer or not.
- Checks on output files then does not depend on the amount of data curl
has collected for the first write.
Closes #13323
- tls: fix compile issues on old-linux CI
Follow-up to 3210101088dfa
Closes #13325
Viktor Szakats (9 Apr 2024)
- dist: add reproducible dir entries to tarballs
In the initial implementation of reproducible tarballs, they were
missing directory entries, while .zip archives had them. It meant
that on extracting the tarball, on-disk directory entries got the
current timestamp.
This patch fixes this by including directory entries in the tarball,
with reproducible timestamps. It also moves sorting inside tar,
to ensure reproducible directory entry timestamps on extract
(without the need of `--delay-directory-restore` option, when
extracting with GNU tar. BSD tar got that right by default.)
GNU tar 1.28 (2014-07-28) introduced `--sort=`.
Ref: https://github.com/curl/curl/pull/13299#discussion_r1555957350
Follow-up to 860cd5fc2dc8e165fadd2c19a9b7c73b3ae5069d #13299
Closes #13322
Stefan Eissing (9 Apr 2024)
- tls: use shared init code for TCP+QUIC
Closes #13172
Daniel Stenberg (9 Apr 2024)
- .mailmap: update Gisle's preferred email
Jan Macku (9 Apr 2024)
- doc: pytest `--repeat` -> `--count`
Pytest doesn't have a `--repeat` option, but it does have a `--count`
option.
```
--count=COUNT Number of times to repeat each test
```
Closes #13218
Daniel Stenberg (9 Apr 2024)
- src/Makefile.am: access curl.txt using a relative path, not abs
... to make it work when mounted using different mount points. Like when
generated/used inside and outside of a docker image.
Closes #13320
- build: remove MacOSX-Framework script
I don't think this is much used these days.
Also remove the libcurl.plist file used (only) by this script
Closes #13313
- release-tools.sh: store the timestamp and release tag too
When maketgz invokes this script to generate the docs/RELEASE-TOOLS.md
file that gets bundled in the release, it now also passes on the exact
timestamp and version number so that those details also get mentioned in
the document. They will help users reproduce an identical tarball.
Closes #13319
Viktor Szakats (8 Apr 2024)
- GHA: disable permissions where missing
Reviewed-by: Daniel Stenberg
Closes #13306
Stefan Eissing (8 Apr 2024)
- CI: update component versions
- ngtcp2: v1.4.0
- nghttp3: v1.2.0
- nghttp2: v1.61.0
- mod_h2: v2.0.27
Closes #13316
Jérôme Leclercq (8 Apr 2024)
- CMake: check fseeko after detecting HAVE_FILE_OFFSET_BITS
Closes #13264
Stefan Eissing (8 Apr 2024)
- http2: emit RST when client write fails
- When the writing of response data fails, reset the stream
and do not return a callback error to nghttp2. That would
be a fatal error for the connection and harm other requests.
- add test cases for various abort scenarios
Reported-by: Konstantin Kuzov
Fixes #13292
Closes #13298
Kailun Qin (8 Apr 2024)
- mbedtls: call mbedtls_ssl_setup() after RNG callback is set
Since mbedTLS v3.6.0, the RNG check added in ssl_conf_check() will fail
if no RNG is provided when calling mbedtls_ssl_setup().
Therefore, mbedtls_ssl_conf_rng() needs to be called before the SSL
context is passed to mbedtls_ssl_setup().
Ref: https://github.com/Mbed-TLS/mbedtls/commit/b422cab052b51ec84758638d6783d
6ba4fc60613
Signed-off-by: Kailun Qin <kailun.qin@intel.com>
Closes #13314
Daniel Stenberg (8 Apr 2024)
- NTLM_WB: drop support
The feature has not worked for months and has been marked as DEPRECATED
for six+ months.
Closes #13249
- curl_trc: fix build error when lacking verbose messages
Follow-up from 0b28ece657b2273
Closes #13312
Viktor Szakats (8 Apr 2024)
- contrithanks: honor `CURLWWW` variable
Reviewed-by: Daniel Stenberg
Closes #13315
- GHA: add shellcheck job and fix warnings, shell tidy-ups
Reviewed-by: Daniel Stenberg
Closes #13307
- dist: do not require Perl in `maketgz`
Perl remains required for the tarball build process.
Follow-up to 860cd5fc2dc8e165fadd2c19a9b7c73b3ae5069d #13299
Reviewed-by: Daniel Stenberg
Closes #13310
Daniel Stenberg (8 Apr 2024)
- RELEASE-NOTES: synced
- docs/cmdline-opts: invoke managen using a relative path
... no need to use an absolute path, that makes the build unncessarily
fail if invoked using a different mount point. managen now takes options
to find the input files.
Update test1478 to provide the dir arguments to managen
Closes #13281
- GHA: add valgrind to a wolfSSL build
Closes #13274
Viktor Szakats (7 Apr 2024)
- dist: `set -eu`, fix shellcheck, make reproducible and smaller tarballs
- set bash `-eu` and fix fallouts.
- fix shellcheck warnings.
- set and use `SOURCE_DATE_EPOCH` for reproducibility.
Authored-by: Daniel J. H.
Ref: #13280
- set `TZ=UTC` and `LC_ALL=C` for reproducibility.
- make file timestamps in tarball/zip reproducible.
- make directory timestamps in zip reproducible.
- make timestamps of tarballs/zip reproducible.
- make file order in tarball/zip reproducible.
- omit extra file metadata from zip for reproducibility.
- use maximum zip compression.
- use POSIX `ustar` tarball format to avoid supply chain vulnerability:
https://seclists.org/oss-sec/2021/q4/0
- make uid/gid in tarball reproducible.
- omit owner user/group names from tarball for reproducibility and privacy.
- omit current timestamp from .gz header for reproducibility.
- display SHA-256 hashes of produced tarballs/zip.
- fix whitespace.
`.tar.gz` also became smaller in the process: 4,462,311 -> 4,148,249 bytes (8
.7.1)
Requires GNU tar, GNU date, `sha256sum`.
Reviewed-by: Daniel Stenberg
Ref: #13250
Closes #13299
Gisle Vanem (7 Apr 2024)
- tests/http: fix compiler warning
- Init result code variable to fix clang warning that it may be used
uninitialized.
Fixes https://github.com/curl/curl/issues/13301
Closes https://github.com/curl/curl/pull/13304
Stefan Eissing (6 Apr 2024)
- vquic: use new curl_int64_t type
- add curl_int64_t signed 64-bit type for lib use
- define CURL_PRId64, CURL_PRIu64 format ids
- use curl_int64_t in vquic
curl_int64_t signed complements the existing curl_uint64_t unsigned.
Note that `curl_int64_t` and `int64_t` are assignable from each other
but not identical. Some platforms with 64 long type defint int64_t as
"long long" (staring at macOS) which messes up things like pointers and
format identifiers.
Closes https://github.com/curl/curl/pull/13293
Jay Satiro (5 Apr 2024)
- lib: use multi instead of multi_easy for the active multi
- Use data->multi and not data->multi_easy to refer to the active multi.
The easy handle's active multi is always data->multi.
This is a follow up to 757dfdf which changed curl so that an easy handle
used with the easy interface and then multi interface cannot have two
different multi handles associated with it at the same time
(data->multi_easy from the easy interface and data->multi from the multi
interface).
Closes https://github.com/curl/curl/pull/12665
Viktor Szakats (5 Apr 2024)
- tidy-up: whitespace [ci skip]
Daniel Stenberg (5 Apr 2024)
- makefile: remove the sorting from the vc-ide action
This target generates the MSVC project files. This change removes the
extra sorting and instead makes the script use the order of the files as
listed in the variables - which are mostly sorted anyway.
This is an attempt to make the project file generation more easily
reproducible.
Ref: #13250
Closes #13294
Gisle Vanem (5 Apr 2024)
- bearssl: fix compiler warnings
"variables may be uninitialized when used"
Fixes #13290
Closes #13297
Daniel Stenberg (5 Apr 2024)
- DISTROS: Cygwin updates
Brought-by: Brian Inglis
Fixes #13258
Co-authored-by: Viktor Szakats
Closes #13279
Stefan Eissing (5 Apr 2024)
- lib: add trace support for client reads and writes
- add `CURL_TRC_READ()` and `CURL_TRC_WRITE()`
- use in generic client writers and readers, as well
as http headers, chunking and websockets
Closes #13223
Michał Antoniak (5 Apr 2024)
- urldata: remove fields not used depending on used features
Reduced size of dynamically_allocated_data structure.
Reduced number of stored values in enum dupstring and enum dupblob. This
affects the reduced array placed in the UserDefined structure.
Closes #13188
Viktor Szakats (5 Apr 2024)
- cmake: enable `-pedantic-errors` for clang when `CURL_WERROR=ON`
clang doesn't have the issues of GCC and old CMake versions.
Note: This introduces asymmetry with autotools, which only enables
this for GCC.
Reviewed-by: Daniel Stenberg
Closes #13286
- cmake: fix `CURL_WERROR=ON` for old CMake and use it in GHA/linux-old
- cmake: fix `-pedantic-errors` for old CMake with `CURL_WERROR=ON` set.
`-pedantic-errors` option throws a warning with GCC (all versions) and
makes `check_symbol_exists()` fail in CMake versions older than
v3.23.0 (2022-03-29), when CMake introduced a workaround:
https://gitlab.kitware.com/cmake/cmake/-/issues/13208
https://gitlab.kitware.com/cmake/cmake/-/commit/eeb45401163d831b8c841ef6eba
81466b4067b68
https://gitlab.kitware.com/cmake/cmake/-/commit/1ab7c3cd28b27ca162c4559e102
6e5cad1898ade
Follow-up to 3829759bd042c03225ae862062560f568ba1a231 #12489
- set `CURL_WERROR=ON` for the `linux-old` job in CI.
Closes #13282
- lib: use `#error` instead of invalid syntax in `curl_setup_once.h`
Reviewed-by: Daniel Stenberg
Closes #13287
Daniel Stenberg (5 Apr 2024)
- GHA: on macOS remove $HOME/.curlrc
A recent image upgrade added a $HOME/.curlrc by default using --ipv4.
Ref: https://github.com/actions/runner-images/pull/9586
Fixes #13284
Closes #13285
Viktor Szakats (4 Apr 2024)
- cmake: fixup `DEPENDS` filename
Fixing:
```
make[2]: Circular docs/curl-config.1 <- docs/curl-config.1 dependency dropped
.
make[2]: Circular docs/mk-ca-bundle.1 <- docs/mk-ca-bundle.1 dependency dropp
ed.
```
Ref: https://github.com/curl/curl/actions/runs/8559617487/job/23456740844?pr=
13282#step:6:18
Follow-up to 5023ffad2c27d4b916ddb91800f99ecc5d3aad07 #13197
Closes #13283
- GHA: enable unity mode for cmake jobs + tidy-ups
Unity mode is not supported by CMake v3.7.2 used in linux-old, but
enable it anyway for consistency and to kick in automatically once
migrating to a newer old Linux in the future.
Also:
- replace `CMAKE_COMPILE_WARNING_AS_ERROR` with `CURL_WERROR`.
- delete default build option `PICKY_COMPILER=ON`.
Closes #13277
Dan Fandrich (4 Apr 2024)
- CI: Add CI build on Debian stretch to test old support
This version still has ELTS support and contains some old versions of
key components like cmake to help prevent us from breaking that support.
Closes #13029
Stefan Eissing (4 Apr 2024)
- request: paused upload on completed download, assess connection
A transfer with a completed download that is still uploading needs to
check the connection state when it is PAUSEd, since connection
close/errors would otherwise go unnoticed.
Reported-by: Sergey Bronnikov
Fixes #13260
Closes #13271
Daniel Stenberg (4 Apr 2024)
- url: do not URL decode proxy crendentials
The two options CURLOPT_PROXYUSERNAME and CURLOPT_PROXYPASSWORD set the
actual names as-is, not URL encoded.
Modified test 503 to use percent-encoded strings in the credential
strings that should be passed on as-is.
Reported-by: Sergey Ogryzkov
Fixes #13265
Closes #13270
Viktor Szakats (4 Apr 2024)
- appveyor: enable cmake unity mode by default
Leave one non-unity cmake job. This makes the jobs finish slightly
quicker, while giving more coverage for unity issues.
Before:
https://ci.appveyor.com/project/curlorg/curl/builds/49496977
https://ci.appveyor.com/project/curlorg/curl/builds/49500372
After:
https://ci.appveyor.com/project/curlorg/curl/builds/49500338
Also fixup unrelated whitespace.
Reviewed-by: Daniel Stenberg
Closes #13217
Daniel Stenberg (4 Apr 2024)
- RELEASE-NOTES: synced
Viktor Szakats (4 Apr 2024)
- cmake: speed up libcurl doc building again
This time limit the number of files per command to avoid exceeding
limitations of certain OS/shell envs.
Such known env is Windows with the `cmd.exe` shell, which features an
8K command-line length limit to this day.
Allowlisting `UNIX` to have no limit and using a limit of 200 for other
envs to be safe. If there is a way to detect `cmd.exe` and/or we know
which precise envs are sensitive to this, we can tweak these conditions
further.
Even with the low limit, this patch reduces external commands by 200x,
making builds much faster.
Ref: #12762 2620aa930bc73af1e4c70b10e3125b957b96ecfb (initial)
Ref: #13047 f03c85635f35269f1f45b983bf216624f541760a (revert)
Reviewed-by: Daniel Stenberg
Closes #13207
- cmake: tidy-up to use `WORKING_DIRECTORY`
Reviewed-by: Daniel Stenberg
Closes #13206
- cmake: generate misc manpages and install `mk-ca-bundle.pl`
- install `mk-ca-bundle.pl` like autotools does.
- generate and install `mk-ca-bundle.1` and `curl-config.1` like
autotools. This fixes tests 1140 and 1173.
Reported-by: Dan Fandrich
Fixes #13194
- add option `BUILD_MISC_DOCS` to control building the above two
manpages. Enabled by default.
- appveyor: stop disabling tests 1140 and 1173.
Reviewed-by: Daniel Stenberg
Closes #13197
Fabian Keil (4 Apr 2024)
- wolfssl: plug memory leak in wolfssl_connect_step2()
Fixes:
test 2034...[simple HTTPS GET with DER public key pinning]
==61829== 22,610 (3,744 direct, 18,866 indirect) bytes in 1 blocks are d
efinitely lost in loss record 51 of 54
==61829== at 0x484BB74: malloc (vg_replace_malloc.c:446)
==61829== by 0x4B53A80: wolfSSL_Malloc (memory.c:344)
==61829== by 0x4C1C8E1: wolfSSL_X509_new (x509.c:5326)
==61829== by 0x4C3977D: d2i_X509orX509REQ (x509.c:3628)
==61829== by 0x4C1D1F4: wolfSSL_X509_d2i (x509.c:3664)
==61829== by 0x4C1C37B: wolfSSL_X509_dup (x509.c:13425)
==61829== by 0x4C197DB: wolfSSL_get_peer_certificate (ssl.c:18765)
==61829== by 0x33297C: wolfssl_connect_step2 (wolfssl.c:875)
==61829== by 0x331669: wolfssl_connect_common (wolfssl.c:1287)
==61829== by 0x3303E9: wolfssl_connect_nonblocking (wolfssl.c:1319)
==61829== by 0x32FE89: ssl_connect_nonblocking (vtls.c:510)
==61829== by 0x32DBE5: ssl_cf_connect (vtls.c:1679)
==61829== by 0x27ABD7: Curl_conn_cf_connect (cfilters.c:307)
==61829== by 0x27D9CF: cf_setup_connect (connect.c:1199)
==61829== by 0x27ABD7: Curl_conn_cf_connect (cfilters.c:307)
==61829== by 0x283CEA: cf_hc_baller_connect (cf-https-connect.c:135)
Closes #13272
Viktor Szakats (3 Apr 2024)
- appveyor: OpenSSL 3 no longer found by CMake, revert to 1.1.1
OpenSSL moved directories, and bumped versions in AppVeyor CI.
Downgrading is not an ideal solution, but however trivial the solution
may be, I failed to come with anything that made CMake recognize either
OpenSSL 3.1 or 3.2.
Possibly caused by:
https://github.com/appveyor/build-images/commit/702e8cdca01f28f6a40687783f493
c786cebbe2c
https://github.com/appveyor/build-images/pull/149
Closes #13266
hongfei.li (3 Apr 2024)
- winbuild: use $(RC) correctly
Cloes #13267
Daniel Stenberg (3 Apr 2024)
- dist: remove the curl-config.1 from the tarball
The markdown file is already there and the .1 file gets generated in the
build.
Ref: #13250
Closes #13268
- curl_global_trace.md: shorten the description
Closes #13263
- test1901: verify chunked POST from callback with CURLOPT_POSTFIELDSIZE set
Follow-up to 721941aadf4ad
Ref: #13257
Closes #13262
Stefan Eissing (2 Apr 2024)
- http: with chunked POST forced, disable length check on read callback
- when an application forces HTTP/1.1 chunked transfer encoding
by setting the corresponding header and instructs curl to use
the CURLOPT_READFUNCTION, disregard any POST length information.
- this establishes backward compatibility with previous curl versions
Applications are encouraged to not force "chunked", but rather
set length information for a POST. By setting -1, curl will
auto-select chunked on HTTP/1.1 and work properly on other HTTP
versions.
Reported-by: Jeff King
Fixes #13229
Closes #13257
Jay Satiro (1 Apr 2024)
- INSTALL-CMAKE.md: explain `cmake -G <generator-name>`
- Explain that CMake's -G option can be used to specify which build
system to generate files for.
Example: cmake ../curl -G "MinGW Makefiles"
Ref: https://github.com/curl/curl/pull/12224#issuecomment-2026813645
Closes https://github.com/curl/curl/pull/13244
Daniel Stenberg (1 Apr 2024)
- libcurl-opts: mention pipelining less
libcurl has not supported HTTP pipelining since many years. Remove a few
(more) mentions of the feature.
Closes #13254
Daniel McCarney (31 Mar 2024)
- m4: reposition USE_RUSTLS="yes" for pkg-config
It's necessary to set this var to "yes" _after_ AC_DEFINE and AC_SUBST
in order for a later `test` to pass so that `check_for_ca_bundle=1` ends
up being set. This is in turn required for the default CA certificate
bundle to be set when building w/ rustls & pkg-config.
Reported-by: Matt Jolly
Fixes #13248
Closes #13251
Daniel Stenberg (31 Mar 2024)
- maketgz: put docs/RELEASE-TOOL.md into the tarball
Generated with scripts/release-tools.sh
The script lists the exact Debian package names and version numbers for
the tools that are used to generate the tarball.
Closes #13239
- cd2nroff/manage: use UTC when SOURCE_DATE_EPOCH is set
Make them independent of the TZ setting. Also set a date string like
YYYY-MM-DD to avoid a local month name in the date.
Reported-by: Carlos Henrique Lima Melara
Fixes #13242
Closes #13243
- RELEASE-NOTES: synced
- docs/MAIL-ETIQUETTE: convert to markdown
To render nicer. To get spellchecked.
Closes #13247
- reuse: add copyright + license info to individual docs/*.md files
Instead of use 'docs/*.md' in dep5. For clarity and avoiding a wide-
matching wildcard.
+ Remove mention of old files from .reuse/dep5
+ add info to .github/dependabot.yml
+ make scripts/copyright.pl warn on non-matching patterns
Closes #13245
- test470: warn about unicode quote character read from config file
Idea-by: Emanuele Torre
- test469: verify warning when argument has unicode quote
- tool_getparam: output warning for leading unicode quote character
... in the option argument.
Typically this is a mistake done when copying example command lines from
online documentation using the wrong quote character.
Presumably there are also other potential quote characters that might be
used, and this check is done without even knowing that unicode is used!
Reported-by: Sanjay Pujare
Fixes #13214
Closes #13215
- tool: follow-up getenv fix
Remove a double free. Change the IPFS env use to a plain getenv() simply
because coverity gets confused.
Follow-up to 9126b141c9398fe
Closes #13241
- idn: make Curl_idnconvert_hostname() use Curl_idn_decode()
In the name of less code duplication
Closes #13236
- curl-confopts.m4: define CARES_NO_DEPRECATED when c-ares is used
Starting in 1.28.0 c-ares added deprecation warnings for some API calls
libcurl uses.
Closes #13240
- vquic: use CURL_FORMAT_CURL_OFF_T for 64 bit printf output
Reported-by: Keitagit-kun on github
Fixes #13224
Closes #13231
- openldap: create ldap URLs correctly for IPv6 addresses
Reported-by: Sergio Durigan Junior
Fixes #13228
Closes #13235
- curl: use curl_getenv instead of the curlx_ version
The curlx one was once introduced when we still considered dropping the
libcurl function at some point. To reduce confusion and to make it
easier to understand when curl_free() should be used, use the actual
libcurl function call directly instead.
Closes #13230
Evgeny Grin (Karlson2k) (30 Mar 2024)
- curl_sha512_256: do not use workaround for NetBSD when not needed
Assisted-by: riastradh on github
Assisted-by: Michael Kaufmann
Closes #13225
Matt Jolly (30 Mar 2024)
- m4: fix rustls pkg-config codepath
The previous pkg-config code would successfully detect rustls but did
not set all appropriate variables and call the right macros to properly
configure cURL.
Reported-by: kpcyrd on github
Fixes #13200
Closes #13202
Daniel McCarney (30 Mar 2024)
- deps: update librustls 0.12.0 -> 0.13.0
This commit updates the optional rustls-ffi librustls dependency from
0.12.0 to 0.13.0. This version is based on the latest available rustls
release (0.23.4).
The breaking API changes from 0.12.0 to 0.13.0 are in API surface unused
by curl, so this is an in-place update without any code changes.
The `RUSTLS.md` documentation is updated to reflect the new version in
use, and to clarify that `cbindgen` isn't required to build `librustls`
- it's only used by developers to update the vendored `rustls.h` header
file maintained upstream.
Closes #13238
Daniel Stenberg (28 Mar 2024)
- RELEASE-NOTES: synced
- tool_xattr: "guess" URL scheme if none is provided
... when figuring out the source URL to store.
Reported-by: Dagfinn Ilmari Mannsåker
Fixes #13205
Closes #13221
- tool_xattr: in debug builds, act normally if CURL_FAKE_XATTR is not set
Closes #13220
Stefan Eissing (28 Mar 2024)
- content_encoding: brotli and others, pass through 0-length writes
- curl's transfer handling may write 0-length chunks at the end of the
download with an EOS flag. (HTTP/2 does this commonly)
- content encoders need to pass-through such a write and not count this
as error in case they are finished decoding
Fixes #13209
Fixes #13212
Closes #13219
Tobias Stoeckmann (28 Mar 2024)
- libssh2: set length to 0 if strdup failed
Internally, libssh2 dereferences the NULL pointer if length is non-zero.
The callback function cannot return the error condition, so at least
prevent subsequent crash.
Closes #13213
Daniel Stenberg (28 Mar 2024)
- RELEASE-PROCEDURE: mention an initial working build
This is the step that was not done and caused the 8.7.0 mishap (it
lacked the correctly generated hugehelp file).
Remove the mention of the copyright script as this is verified by a CI
job these days: the REUSE one.
Closes #13216
Paul Howarth (28 Mar 2024)
- curl_sha512_255: fix detection of OpenSSL 1.1.1 or later
Use the same OPENSSL_VERSION_NUMBER comparison as in lib/vtls/openssl.c.
Closes #13208
Robert Moreton (28 Mar 2024)
- cf-socket: remove references to l_ip, l_port
Fixes #13210
Closes #13211
Daniel Stenberg (28 Mar 2024)
- openssl: do not set SSL_MODE_RELEASE_BUFFERS
While it might save some memory, it causes OpenSSL to instead do a huge
amount of allocations.
Ref: #13136
Closes #13203
- curl: make --help adapt to the terminal width
Instead of assuming and working with 80 colums, try figuring out what
width is actually used.
Ref: #13141
Closes #13171
- RELEASE-NOTES: synced
and bump to 8.7.2 for now
- configure: make --disable-docs imply --disable-manual
Because when the docs is not built, the necesary curl.txt file is not
present so then the manual cannot get built.
Reported-by: Harry Sintonen
Closes #13191
Chris Webb (27 Mar 2024)
- cmdline-docs: fix make install with configure --disable-docs
make -C docs/cmdline-opts install depends on all-am, which in turn
depends on $(MANS), unconditionally defined to be $(man_MANS).
As with CLEANFILES, only add curl.1 to man_MANS when BUILD_DOCS is true
so we don't try to build curl.1 unnecessarily.
Closes #13198
Version 8.7.1 (27 Mar 2024)
Daniel Stenberg (27 Mar 2024)
- RELEASE-PROCEDURE: remove old release dates, add new pending ones
Version 8.7.0 (27 Mar 2024)
Daniel Stenberg (27 Mar 2024)
- RELEASE-NOTES: synced
curl 8.7.0 release
- THANKS: new contributors from the 8.7.0 release
- CURLOPT_POSTFIELDS.md: used for MQTT as well
Closes #13189
- http: remove stale comment about rewindbeforesend
... because that struct field exists no more.
Follow-up to 14bcea074a782272.
Closes #13187
- DISTROS: add document with distro pointers
Lots of organizations distribute curl packages to end users. This is a
collection of pointers to where to learn more about curl on and with
each distro.
Assisted-by: Alan Coopersmith
Assisted-by: Andrew Kaster
Assisted-by: Andy Fiddaman
Assisted-by: Arjan van de Ven
Assisted-by: Brian Clemens
Assisted-by: chrysos349 on github
Assisted-by: Dan Fandrich
Assisted-by: Dan McDonald
Assisted-by: Gaelan Steele
Assisted-by: graywolf on github
Assisted-by: Jan Macku
Assisted-by: John Marshall
Assisted-by: Jonathan Perkin
Assisted-by: Kevin Daudt
Assisted-by: Marcus Müller
Assisted-by: Michał Górny
Assisted-by: Outvi V
Assisted-by: Ross Burton
Assisted-by: Sean Molenaar
Assisted-by: Till Wegmüller
Assisted-by: Viktor Szakats
Assisted-by: Winni Neessen
Closes #13178
Fabian Keil (25 Mar 2024)
- wolfSSL: do not call the stub function wolfSSL_BIO_set_init()
Calling the function isn't necessary and causes the build
to fail when wolfSSL has been compiled with NO_WOLFSSL_STUB:
Making all in opts
CCLD curl
ld: error: undefined symbol: wolfSSL_BIO_set_init
>>> referenced by wolfssl.c:235 (vtls/wolfssl.c:235)
>>> libcurl_la-wolfssl.o:(wolfssl_bio_cf_create) in archiv
e ../lib/.libs/libcurl.a
cc: error: linker command failed with exit code 1 (use -v to see invocat
ion)
*** Error code 1
Closes #13164
Daniel Stenberg (25 Mar 2024)
- cmdline-opts: shorter help texts
In an effort to increase the readability of the "--help all" output on
narrow (80 column) terminals.
Co-authored-by: Jay Satiro
Closes #13169
Matt Jolly (25 Mar 2024)
- curl-rustls.m4: add pkg-config support to rustls detection
Based on the existing openssl pkg-config detection, this commit tries to
use pkg-config to find `rustls` then falls back to the current approach
if that fails.
We use the following logic:
- if no path is provided, just use pkg-config, if it's not there we have
a problem!
- if a path is provided, try pkg-config
+ if pkg-config fails, try and find rustls directly
Closes #13179
Mohammadreza Hendiani (25 Mar 2024)
- TODO: update 13.11 with more information
Closes #13173
Daniel Stenberg (23 Mar 2024)
- docs/libcurl: generate PROTOCOLS from meta-data
Remove the PROTOCOLS section from the source files completely and
instead generate them based on the header data in the curldown files.
It also generates TLS backend information for options marked for TLS as
protocol.
Closes #13175
- CURLMOPT_MAX*: mention what happens if changed mid-transfer
For CURLMOPT_MAXCONNECTS and CURLMOPT_MAX_HOST_CONNECTIONS
Ref: #13158
Closes #13176
- docs/libcurl: add TLS backend info for all TLS options
All man pages that are listed to be for TLS now must also specify
exactly what TLS backends the option works for, or use All if they all
work.
cd2nroff makes sure this is done and that the listed backends exist.
Closes #13168
- docs/libcurl: cleanups
- CURLINFO_TLS_SESSION.md: remove mention of NSS
- CURLINFO_TLS_SSL_PTR.md: remove NSS leftover
- CURLOPT_CAINFO.md: drop mention of backends not supporting this
- CURLOPT_CAPATH.md: wolfSSL also supports this
Closes #13166
- docs: make each libcurl man specify protocol(s)
The mandatory header now has a mandatory list of protocols for which the
manpage is relevant.
Most man pages already has a "PROTOCOLS" section, but this introduces a
stricter way to specify the relevant protocols.
cd2nroff verifies that at least one protocol is mentioned (which can be
`*`).
This information is not used just yet, but A) the PROTOCOLS section can
now instead get generated and get a unified wording across all manpages
and B) this allows us to more reliably filter/search for protocol
specific manpages/options.
Closes #13166
Stefan Eissing (21 Mar 2024)
- http2, http3: only return CURLE_PARTIAL_FILE when bytes were received
- should resolve spurious pytest failures when stream were reset
right after response header were received
Clsoes #13151
- http: separate response parsing from response action
- move code that triggers on end-of-response into separate function from
parsing
- simplify some headp/headerlen usage
- add `httpversion` to SingleRequest to indicate the version of the
current response
Closes #13134
Daniel Stenberg (21 Mar 2024)
- http2: remove the third (unused) argument from http2_data_done()
Closes #13154
- RELEASE-NOTES: synced
Evgeny Grin (Karlson2k) (21 Mar 2024)
- RELEASE-NOTES: corrected
Corrected link for item 118
Closes #13157
Daniel Stenberg (19 Mar 2024)
- CURLOPT_INTERFACE.md: remove spurious amp, add see-also
Closes #13149
Stefan Eissing (19 Mar 2024)
- http: improve response header handling, save cpu cycles
Saving some cpu cycles in http response header processing:
- pass the length of the header line along
- use string constant sizeof() instead of strlen()
- check line length if prefix is possible
- switch on first header char to limit checks
Closes #13143
Daniel Stenberg (19 Mar 2024)
- tool_getparam: accept a blank -w ""
Added test 468 to verify.
Regression from 07bcae89d5d00 (shipped in 8.6.0)
Reported-by: Thomas Pyle
Fixes #13144
Closes #13145
Evgeny Grin (Karlson2k) (18 Mar 2024)
- curl_sha512_256: work around a NetBSD bug
Based on Michael Kaufmann analysis and suggestion
Closes #13133
Stefan Eissing (18 Mar 2024)
- http: expect 100 rework
Move all handling of HTTP's `Expect: 100-continue` feature into a client
reader. Add sending flag `KEEP_SEND_TIMED` that triggers transfer
sending on general events like a timer.
HTTP installs a `CURL_CR_PROTOCOL` reader when announcing `Expect:
100-continue`. That reader works as follows:
- on first invocation, records time, starts the `EXPIRE_100_TIMEOUT`
timer, disables `KEEP_SEND`, enables `KEEP_SEND_TIMER` and returns 0,
eos=FALSE like a paused upload.
- on subsequent invocation it checks if the timer has expired. If so, it
enables `KEEP_SEND` and switches to passing through reads to the
underlying readers.
Transfer handling's `readwrite()` will be invoked when a timer expires
(like `EXPIRE_100_TIMEOUT`) or when data from the server arrives. Seeing
`KEEP_SEND_TIMER`, it will try to upload more data, which triggers
reading from the client readers again. Which then may lead to a new
pausing or cause the upload to start.
Flags and timestamps connected to this have been moved from
`SingleRequest` into the reader's context.
Closes #13110
- mbedtls: fix pytest for newer versions
Fix the expectations in pytest for newer versions of mbedtls
Closes #13132
Daniel Stenberg (15 Mar 2024)
- ipv6.md: mention IPv4 mapped addresses
Reported-by: Josh Soref
Assisted-by: Jay Satiro
Fixes #13112
Closes #13131
Stefan Eissing (15 Mar 2024)
- http: revisit http_perhapsrewind()
- use facilities provided by client readers better
- work also for non-uploading requests like GET/HEAD
- update documentation
Closes #13117
- test 1541: verify getinfo values on first header callback
Reported-by: chensong1211 on github
Ref: #13125
Closes #13128
- TLS: start shutdown only when peer did not already close
- When curl sees a TCP close from the peer, do not start a TLS shutdown.
TLS shutdown is a handshake and if the peer already closed the
connection, it is not interested in participating.
Reported-by: dfdity on github
Assisted-by: Jiří Bok
Assisted-by: Pēteris Caune
Fixes #10290
Closes #13087
Daniel Stenberg (14 Mar 2024)
- RELEASE-NOTES: synced
- curl: make --libcurl output better CURLOPT_*SSLVERSION
The option is really two enums ORed together, so it needs special
attention to make the code output nice.
Added test 1481 to verify. Both the server and the proxy versions.
Reported-by: Boris Verkhovskiy
Fixes #13127
Closes #13129
- GHA/linux: add sysctl trick to work-around GitHub runner issue
The GitHub image runner update from 20240304.1.0 to 20240310.1
introduces a problem for clang-14. The issue is caused by
incompatibility between llvm 14 provided in ubuntu-22.04 image and the
much newer kernel configured with high-entropy ASLR.
As a work-around, we issue a sysctl command to lower the entropy and get
clang-14 to work again.
URL: https://github.com/actions/runner-images/issues/9491
Closes #13124
- SPONSORS: describe the basics
Closes #13119
- GOVERNANCE: document the core team
Closes #13118
Jay Satiro (13 Mar 2024)
- vquic-tls: fix the error code returned for bad CA file
- Return CURLE_SSL_CACERT_BADFILE if wolfSSL encounters a problem
reading the cert file or path.
This is a follow-up to the parent commit aedbbdf1.
Reported-by: Karthikdasari0423@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/13115
Daniel Stenberg (12 Mar 2024)
- vquic-tls: return appropirate errors on wolfSSL errors
Reported-by: Dexter Gerig
Closes #13107
Viktor Szakats (12 Mar 2024)
- tidy-up: one comment and EOF newlines
Reviewed-by: Daniel Stenberg
Closes #13108
Daniel Stenberg (12 Mar 2024)
- cmdline-opts: language cleanups
Use imperative mood consistently for the first sentence describing an
option.
"Set this" instead "tell curl to set" or "this sets..."
Plus some extra cleanups and rephrasing.
Closes #13106
- managen: remove space before protocols
For options that are listed for specific protocols, the protocols (shown
first within parentheses) are now output without the leading space in the
manpage output.
Closes #13105
Jay Satiro (12 Mar 2024)
- mbedtls: properly cleanup the thread-shared entropy
- Store the state of the thread-shared entropy for global init/cleanup.
- Use curl's thread support of mbedtls for all Windows builds instead of
just when the threaded resolver is used via USE_THREADS_WIN32.
Prior to this change on global cleanup curl builds that have curl thread
support for mbedtls freed the entropy (8b1d2298) but failed to mark that
it had been freed, which caused problems on subsequent init + transfer.
Bug: https://github.com/curl/curl/discussions/11919#discussioncomment-8687105
Reported-by: awesomekosm@users.noreply.github.com
Closes https://github.com/curl/curl/pull/13071
Daniel Stenberg (12 Mar 2024)
- tool_getparam: handle non-existing (out of range) short-options
... correctly, even when they follow an existing one without a space in
between.
Verify with test 467
Follow-up to 07dd60c05b
Reported-by: Geeknik Labs
Fixes #13101
Closes #13102
Stefan Eissing (11 Mar 2024)
- lib: move 'done' parameter to SingleRequests
A transfer may do several `SingleRequest`s for its success. This happens
regularly for authentication, follows and retries on failed connections.
The "readwrite()" calls and functions connected to those carried a `bool
*done` parameter to indicate that the current `SingleRequest` is over.
This may happen before `upload_done` or `download_done` bits of
`SingleRequest` are set.
The problem with that is now `write_resp()` protocol handlers are
invoked in places where the `bool *done` cannot be passed up to the
caller. Instead of being a bool in the call chain, it needs to become a
member of `SingleRequest`, reflecting its state.
This removes the `bool *done` parameter and adds the `done` bit to
`SingleRequest` instead. It adds `Curl_req_soft_reset()` for using a
`SingleRequest` in a follow up, clearing `done` and other
flags/counters.
Closes #13096
- request: clarify message when request has been sent off
Change the "uploaded and fine" message for requests without a body
Reported-by: Karthikdasari0423 on github
Fixes #13093
Closes #13095
Daniel Stenberg (11 Mar 2024)
- RELEASE-NOTES: synced
Stefan Eissing (9 Mar 2024)
- lib: keep conn IP information together
new struct ip_quadruple for holding local/remote addr+port
- used in data->info and conn and cf-socket.c
- copy back and forth complete struct
- add 'secondary' to conn
- use secondary in reporting success for ftp 2nd connection
Reported-by: DasKutti on github
Fixes #13084
Closes #13090
Daniel Stenberg (8 Mar 2024)
- scripts/managen: the new name and home for the manpage generator
It was previously docs/cmdline-opts/gen.pl
Closes #13089
- VULN-DISCLOSURE-POLICY.md: update detail about CVE requests
curl is a CNA now
Closes #13088
Stefan Eissing (8 Mar 2024)
- lib: client reader polish
- seek_func/seek_client, use transfer values only
- remove copies held in `struct connectdata`, use only
ever `data->set.seek_func`
- resolves possible issues in multiuse connections
- new mime post reader eliminates need to ever overwriting this
- websockets, remove empty Curl_ws_done() function
Closes #13079
Marcel Raad (8 Mar 2024)
- lib1598: fix `CURLOPT_POSTFIELDSIZE` usage
It requires a `long` argument.
Closes https://github.com/curl/curl/pull/13085
Daniel Stenberg (8 Mar 2024)
- docs/cmdline-opts: drop the curl.1 from the dist tarball
Since it is no longer needed for building tool_hugehelp.c and all the
docs is available in readable markdown format in the tarball, the peeps
that don't want to build the manpage still do good.
Removing it also fixes the complexity of out-of-tree builds when the
curl.1 exists in the source tree.
- test1140/1173: extend wildcards to find curl.1
... in its new build path.
Also update the test scripts to be more precise in error messages to
help us understand CI errors better.
Follow-up to f03c85635f35269f1
Ref: #13029
Closes #13083
- http2: minor tweaks to optimize two struct sizes
- use BIT() instead of bool
- place the struct fields in (roughly) size order
Closes #13082
- buildconf.bat: remove outdated groff/nroff use
- don't try to generate the real hugehelp file, because it requires
curl.txt which needs a build
- don't attempt to do anything in a c-ares subdirectory
Follow-up to f03c85635f35269
Closes #13078
- http2: memory errors in the push callbacks are fatal
Use the correct nghttp2 error code accordingly.
Closes #13081
Viktor Szakats (7 Mar 2024)
- mkhelp: rename variable to fix compiler warnings
```
src\tool_operate.c(541,33): warning C4459: declaration of 'm' hides global de
claration [_bld\src\curl.vcxproj]
_bld\src\tool_hugehelp.c(8,27):
see declaration of 'm'
src\tool_paramhlp.c(307,14): warning C4459: declaration of 'm' hides global d
eclaration [_bld\src\curl.vcxproj]
src\tool_progress.c(118,16): warning C4459: declaration of 'm' hides global d
eclaration [_bld\src\curl.vcxproj]
src\tool_writeout.c(288,31): warning C4459: declaration of 'm' hides global d
eclaration [_bld\src\curl.vcxproj]
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/49348159/job/51ee75c
d2n0wj6lc#L614
Reviewed-by: Daniel Stenberg
Closes #13077
Daniel Stenberg (7 Mar 2024)
- KNOWN_BUGS: POP3 issue when reading small chunks
Closes #12063
- RELEASE-NOTES: synced
Robert Moreton (7 Mar 2024)
- asyn-ares: fix data race warning
- Store the c-ares version during global init.
Prior to this change several threads could write the same data to a
static int variable at the same time. Though in practice it's not a
problem ThreadSanitizer may warn.
Reported-by: Nikita Taranov
Assisted-by: Jay Satiro
Fixes #13065
Closes #13000
Stefan Eissing (7 Mar 2024)
- hyper: implement unpausing via client reader
Just a tidy up to contain 'ifdef' pollution of common
code parts with implementation specifics.
- remove the ifdef hyper unpausing in easy.c
- add hyper client reader for CURL_CR_PROTOCOL phase
that implements the unpause method for calling
the hyper waker if it is set
Closes #13075
- ngtcp2: no recvbuf for stream
- write response data directly to the transfer via
`Curl_xfer_write_resp()` like we do in HTTP/2.
Closes #13073
- docs/cmdline-opts/.gitignore: ignore curl.txt
Closes #13076
Evgeny Grin (Karlson2k) (7 Mar 2024)
- sha512_256: add support for GnuTLS and OpenSSL
This is a follow-up for PR #12897.
Add support for SHA-512/256 digest calculation by TLS backends.
Currently only OpenSSL and GnuTLS (actually, nettle) support
SHA-512/256.
Closes #13070
- digest: add check for hashing error
Closes #13072
Viktor Szakats (7 Mar 2024)
- cmake: enable `ENABLE_CURL_MANUAL` by default
Meaning `curl.1` and `src/tool_hugehelp.c` are built by default,
and `--manual` in curl tool is also enabled by default.
This syncs behaviour with autotools.
For a reproducible `curl.1`, `SOURCE_DATE_EPOCH` needs to be set
to a consistent date, e.g. the timestamp of `CHANGES`.
A pre-built manual (e.g. the one distributed in the official source
tarball) will be ignored and rebuilt after this patch, unless
explicitly disabling this option.
Fixes #13028
Closes #13069
Stefan Eissing (7 Mar 2024)
- http2: push headers better cleanup
- provide common cleanup method for push headers
Closes #13054
Daniel Stenberg (7 Mar 2024)
- GIT-INFO: convert to markdown
Closes #13074
Richard Levitte (7 Mar 2024)
- cmake: fix libcurl.pc and curl-config library specifications
Letting CMake figure out where libraries are located gives you full
paths. When generating libcurl.pc and curl-config, getting libraries as
full paths is unusual when one expects to get a list of -l<libname>.
To meet expectations, an effort is made to convert the full paths into
-l<libname>, possibly with -L<libdir> before it.
Fixes #6169
Fixes #12748
Closes #12930
Daniel Stenberg (7 Mar 2024)
- test463: HTTP with -d @file with file containing CR, LF and null byte
- paramhlp: fix CRLF-stripping files with "-d @file"
All CR and LF bytes should be stripped, as documented, and all other
bytes are inluded in the data. Starting now, it also excludes null bytes
as they would otherwise also cut the data short.
Reported-by: Simon K
Fixes #13063
Closes #13064
Viktor Szakats (7 Mar 2024)
- cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled
Prior to this change `CURL_WINDOWS_SSPI` was accidentally forced `OFF`
when building without the Schannel TLS backend.
This in turn may have caused Kerberos, SPNEGO and SSPI features
disappearing even with `CURL_WINDOWS_SSPI=ON` set.
This patch fixes it by using the `CURL_USE_SCHANNEL` setting as a
default for `CURL_WINDOWS_SSPI`, but allowing a manual override.
Also update the option text to better tell its purpose.
Thanks-to: Andreas Loew
Reviewed-by: Daniel Stenberg
Ref: #13056
Closes #13061
Jay Satiro (6 Mar 2024)
- KNOWN_BUGS: FTPS server compatibility on Windows with Schannel
- Remove "2.12 FTPS with Schannel times out file list operation"
- Remove "7.12 FTPS directory listing hangs on Windows with Schannel"
- Add "7.12 FTPS server compatibility on Windows with Schannel"
This change adds a more generic bug description that explains FTPS with
the latest curl and Schannel is not widely used and may have more bugs
than other TLS backends.
The two removed FTPS Schannel bugs can't be reproduced any longer and
were likely fixed by 24d6c288.
Ref: https://github.com/curl/curl/issues/5284
Ref: https://github.com/curl/curl/issues/9161
Ref: https://github.com/curl/curl/issues/12894
Closes https://github.com/curl/curl/pull/13032
- trace-config.md: remove the mutexed options list
- Remove the rendered manpage message that says:
"[--trace-config] is mutually exclusive to --trace and -v, --verbose".
Actually it can be used with either of those options, which are mutually
exclusive to each other but not to --trace-config.
Ref: https://curl.se/docs/manpage.html#--trace-config
Closes https://github.com/curl/curl/pull/13031
Daniel Stenberg (6 Mar 2024)
- mkhelp: simplify the generated hugehelp program
Use a plain array and puts() every line, also allows us to provide the
strings without ending newlines.
- merge blank lines into the next one as a prefixed newline.
- turn eight consecutive spaces into a tab (since they can only be on the
left side of text)
- the newly generated tool_hugehelp is 3K lines shorter and 50K smaller
- modifies the top logo layout a little by reducing the indent
Closes #13047
- docs: ascii version of manpage without nroff
Create ASCII version of manpage without nroff
- build src/tool_hugegelp.c from the ascii manpage
- move the the manpage and the ascii version build to docs/cmdline-opts
- remove all use of nroff from the build process
- should make the build entirely reproducible (by avoiding nroff)
- partly reverts 2620aa9 to build libcurl option man pages one by one
in cmake because the appveyor builds got all crazy until I did
The ASCII version of the manpage
- is built with gen.pl, just like the manpage is
- has a right-justified column making the appearance similar to the previous
version
- uses a 4-space indent per level (instead of the old version's 7)
- does not do hyphenation of words (which nroff does)
History
We first made the curl build use nroff for building the hugehelp file in
December 1998, for curl 5.2.
Closes #13047
Stefan Eissing (6 Mar 2024)
- lib: add `void *ctx` to reader/writer instances
- `struct Curl_cwriter` and `struct Curl_creader` now carry a
`void *ctx` member that points to the instance as allocated.
- using `r->ctx` and `w->ctx` as pointer to the instance specific
struct that has been allocated
Reported-by: Rudi Heitbaum
Fixes #13035
Closes #13059
- http: fix dead code in setting post client reader
- postsize was always 0, thus the check's else never happened
after the mime client reader was introduced
Follow-up to 0ba47146f7ff3d
Closes #13060
- http2: fix push discard
- fix logic in discarding a failed pushed stream so that
stream context is properly cleaned up
Closes #13055
- transfer.c: break receive loop in speed limited transfers
- the change breaks looping in transfer.c receive for transfers that are
speed limited on having gotten *some* bytes.
- the overall speed limit timing is done in multi.c
Reported-by: Dmitry Karpov
Bug: https://curl.se/mail/lib-2024-03/0001.html
Closes #13050
- mime: add client reader
Add `mime` client reader. Encapsulates reading from mime parts, getting
their length, rewinding and unpausing.
- remove special mime handling from sendf.c and easy.c
- add general "unpause" method to client readers
- use new reader in http/imap/smtp
- make some mime functions static that are now only used internally
In addition:
- remove flag 'forbidchunk' as no longer needed
Closes #13039
Daniel Stenberg (5 Mar 2024)
- RELEASE-NOTES: synced
- TODO: remove "build HTTP/3 with OpenSSL and nghttp3 using cmake"
Follow-up to 8e741644a229c37
Tal Regev (5 Mar 2024)
- cmake: add USE_OPENSSL_QUIC support
Closes #13034
Stefan Eissing (5 Mar 2024)
- TIMER_STARTTRANSFER: set the same for everyone
- set TIMER_STARTTRANSFER on seeing the first response bytes
in the download client writer, not coming from a CONNECT
- initialized the timer the same way for all protocols
- remove explicit setting of TIMER_STARTTRANSFER in file.c
and c-hyper.c
Closes #13052
Michael Kaufmann (5 Mar 2024)
- http: better error message for HTTP/1.x response without status line
If a response without a status line is received, and the connection is
known to use HTTP/1.x (not HTTP/0.9), report the error "Invalid status
line" instead of "Received HTTP/0.9 when not allowed".
Closes #13045
Viktor Szakats (5 Mar 2024)
- KNOWN_BUGS: fix typo
Reviewed-by: Daniel Stenberg
Closes #13051
Sebastian Neubauer (5 Mar 2024)
- smpt: fix starttls
In cases where the connection was fast, curl sometimes failed to open a
connection. This fixes a regression of c2d973627bab12abc5486a3f3.
The regression triggered in these steps:
1. Create an smtp connection
2. Use STARTTLS
3. Receive the response
4. We are inside the loop in `smtp_statemachine`, calling
`smtp_state_starttls_resp`
5. In the good flow, we exit the loop, re-enter `smtp_statemachine` and
run `smtp_perform_upgrade_tls` at the start of the function.
In the bad flow, we stay in the while loop, calling
`Curl_pp_readresp`, which reads part of the TLS handshake and things
go wrong.
The reason is that `Curl_pp_moredata` changed behavior and always
returns `true`, so we stay in the loop in `smtp_statemachine`. With a
slow connection `Curl_pp_readresp` cannot read new data and returns
`CURL_AGAIN`, so we leave the loop and re-enter `smtp_statemachine`.
With a fast connection, `Curl_pp_readresp` reads new data from the tcp
connection, which is part of the TLS handshake.
The fix is in `Curl_pp_moredata`, which needs to take the final line
into account and return `false` if only the final line is stored.
Closes #13048
Stefan Eissing (5 Mar 2024)
- lib: enhance client reader resume + rewind
- update client reader documentation
- client reader, add rewind capabilities
- tell creader to rewind on next start
- Curl_client_reset() will keep reader for future rewind if requested
- add Curl_client_cleanup() for freeing all resources independent of
rewinds
- add Curl_client_start() to trigger rewinds
- move rewind code from multi.c to sendf.c and make part of
"cr-in"'s implementation
- http, move the "resume_from" handling into the client readers
- the setup of a HTTP request is reshuffled to follow:
* determine method, target, auth negotiation
* install the client reader(s) for the request, including crlf
conversions and "chunked" encoding
* apply ranges to client reader
* concat request headers, upgrades, cookies, etc.
* complete request by determining Content-Length of installed
readers in combination with method
* send
- add methods for client readers to
* return the overall length they will generate (or -1 when unknown)
* return the amount of data on the CLIENT level, so that
expect-100 can decide if it want to apply itself
* set a "resume_from" offset or fail if unsupported
- struct HTTP has become largely empty now
- rename `Client_reader_*` to `Curl_creader_*`
Closes #13026
Viktor Szakats (5 Mar 2024)
- openssl-quic: fix BIO leak and Windows warning
Caused by an accidentally duplicated line in
d6825df334def106f735ce7e0c1a2ea87bddffb0.
```
.../lib/vquic/curl_osslq.c:1095:30: warning: implicit conversion loses intege
r precision: 'curl_socket_t' (aka 'unsigned long long') to 'int' [-Wshorten-6
4-to-32]
1095 | bio = BIO_new_dgram(ctx->q.sockfd, BIO_NOCLOSE);
| ~~~~~~~~~~~~~ ~~~~~~~^~~~~~
1 warning and 2 errors generated.
```
Reviewed-by: Stefan Eissing
Closes #13043
- openssl-quic: fix unity build, casing, indentation
- rename static functions to avoid duplicate symbols in unity mode.
- windows -> Windows/window in error message and comment.
- fix indentation.
Reviewed-by: Stefan Eissing
Closes #13044
Daniel Stenberg (5 Mar 2024)
- gen.pl: make the "manpageification" faster
The function that replaces occurances of "--longoption" with "-Z,
--longoption" etc with the proper highlight applied, no longer loops
over the options.
Closes #13041
- CONTRIBUTE: update the section on documentation format
... since most of it is markdown now.
Closes #13046
- smtp: free a temp resource
The returned address needs to be freed.
Follow-up to e3905de8196d67b89df1602feb84c1f993211b20
Spotted by Coverity
Closes #13038
- _VARIABLES.md: improve the description
Closes #13040
dependabot[bot] (4 Mar 2024)
- build(deps): bump fsfe/reuse-action from 2 to 3
Bumps [fsfe/reuse-action](https://github.com/fsfe/reuse-action) from 2 to 3.
- [Release notes](https://github.com/fsfe/reuse-action/releases)
- [Commits](https://github.com/fsfe/reuse-action/compare/v2...v3)
---
updated-dependencies:
- dependency-name: fsfe/reuse-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Stefan Eissing (4 Mar 2024)
- pytest: adapt to API change
- pytest has changed the signature of the hook pytest_report_header()
for some obscure reason and that change landed in our CI now
- remove the changed param that we never used anyway
Closes #13037
Daniel Stenberg (4 Mar 2024)
- cookie: if psl fails, reject the cookie
A libpsl install without data and no built-in database is now considered
bad enough to reject all cookies since they cannot be checked. It is
somewhat of a user error, but still.
Reported-by: Dan Fandrich
Closes #13033
Stefan Eissing (4 Mar 2024)
- lib: further send/upload handling polish
- Move all the "upload_done" handling to request.c
- add possibility to abort sending of a request
- add `Curl_req_done_sending()` for checks
- transfer.c: readwrite_upload() now clean
- removing data->state.ulbuf and data->req.upload_fromhere
- as well as data->req.upload_present
- set data->req.upload_done on having read all from
the client and completely flushed the send buffer
- tftp, remove setting of data->req.upload_fromhere
- serves no purpose as `upload_present` is not set
and the data itself is directly `sendto()` anyway
- smtp, make upload EOB conversion a client reader
- xfer_ulbuf addition
- add xfer_ulbuf for borrowing, similar to xfer_buf
- use in file upload
- use in c-hyper body sending
- h1-proxy, remove init of data->state.uilbuf that is never used
- smb, add own send_buf instead of using data->state.ulbuf
Closes #13010
Daniel Stenberg (4 Mar 2024)
- RELEASE-NOTES: synced
kpcyrd (3 Mar 2024)
- rustls: fix two warnings related to number types
Reported-by: Gisle Vanem
Follow-up to #12989
Closes #13017
Stefan Eissing (3 Mar 2024)
- bufq: writing into a softlimit queue cannot be partial
- when unable to obtain a new chunk on a softlimit bufq,
this is an allocation error and needs to be reported as
such.
- writes into a soflimit bufq never must be partial success
Reported-by: Dan Fandrich
Fixes #13020
Closes #13023
Dan Fandrich (2 Mar 2024)
- configure: Don't build shell completions when disabled
With the recent changes to completion file building, the files were
built always and only installation was selectively disabled. Now, when
they are disabled they aren't even built, avoiding a build-time error in
environments where it's not possible to run the curl binary that was
just created (e.g. if library paths were not set up correctly).
Follow-up to 0f7aba83c
Reported-by: av223119 on github
Fixes #13027
Closes #13030
Jay Satiro (2 Mar 2024)
- cmdline-opts/_EXITCODES: sync with libcurl-errors
- Add error code 100 (CURLE_TOO_LARGE) to the list of error codes that
can be returned by the curl tool.
Closes https://github.com/curl/curl/pull/13015
Stefan Eissing (1 Mar 2024)
- hyper: disable test1598 due to lack of trailer support
Follow-up to 50838095
Closes #13016
Dan Fandrich (1 Mar 2024)
- ftp: Mark a const buffer as const
- appveyor: Properly skip if only CircleCI is changed
- docs: Update minimal binary size in INSTALL.md
Include more options to reduce binary size.
- configure: Don't make shell completions without perl
The code that attempted to skip building the shell completions didn't
work properly and tried to build them even if perl wasn't available.
This step, as well as the install step, is now properly skipped without
perl.
Follow-up to 89733e2dd
Closes #13022
RainRat (1 Mar 2024)
- misc: Fix typos in docs and lib
This fixes miscellaneous typos and duplicated words in the docs, lib
and test comments and a few user facing errorstrings.
Author: RainRat on Github
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Dan Fandrich <dan@coneharvesters.com>
Closes: #13019
Dan Fandrich (29 Feb 2024)
- configure: build & install shell completions when enabled
The --with-fish-functions-dir and --with-zsh-functions-dir options
currently have no effect on a normal build because the scripts/ directory
where they're used is not built. Add scripts/ to a normal build and
change the completion options to default to off to preserve the existing
behaviour.
Closes: #12906
- github/labeler: improve the match patterns
Stefan Eissing (28 Feb 2024)
- tests: add test1598 for POST with trailers
- test POST fields with trailers and chunked encoding
Ref: #12938
Closes #13009
Daniel Stenberg (28 Feb 2024)
- cmdline-opts/_VERSION: provide %VERSION correctly
... so that it does not get included verbatim in the output. Fixes a
regression shipped in 8.6.0.
Also fix a format mistake in form.md
Closes #13008
Stefan Eissing (28 Feb 2024)
- lib: Curl_read/Curl_write clarifications
- replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to
clarify when and at what level they operate
- send/recv of transfer related data is now done via
`Curl_xfer_send()/Curl_xfer_recv()` which no longer has
socket/socketindex as parameter. It decides on the transfer
setup of `conn->sockfd` and `conn->writesockfd` on which
connection filter chain to operate.
- send/recv on a specific connection filter chain is done via
`Curl_conn_send()/Curl_conn_recv()` which get the socket index
as parameter.
- rename `Curl_setup_transfer()` to `Curl_xfer_setup()` for
naming consistency
- clarify that the special CURLE_AGAIN hangling to return
`CURLE_OK` with length 0 only applies to `Curl_xfer_send()`
and CURLE_AGAIN is returned by all other send() variants.
- fix a bug in websocket `curl_ws_recv()` that mixed up data
when it arrived in more than a single chunk (to be made
into a sperate PR, also)
Added as documented [in
CLIENT-READER.md](https://github.com/curl/curl/blob/5b1f31dfbab8aef467c419c68
aa06dc738cb75d4/docs/CLIENT-READERS.md).
- old `Curl_buffer_send()` completely replaced by new `Curl_req_send()`
- old `Curl_fillreadbuffer()` replaced with `Curl_client_read()`
- HTTP chunked uploads are now formatted in a client reader added when
needed.
- FTP line-end conversions are done in a client reader added when
needed.
- when sending requests headers, remaining buffer space is filled with
body data for sending in "one go". This is independent of the request
body size. Resolves #12938 as now small and large requests have the
same code path.
Changes done to test cases:
- test513: now fails before sending request headers as this initial
"client read" triggers the setup fault. Behaves now the same as in
hyper build
- test547, test555, test1620: fix the length check in the lib code to
only fail for reads *smaller* than expected. This was a bug in the
test code that never triggered in the old implementation.
Closes #12969
Daniel Gustafsson (28 Feb 2024)
- curldown: Fix email address in Copyright
The curldown conversion accidentally replaced daniel@haxx.se with
just daniel.se. This reverts back to the proper email address in
the curldown docs as well as in a few other stray places where it
was incorrect (while unrelated to curldown).
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Closes: #12997
Daniel Stenberg (28 Feb 2024)
- getparam: make --ftp-ssl work again
Follow-up to 9e4e527 which accidentally broke it
Reported-by: Jordan Brown
Fixes #13006
Closes #13007
- KNOWN_BUGS: IMAPS connection fails with rustls error
Closes #10457
- KNOWN_BUGS: FTPS upload, FileZilla, GnuTLS and close_notify
Closes #11383
- KNOWN_BUGS: Implicit FTPS upload timeout
Closes #11720
- KNOWN_BUGS: HTTP/2 prior knowledge over proxy
Closes #12641
- TODO: build HTTP/3 with OpenSSL and nghttp3 using cmake
Closes #12988
- TODO: Select signature algorithms
Closes #12982
- examples: use present tense in comments
remove "will" and some other word fixes
Closes #13003
- docs: more language cleanups
- present tense
- avoid bad words
Closes #13003
Daniel Gustafsson (27 Feb 2024)
- setopt: Fix disabling all protocols
When disabling all protocols without enabling any, the resulting
set of allowed protocols remained the default set. Clearing the
allowed set before inspecting the passed value from --proto make
the set empty even in the errorpath of no protocols enabled.
Co-authored-by: Dan Fandrich <dan@telarity.com>
Reported-by: Dan Fandrich <dan@telarity.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Closes: #13004
Andreas Kiefer (27 Feb 2024)
- fopen: fix narrowing conversion warning on 32-bit Android
This was fixed in commit 06dc599405f, but came back in commit
03cb1ff4d62.
When building for 32-bit ARM or x86 Android, `st_mode` is defined as
`unsigned int` instead of `mode_t`, resulting in a
`-Wimplicit-int-conversion` clang warning because `mode_t` is
`unsigned short`. Add a cast to silence the warning, but only for
32-bit Android builds, because other architectures and platforms are
not affected.
Ref: https://android.googlesource.com/platform/bionic/+/refs/tags/ndk-r25c/li
bc/include/sys/stat.h#86
Closes https://github.com/curl/curl/pull/12998
Stefan Eissing (27 Feb 2024)
- lib: Curl_read/Curl_write clarifications
- replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to
clarify when and at what level they operate
- send/recv of transfer related data is now done via
`Curl_xfer_send()/Curl_xfer_recv()` which no longer has
socket/socketindex as parameter. It decides on the transfer
setup of `conn->sockfd` and `conn->writesockfd` on which
connection filter chain to operate.
- send/recv on a specific connection filter chain is done via
`Curl_conn_send()/Curl_conn_recv()` which get the socket index
as parameter.
- rename `Curl_setup_transfer()` to `Curl_xfer_setup()` for
naming consistency
- clarify that the special CURLE_AGAIN hangling to return
`CURLE_OK` with length 0 only applies to `Curl_xfer_send()`
and CURLE_AGAIN is returned by all other send() variants.
- fix a bug in websocket `curl_ws_recv()` that mixed up data
when it arrived in more than a single chunk
The method for sending not just raw bytes, but bytes that are either
"headers" or "body". The send abstraction stack, to to bottom, now is:
* `Curl_req_send()`: has parameter to indicate amount of header bytes,
buffers all data.
* `Curl_xfer_send()`: knows on which socket index to send, returns
amount of bytes sent.
* `Curl_conn_send()`: called with socket index, returns amount of bytes
sent.
In addition there is `Curl_req_flush()` for writing out all buffered
bytes.
`Curl_req_send()` is active for requests without body,
`Curl_buffer_send()` still being used for others. This is because the
special quirks need to be addressed in future parts:
* `expect-100` handling
* `Curl_fillreadbuffer()` needs to add directly to the new
`data->req.sendbuf`
* special body handlings, like `chunked` encodings and line end
conversions will be moved into something like a Client Reader.
In functions of the pattern `CURLcode xxx_send(..., ssize_t *written)`,
replace the `ssize_t` with a `size_t`. It makes no sense to allow for negativ
e
values as the returned `CURLcode` already specifies error conditions. This
allows easier handling of lengths without casting.
Closes #12964
Daniel Stenberg (27 Feb 2024)
- multi: make add_handle free any multi_easy
If the easy handle that is being added to a multi handle has previously
been used for curl_easy_perform(), there is a private multi handle here
that we can kill off. While it flushes some caches etc for the easy
handle would it be used for an easy interface transfer again after being
used in the multi stack, this cleanup simplifies behavior and uses less
memory.
Closes #12992
- docs: use present tense
avoid "will", detect "will" as a bad word in the CI
Also line wrapped a bunch of paragraphs
Closes #13001
- CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return
... and cleanup other language.
Closes #12999
Stefan Eissing (27 Feb 2024)
- lib: send rework
Curl_read/Curl_write clarifications
- replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to 1clarify
when and at what level they operate
- send/recv of transfer related data is now done via
`Curl_xfer_send()/Curl_xfer_recv()` which no longer has
socket/socketindex as parameter. It decides on the transfer setup of
`conn->sockfd` and `conn->writesockfd` on which connection filter
chain to operate.
- send/recv on a specific connection filter chain is done via
`Curl_conn_send()/Curl_conn_recv()` which get the socket index as
parameter.
- rename `Curl_setup_transfer()` to `Curl_xfer_setup()` for naming
consistency
- clarify that the special CURLE_AGAIN handling to return `CURLE_OK`
with length 0 only applies to `Curl_xfer_send()` and CURLE_AGAIN is
returned by all other send() variants.
SingleRequest reshuffling
- move functions into request.[ch]
- differentiate between reset and free
- add Curl_req_done() to perform last actions
- add a send `bufq` to SingleRequest for future use in keeping upload data
Closes #12963
Daniel Stenberg (26 Feb 2024)
- RELEASE-NOTES: synced
- http_chunks: remove unused 'endptr' variable
Closes #12996
Louis Solofrizzo (26 Feb 2024)
- lib: initialize output pointers to NULL before calling strto[ff,l,ul]
In order to make MSAN happy:
==2200945==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x596f3b3ed246 in curlx_strtoofft [...]/libcurl/src/lib/strtoofft.c:23
9:11
#1 0x596f3b402156 in Curl_httpchunk_read [...]/libcurl/src/lib/http_chunk
s.c:149:12
#2 0x596f3b348550 in readwrite_data [...]/libcurl/src/lib/transfer.c:607:
11
[...]
==2202041==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x5a3fab66a72a in Curl_parse_port [...]/libcurl/src/lib/urlapi.c:547:8
#1 0x5a3fab650645 in parse_authority [...]/libcurl/src/lib/urlapi.c:796:1
2
#2 0x5a3fab6740f6 in parseurl [...]/libcurl/src/lib/urlapi.c:1176:16
#3 0x5a3fab664fc5 in parseurl_and_replace [...]/libcurl/src/lib/urlapi.c:
1342:12
[...]
==2202320==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x569076a0d6b0 in ipv4_normalize [...]/libcurl/src/lib/urlapi.c:683:12
#1 0x5690769f2820 in parse_authority [...]/libcurl/src/lib/urlapi.c:803:1
0
#2 0x569076a160f6 in parseurl [...]/libcurl/src/lib/urlapi.c:1176:16
#3 0x569076a06fc5 in parseurl_and_replace [...]/libcurl/src/lib/urlapi.c:
1342:12
[...]
Signed-off-by: Louis Solofrizzo <lsolofrizzo@scaleway.com>
Closes #12995
Stefan Eissing (26 Feb 2024)
- lib: move client writer into own source
Refactoring of the client writer that passes the data to the
client/application's callback functions.
- split out into own source cw-out.[ch] from sendf.c
- move tempwrite and tempcount from data->state into the context of the
client writer
- redesign the 3 tempwrite dynbufs as a linked list of dynbufs. On
paused transfers, this allows to "record" interleaved HEADER/BODY
chunks to be "played back" in the same order on unpausing.
- keep the overall size limit of all buffered data to DYN_PAUSE_BUFFER.
On exceeding that, return CURLE_TOO_LARGE instead of
CURLE_OUT_OF_MEMORY as before.
- add method to be called when a transfer is DONE to allow writing of
any data still buffered
- when paused, record HEADER writes exactly as they come for later
playback. HEADERs are documented to be written one-by-one.
Closes #12898
- urldata: move authneg bit from conn to Curl_easy
- from `conn->bits.authneg` to `data->req.authneg`
- this is a property of the request about to be made
and not a property of the connection
- in multiuse connections, transfer could step on each others
toes here potentially.
Closes #12949
- c-hyper: add header collection writer in hyper builds
Closes #12880
- http: move headers collecting to writer
- add a client writer that does "push" response
headers written to the client if the headers api
is enabled
- remove special handling in sendf.c
- needs to be installed very early on connection
setup to catch CONNECT response headers
Closes #12880
- sendf: Curl_client_write(), make passed in buf const
Michał Antoniak (26 Feb 2024)
- lib: remove curl_mimepart object when CURL_DISABLE_MIME
Remove curl_mimepart object from UserDefined structure when
CURL_DISABLE_MIME flag is active. Reduce size of UserDefined structure.
Also remove unreachable code: when CURL_DISABLE_MIME is set, httpreq can
never have HTTPREQ_POST_MIME value and the same goes for the
CURL_DISABLE_FORM_API flag and the HTTPREQ_POST_FORM value
Closes #12948
kpcyrd (26 Feb 2024)
- rustls: make curl compile with 0.12.0
Closes #12989
Daniel Stenberg (26 Feb 2024)
- strtoofft: fix the overflow check
... to not rely on wrapping, since it is an undefined behavior that is
not what always might happen. This is in our private strtoff() parser
function, used only on platforms without a native version.
Reported-by: vulnerabilityspotter on hackerone
Closes #12990
- libssh/libssh2: return error on too big range
If trying to get the range 0 - 2^63 and the remote file is 2^63 bytes or
larger.
Fixes #12983
Closes #12984
Scott Talbert (24 Feb 2024)
- setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value
Prior to this change CURLOPT_PROXY_TLSAUTH_TYPE would return
CURLE_BAD_FUNCTION_ARGUMENT on any type other than NULL. Since there is
only one type of TLS auth and it is also the default (SRP) the TLS auth
would work anyway.
Closes https://github.com/curl/curl/pull/12981
Jay Satiro (24 Feb 2024)
- mprintf: fix format prefix I32/I64 for windows compilers
- Support I32 & I64 (eg: %I64d) for all Win32 builds.
Prior to this change mprintf support for the I format prefix, which is a
Microsoft extension, was dependent on the compiler used.
When Borland compiler support was removed in fd7ef00f the prefix was
then no longer supported for that compiler; however since it's still
possible to build with Borland I'm restoring support for the prefix in
this way.
Reported-by: Paweł Witas
Fixes https://github.com/curl/curl/issues/12944
Closes https://github.com/curl/curl/pull/12950
Daniel Stenberg (23 Feb 2024)
- cd2nroff: gen: make `\>` in input to render as plain '>' in output
The same (copy and pasted) fix/mistake as in gen.pl
- gen: make `\>` in input to render as plain '>' in output
Reported-by: Gisle Vanem
Fixes #12977
Closes #12978
Fabrice Fontaine (23 Feb 2024)
- configure.ac: find libpsl with pkg-config
Find libpsl with pkg-config to avoid static build failures.
Ref: http://autobuild.buildroot.org/results/1fb15e1a99472c403d0d3b1a688902f32
e78d002
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Closes #12947
Daniel Stenberg (23 Feb 2024)
- BUG-BOUNTY.md: clarify that the curl security team decides
Closes #12975
- THANKS: add bug reporter from #740
Ref: https://github.com/curl/curl/issues/740
Stefan Eissing (22 Feb 2024)
- multi: fix multi_sock handling of select_bits
- OR the event bitmask to data->state.select_bits instead of overwriting
them. They are cleared again on use.
Reported-by: 5533asdg on github
Fixes #12971
Closes #12972
Daniel Stenberg (22 Feb 2024)
- curlver: bump to 8.7.0 for next release
- RELEASE-NOTES: synced
- write-out: add '%{proxy_used}'
Returns 1 if the previous transfer used a proxy, otherwise 0. Useful to
for example determine if a `NOPROXY` pattern matched the hostname or
not.
Extended test 970 and 972
- CURLINFO_USED_PROXY: return bool whether the proxy was used
Adds test536 to verify
Closes #12719
- sha512_256: remove the cast macro, minor language/format edits
Follow-up to cbe41d151d6a100c
Closes #12966
Stefan Eissing (20 Feb 2024)
- DoH: add trace configuration
- refs #12397 where it is dicussed how to en-/disable verbose output
of DoH operations
- introducing `struct curl_trc_feat` to track a curl feature for
tracing
- adding `data->state.feat` optionally pointing to the feature a
transfer belongs to
- adding trace functions and verbosity checks on features
- using trace feature in DoH code
- documenting `doh` as feature for `--trace-config`
Closes #12411
- websocket: fix curl_ws_recv()
- when data arrived in several chunks, the collection into
the passed buffer always started at offset 0, overwriting
the data already there.
adding test_20_07 to verify fix
- debug environment var CURL_WS_CHUNK_SIZE can be used to
influence the buffer chunk size used for en-/decoding.
Closes #12945
Evgeny Grin (Karlson2k) (20 Feb 2024)
- digest: support SHA-512/256
Also fix the tests. New implementation tested with GNU libmicrohttpd.
The new numbers in tests are real SHA-512/256 numbers (not just some
random ;) numbers ).
- tests: add SHA-512/256 unit test
- SHA-512/256: implement hash algorithm
Closes #12897
- curl_setup.h: add curl_uint64_t internal type
The unsigned version of curl_off_t basically
Daniel Stenberg (20 Feb 2024)
- docs: dist curl*.1 and install without perl
Drop docs/mk-ca-bundle.1 from the tarball. It can be generated at will.
Closes #12959
Fixes #12921
Reported-by: Michael Forney
Stefan Eissing (20 Feb 2024)
- OpenSSL QUIC: adapt to v3.3.x
- set our idle timeout as transport parameter
- query negotiated idle timeout for connection alive checks
- query number of available bidi streams on a connection
- use write_ex2 with SSL_WRITE_FLAG_CONCLUDE to signal
EOF on last chunk write, so stream close does not
require an additional QUIC packet
Closes #12933
Ramiro Garcia (19 Feb 2024)
- MANUAL.md: fix typo
Closes #12965
Daniel Stenberg (19 Feb 2024)
- BINDINGS: add mcurl, the python binding
Ref: #12956
Closes #12962
- mk-ca-bundle.md: cleanups and polish
Closes #12958
- spellcheck.yml: remove .1/.3 handling, clean all man page .md files
Since we generate all .1 and .3 files from markdown now, we can limit
the spellcheck to the markdown versions only.
Closes #12960
- libcurl-docs: cleanups
CURLMOPT_SOCKETDATA.md: fix typo
CURLMOPT_TIMERDATA.md: fix typo
CURLOPT_COOKIELIST.m: quote strings
CURLOPT_PREREQFUNCTION.md: quote variable names
CURLOPT_TCP_NODELAY.md: rephrased to please spell checker
CURLOPT_WILDCARDMATCH.md: rephrased
libcurl-tutorial.md: use correct option name
curl_global_init_mem.md: quote headers
curl_easy_getinfo.md: use correct symbol names in headers
curl_global_trace.md: quote some headers
curl_ws_meta.md: quote struct field names
libcurl-env.md: quote headers
- cd2nroff: remove backticks from titles
- RELEASE-NOTES: synced
Stefan Eissing (18 Feb 2024)
- http_chunks: fix the accounting of consumed bytes
Prior to this change chunks were handled correctly although in verbose
mode libcurl could incorrectly warn of "Leftovers after chunking" even
if there were none.
Reported-by: Michael Kaufmann
Fixes https://github.com/curl/curl/issues/12937
Closes https://github.com/curl/curl/pull/12939
- file: use xfer buf for file:// transfers
- For file:// transfers use the multi handle's transfer buffer for
up- and downloads.
Prior to this change a6c9a33 (precedes 8.6.0) changed the file://
transfers to use a smaller stack based buffer, and that caused a
significant performance decrease in Windows.
Bug: https://github.com/curl/curl/issues/12750#issuecomment-1920103086
Reported-by: edmcln@users.noreply.github.com
Closes https://github.com/curl/curl/pull/12932
Karthikdasari0423 (18 Feb 2024)
- HTTP3.md: always run nghttp3 submodule init
- For consistency change all 'build nghttp3' commands to run submodule
init after cloning, even if the branch does not have submodules.
Follow-up to 5a4b2f93 and 4f794558.
Closes https://github.com/curl/curl/pull/12928
LeeRiva (18 Feb 2024)
- CURLOPT_POSTQUOTE.md: fix typo
Closes https://github.com/curl/curl/pull/12926
Evgeny Grin (Karlson2k) (18 Feb 2024)
- checksrc.pl: fix handling .checksrc with CRLF
- When parsing .checksrc chomp the (CR)LF line ending.
Prior to this change on Windows checksrc.pl would not process the
symbols in .checksrc properly, since many git repos in Windows use auto
crlf to check out files with CRLF line endings.
Closes https://github.com/curl/curl/pull/12924
Richard Levitte (18 Feb 2024)
- cmake: fix install for older CMake versions
- Generate the docs install list by using a foreach loop instead of
LIST:TRANSFORM since older CMake can't handle the latter.
Reported-by: Dan Fandrich
Fixes https://github.com/curl/curl/issues/12920
Closes https://github.com/curl/curl/pull/12922
Stefan Eissing (16 Feb 2024)
- vtls: fix tls proxy peer verification
- When verifying a proxy certificate for an ip address, use the correct
ip family.
Prior to this change the "connection" ip family was used, which was not
necessarily the same.
Reported-by: HsiehYuho@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/12831
Closes https://github.com/curl/curl/pull/12931
Dan Fandrich (15 Feb 2024)
- CI: Bump the Circle CI base Ubuntu image to the latest 20.04
The previous ones are going to be removed soon, plus the new ones
include all the fixes since then.
Jay Satiro (13 Feb 2024)
- transfer: improve Windows SO_SNDBUF update limit
- Change the 1 second SO_SNDBUF update limit from per transfer to per
connection.
Prior to this change many transfers over the same connection could cause
many SO_SNDBUF updates made to that connection per second, which was
unnecessary.
Closes https://github.com/curl/curl/pull/12911
- schannel: fix hang on unexpected server close
- Treat TLS connection close (either due to a close_notify from the
server or just closed due to receiving 0) as pending data.
This is because in some cases schannel_recv knows the connection is
closed but has to return actual pending data so it can't return 0 or an
error to indicate no more data. In this case schannel_recv must be
called again, which only happens if readwrite_data sees that there is
still pending data.
Prior to this change if the total size of the body that libcurl expected
to receive from the server was unknown then it was possible under some
network conditions that libcurl would hang waiting to receive more data,
when in fact a close_notify alert indicating no more data would be sent
was already processed.
Fixes https://github.com/curl/curl/issues/12894
Closes https://github.com/curl/curl/pull/12910
Daniel Stenberg (10 Feb 2024)
- KNOWN_BUGS: FTP upload fails if remebered dir is deleted
Closes #12181
Closes #12923
Michał Antoniak (10 Feb 2024)
- mbedtls: use mbedtls_ssl_conf_{min|max}_tls_version
... instead of the deprecated mbedtls_ssl_conf_{min|max}_version
Closes #12905
Dan Fandrich (9 Feb 2024)
- CI: bump to actions/cache@v4 to avoid warning