cmake: do not echo most inherited `LDFLAGS` to config files

Sync with autotools and filter out most linker flags inherited via
`CMAKE_SHARED_LINKER_FLAGS` (that includes `LDFLAGS` env) b

cmake: do not echo most inherited `LDFLAGS` to config files

Sync with autotools and filter out most linker flags inherited via
`CMAKE_SHARED_LINKER_FLAGS` (that includes `LDFLAGS` env) before
echoing them in `libcurl.pc` `Libs.private` and `curl-config`
`--static-libs`.

Keep inheriting `-l`, `-L`, `-F`, `--library-path=`, `-framework`
options.

Follow-up to e244d50064a56723c2ba4f0df8c847d6b70de0cb #15550
Follow-up to 9f56bb608ecfbb8978c6cb72a04d9e8b23162d82 #14681
Follow-up to 8ed66f98a954cfce92f770adeb2320deb1ea700e

Closes #15617

show more ...

curl_multi_socket_all.md: soften the deprecation warning

- Instead of saying "do not use", explain that the function was
deprecated for performance reasons.

Some users may hav

curl_multi_socket_all.md: soften the deprecation warning

- Instead of saying "do not use", explain that the function was
deprecated for performance reasons.

Some users may have a legitimate use of this function even though we
deprecated it. Since there are no plans to remove it from the API get
rid of the "do not use" warning.

Bug: https://curl.se/mail/lib-2024-11/0029.html
Reported-by: Jacob Champion

Closes https://github.com/curl/curl/pull/15576

show more ...

docs: document default `User-Agent`

curl offers a `--user-agent` option for modifying the `User-Agent`
header supplied in its requests.

The man page section for this option expl

docs: document default `User-Agent`

curl offers a `--user-agent` option for modifying the `User-Agent`
header supplied in its requests.

The man page section for this option explains how to use the
`--user-agent` option, but does not explain which `User-Agent` curl uses
by default.

By default, curl uses curl/VERSION, such as `User-Agent: curl/8.11.0`.

Note that this appears to be different from the libcurl default (no
User-Agent header).

This commit documents the default `User-Agent` in the man page section
for the `--user-agent` option, as well as on the "Art of Scripting"
page.

The `%VERSION` placeholder will be used to insert the current version
as described in the man page generator docs.

Closes #15608

show more ...

show-headers.md: clarify the headers are saved with the data

Fixes #15605
Reported-by: tkzv on github
Closes #15606

GHA/macos: enable ECH in wolfSSL jobs

Homebrew wolfSSL builds recently enabled all features.
It allows to enable ECH in curl for these jobs.

https://github.com/Homebrew/homebrew

GHA/macos: enable ECH in wolfSSL jobs

Homebrew wolfSSL builds recently enabled all features.
It allows to enable ECH in curl for these jobs.

https://github.com/Homebrew/homebrew-core/commit/97d1ed6e6db63071853f0d0c5b3b02cb22983be9
https://github.com/Homebrew/homebrew-core/pull/191561

Closes #15607

show more ...

RELEASE-NOTES: synced

multi: add clarifying comment for wakeup_write()

Coverity raised it as a "suspicious sizeof".

Closes #15600

netrc: fix pointer to bool conversion

with MSVC 2008 and 2010:
```
lib/netrc.c(107): error C2440: 'initializing' : cannot convert from 'char *' to 'bool'
```
Ref: https://ci.

netrc: fix pointer to bool conversion

with MSVC 2008 and 2010:
```
lib/netrc.c(107): error C2440: 'initializing' : cannot convert from 'char *' to 'bool'
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/51002792/job/jtoxd4mk984oi6fd#L164
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/51002792/job/0wxlw9a8g04e56vt#L177

Follow-up to e9b9bbac22c26cf67316fa8e6c6b9e831af31949 #15586
Closes #15601

show more ...

socket: handle binding to "host!<ip>"

Regression since 3060557af702d (shipped in 8.9.0)

Fixes #15553
Reported-by: marcos-ng on github
Closes #15583

netrc: address several netrc parser flaws

- make sure that a match that returns a username also returns a
password, that should be blank if no password is found

- fix handling

netrc: address several netrc parser flaws

- make sure that a match that returns a username also returns a
password, that should be blank if no password is found

- fix handling of multiple logins for same host where the password/login
order might be reversed.

- reject credentials provided in the .netrc if they contain ASCII control
codes - if the used protocol does not support such (like HTTP and WS do)

Reported-by: Harry Sintonen

Add test 478, 479 and 480 to verify. Updated unit 1304.

Closes #15586

show more ...

GHA/linux: enable ECH in wolfSSL jobs

wolfSSL `--enable-all` builds support ECH. Enable it for 3 jobs using
such builds.

Also:
- GHA/windows: drop ECH from the job name.

GHA/linux: enable ECH in wolfSSL jobs

wolfSSL `--enable-all` builds support ECH. Enable it for 3 jobs using
such builds.

Also:
- GHA/windows: drop ECH from the job name.

Closes #15598

show more ...

curl.h: mark two error codes as obsolete

Not used by libcurl since many years

Closes #15538

CI: update dependencies

- debian:bookworm-slim Docker digest to c00d13c
- github/codeql-action digest to ea9e4e3
- fsfe/reuse-action action to v5
- awslabs/aws-lc to v1.39.0

CI: update dependencies

- debian:bookworm-slim Docker digest to c00d13c
- github/codeql-action digest to ea9e4e3
- fsfe/reuse-action action to v5
- awslabs/aws-lc to v1.39.0

Closes #15555
Closes #15556
Closes #15579
Closes #15594

show more ...

GHA/windows: enable GSS-API in an MSVC job

Ref: #15545
Ref: #15564
Ref: #15585

Closes #15549

krb5: fix socket/sockindex confusion, MSVC compiler warnings

- fix socket/sockindex confusion on writes:

The callstack used to end with `Curl_write_plain()` accepting a socket

krb5: fix socket/sockindex confusion, MSVC compiler warnings

- fix socket/sockindex confusion on writes:

The callstack used to end with `Curl_write_plain()` accepting a socket
till 7.87.0. This call got swapped for `Curl_conn_send()`, expecting
a sockindex. `socket_write()` was updated accordingly. Its callers
missed it and continued operating on sockets: `do_sec_send()`,
`sec_write()`, passing it down the stack and `Curl_conn_send()`
resolving it as if it were a sockindex.
It affected FTP Kerberos authentication.

Discovered through MSVC warnings:
```
curl\lib\krb5.c(652,28): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
curl\lib\krb5.c(654,28): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
curl\lib\krb5.c(656,26): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
curl\lib\krb5.c(657,26): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
curl\lib\krb5.c(665,24): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
curl\lib\krb5.c(666,24): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
```
Ref: https://github.com/curl/curl/actions/runs/11846599621/job/33014592805#step:9:32

Follow-up to 5651a36d1ae46db61a31771a8d4d6dcf2a510856 #10280
Bug: https://github.com/curl/curl/pull/15549#issuecomment-2474154067
Fixes #15582

- fix uninitialized buffer:
```
curl\lib\krb5.c(288,1): warning C4701: potentially uninitialized local variable '_gssresp' used
```
Ref: https://github.com/curl/curl/actions/runs/11848626645/job/33020501026?pr=15585#step:9:31

- silence unreachable code compiler warning:
```
curl\lib\krb5.c(370,1): warning C4702: unreachable code
```
Ref: https://github.com/curl/curl/actions/runs/11848626645/job/33020501026?pr=15585#step:9:30

Closes #15585

show more ...

CURLOPT_PREREQFUNCTION.md: add result code on failure

Closes #15542

Rename struct var to fix AIX build

Fixing issue #15580 by renaming struct var to tool_var to avoid conflict
with the same structure name defined in AIX system headers.

Fixes #15

Rename struct var to fix AIX build

Fixing issue #15580 by renaming struct var to tool_var to avoid conflict
with the same structure name defined in AIX system headers.

Fixes #15580
Closes #15581

show more ...

tidy-up: indentation [ci skip]

configure: replace `$#` shell syntax

With a more portable alternative.

Fixes (seen on macOS):
```
../configure: line 47131: 1: command not found
```
Ref: https://git

configure: replace `$#` shell syntax

With a more portable alternative.

Fixes (seen on macOS):
```
../configure: line 47131: 1: command not found
```
Ref: https://github.com/curl/curl/actions/runs/11846071276/job/33012894013#step:7:635

Follow-up to e244d50064a56723c2ba4f0df8c847d6b70de0cb #15550
Closes #15584

show more ...

cmake: restore cmake args list in `buildinfo.txt`

This feature was recently dropped because of a bad side-effect of
silencing unused cmake command-line option warnings.

Fix this

cmake: restore cmake args list in `buildinfo.txt`

This feature was recently dropped because of a bad side-effect of
silencing unused cmake command-line option warnings.

Fix this issue by retrieving variable values using `get_property()`,
instead of accessing the variables directly. It allows restoring
this feature without the bad side-effect.

Also limit the logic to CI runs.

Follow-up to 96edb5f611c9e54da1ae824d9dc0e219619c24c0 #15501
Closes #15563

show more ...

configure: add FIXMEs for disabled pkg-config references

Follow-up to d511ec8b0a56b2a99226fe556abe9f815153c648 #15573

build: omit certain deps from `libcurl.pc` unless found via `pkg-config`

The idea of linking dependencies found to `libcurl.pc` turns out not
to work in practice in some cases.

build: omit certain deps from `libcurl.pc` unless found via `pkg-config`

The idea of linking dependencies found to `libcurl.pc` turns out not
to work in practice in some cases.

Specifically: gss, ldap, mbedtls, libmsh3, rustls

A `.pc` may not work or be missing for a couple of reasons:
- not all build methods generate it: mbedTLS, Rustls
- generated file is broken: msh3
Ref: https://github.com/nibanks/msh3/pull/225
- installed package flavour isn't shipping with one:
FreeBSD GSS, OmniOS LDAP, macOS LDAP

The effect of such issues shall be subtle in theory, because
`libcurl.pc` normally lists these dependencies in the `Requires.private`
section meant for static linking. But, e.g. `pkg-config --exists`
requires these to be present, and builds sometimes use this check
regardless of build type. This bug is not present in `pkgconf`; it only
checks for them when `--static` is also passed.

Fix these by adding affected `.pc` references to `libcurl.pc` only when
we detected the dependency via `pkg-config`.

There are a few side-effects of this solution:
- references are never added for dependencies where curl doesn't
implement `pkg-config` detection. These are:
- autotools: ldap, mbedtls, msh3
- cmake: ldap (pending #15273)
- generated `libcurl.pc` depends on the build-time environment.
- generated `libcurl.pc` depends on curl build tool (cmake, autotools).
- generated `libcurl.pc` depends on curl build implementation details.

Make an exception for GNU GSS, where I blindly guess that `gss.pc` is
always available, as no issues were reported.

Other, not mentioned, dependencies continue to be added regardless
of the detection method.

Reported-by: Harmen Stoppels, Thomas, Daniel Engberg, Andy Fiddaman
Fixes #15469
Fixes #15507
Fixes #15535
Fixes https://github.com/curl/curl/pull/15163#issuecomment-2473358444
Closes #15573

show more ...

cmake: sync GSS config code with other deps

- stop passing explicit libpaths via `CMAKE_SHARED_LINKER_FLAGS` and
`CMAKE_EXE_LINKER_FLAGS`. `link_directories()` is doing that already.

cmake: sync GSS config code with other deps

- stop passing explicit libpaths via `CMAKE_SHARED_LINKER_FLAGS` and
`CMAKE_EXE_LINKER_FLAGS`. `link_directories()` is doing that already.
- use `curl_required_libpaths()` to pass libpaths to the feature test.
Reported-by: Daniel Engberg
Fixes #15536
Also fixes GSS feature detection with non-gcc/clang compilers,
such as MSVC.
- add libpaths to `CURL_LIBPATHS`.
- move `GSS_CFLAGS`, `GSS_LDFLAGS` stringifications to FindGSS.
To match the `CFLAGS` format returned by the rest of Find modules.
- reorder calls to match other dependencies.
- don't extend system `LDFLAGS` when FindGSS did not return any.
- ignore `LDFLAGS` when detecting GSS via `pkg-config`. `LDFLAGS` holds
a copy of libpaths and libs in this case. Ignore those to avoid these
duplicates making into `libcurl.pc` and `curl-config`. Also syncing
behavior with other Find modules which also ignore raw `LDFLAGS`.
- ignore raw `LDFLAGS` coming from `krb5-config --libs`. FindGSS
no longer returns dependency-specific `LDFLAGS` after this. Syncing
behavior with other Find modules.
- reduce scope of checker state push/pop/set.

Closes #15545

show more ...

strtok: use namespaced `strtok_r` macro instead of redefining it

krb5 defines `strtok_r` for Windows unconditionally in its public
header:
https://github.com/krb5/krb5/blob/dc5554394

strtok: use namespaced `strtok_r` macro instead of redefining it

krb5 defines `strtok_r` for Windows unconditionally in its public
header:
https://github.com/krb5/krb5/blob/dc5554394e5a4363b3e109623edbeb9ad6c18a62/src/include/win-mac.h#L214-L215
resulting in this warning:
```
lib\strtok.h(31,9): warning C4005: 'strtok_r': macro redefinition
C:\vcpkg\installed\x64-windows\include\win-mac.h(215,9):
see previous definition of 'strtok_r'
```

The krb5 macro collides with curl's internal definition, in case
the `strtok_r` function is undetected and falling back to a local
replacement.

Reported-by: Tal Regev
Bug: https://github.com/curl/curl/pull/15549#issuecomment-2468251761
Closes #15564

show more ...

socketpair: fix enabling `USE_EVENTFD`

Follow-up to 23fe1a52dc8a2ffd74e19b956927bbccdc07f15f #13874
Closes #15561