llist: survive cleared list better

Make Curl_node_uremove() and Curl_node_take_elem() properly survive
run-time when the ->list field has been cleared previously. Like when
Curl_node

llist: survive cleared list better

Make Curl_node_uremove() and Curl_node_take_elem() properly survive
run-time when the ->list field has been cleared previously. Like when
Curl_node_take_elem() is called twice.

We have asserts to catch those situations to make sure we avoid them if
we can, but if they still happen in a non-debug build we should make
sure the functions survive proper.

Pointed out by CodeSonar.

Closes #15791

show more ...

RELEASE-NOTES: synced

curl: make --etag-save acknowledge --create-dirs

Add test 693 to verify

Fixes #15730
Suggested-by: Tamir Duberstein
Closes #15732

tool_formparse.c: make curlx_uztoso a static in here

And drop the prefix. This function was not use elsewhere and it should
certainly not be present in libcurl code when not used in the

tool_formparse.c: make curlx_uztoso a static in here

And drop the prefix. This function was not use elsewhere and it should
certainly not be present in libcurl code when not used in the library.

Closes #15796

show more ...

scripts/mdlinkcheck: fix the ../ handling in file links

Follow-up to 62515e8e9d750f

Closes #15797

binmode: convert to macro and use it from tests

And use it from src and tests.

Syncing this functionality between platforms and build targets.

Also: Stop redefining `O_BINA

binmode: convert to macro and use it from tests

And use it from src and tests.

Syncing this functionality between platforms and build targets.

Also: Stop redefining `O_BINARY` in src, and use a local macro with
the same effect. `O_BINARY` is used in `CURL_SET_BINMODE()` to decide
if this functionality is supported, and redefining it makes this check
pass always in unity builds. The check is required for Apple OS, because
it offers a `setmode()` function, successfully detected by both CMake
and autotools, but that function has a different functionality and
signature than that expected by `CURL_SET_BINMODE()`.

Also:
- drop MetaWare High C (MS-DOS) support for set binmode.
- tests/libtest/Makefile.inc: dedupe comments.
- lib/curl_setup_once.h: tidy up feature guards for `io.h`, `fcntl.h`.

Ref: #15652
Closes #15787

show more ...

vtls_cache: bail out proper if Curl_hmacit() fails

Pointed out by CodeSonar

Closes #15790

openssl: avoid "redundant condition"

Pointed out by CodeSonar

Closes #15792

TODO: sending only part of --data is now possible

Since 40c264db617d02

Closes #15794

getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var

Let CURLINFO_QUEUE_TIME_T count only the time a transfer spends queued,
including possible redirect requests.

Add var

getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var

Let CURLINFO_QUEUE_TIME_T count only the time a transfer spends queued,
including possible redirect requests.

Add var 'time_queue' for reporting the time in write outs.

Add test for verifying correct reporting.

Closes #15512

show more ...

curl: add byte range support to --variable reading from file

Allowing --variable read a portion of provided files, makes curl work on
partial files for any options that accepts strings.

curl: add byte range support to --variable reading from file

Allowing --variable read a portion of provided files, makes curl work on
partial files for any options that accepts strings. Like --data and others.

The byte offset is provided within brackets, with a semicolon separator
like: --variable name@file;[100-200]"

Inspired by #14479
Assisted-by: Manuel Einfalt

Test 784 - 789. Documentation update provided.

Closes #15739

show more ...

hyper: drop support

lib : remove all hyper code
configure: stop detecting hyper
docs: no more mention of hyper
tests: mo more special-handling of hyper builds
CI: no jobs usi

hyper: drop support

lib : remove all hyper code
configure: stop detecting hyper
docs: no more mention of hyper
tests: mo more special-handling of hyper builds
CI: no jobs using hyper

Closes #15120

show more ...

examples: make them compile with compatibility functions disabled (Windows)

For MinGW this is `-DNO_OLDNAMES`, with MSVC it is
`-D_CRT_DECLARE_NONSTDC_NAMES=0`.

There have been

examples: make them compile with compatibility functions disabled (Windows)

For MinGW this is `-DNO_OLDNAMES`, with MSVC it is
`-D_CRT_DECLARE_NONSTDC_NAMES=0`.

There have been some support for this before this patch.
After this patch this is extended to all examples.

(And also the standalone http/client programs, if here.)

Cherry-picked from #15652
Closes #15789

show more ...

examples/complicated: fix warnings, bump deprecated callback, tidy up

Also: make them C89, add consts.

Closes #15785

lib: TLS session ticket caching reworked

Described in detail in internal doc TLS-SESSIONS.md

Main points:
- use a new `ssl_peer_key` for cache lookups by connection filters

lib: TLS session ticket caching reworked

Described in detail in internal doc TLS-SESSIONS.md

Main points:
- use a new `ssl_peer_key` for cache lookups by connection filters
- recognize differences between TLSv1.3 and other tickets
* TLSv1.3 tickets are single-use, cache can hold several of them for a peer
* TLSv1.2 are reused, keep only a single one per peer
- differentiate between ticket BLOB to store (that could be persisted) and object instances
- use put/take/return pattern for cache access
- remember TLS version, ALPN protocol, time received and lifetime of ticket
- auto-expire tickets after their lifetime

Closes #15774

show more ...

GHA: update ngtcp2 and nghttp3

- ngtcp2 to v1.10.0
- nghttp3 to v1.7.0

Closes #15783
Closes #15782

examples/synctime.c: remove references to dead URLs and functionality

This example can use the Date: header of any server so there is no point
in linking to ancient URLs describeing a se

examples/synctime.c: remove references to dead URLs and functionality

This example can use the Date: header of any server so there is no point
in linking to ancient URLs describeing a setup at NIST that no longer
exists.

Closes #15786

show more ...

config-mac: drop `MACOS_SSL_SUPPORT` macro

It has been a synonym for `USE_OPENSSL` since
709cf76f6bb7dbaca14e3e8df160ccfac04dcecb (2015).

The few uses of this on GitHub also set

config-mac: drop `MACOS_SSL_SUPPORT` macro

It has been a synonym for `USE_OPENSSL` since
709cf76f6bb7dbaca14e3e8df160ccfac04dcecb (2015).

The few uses of this on GitHub also set `USE_OPENSSL` and
should be fine. Those which don't, please replace
`-DMACOS_SSL_SUPPORT` with `-DUSE_OPENSSL`.

Closes #15777

show more ...

cmake: drop redundant opening/closing `.*` from `MATCH` expressions

Also from a corresponding `REPLACE` expression.

CMake matches expressions anywhere within the value without an ex

cmake: drop redundant opening/closing `.*` from `MATCH` expressions

Also from a corresponding `REPLACE` expression.

CMake matches expressions anywhere within the value without an explicit
`.*`.

https://cmake.org/cmake/help/latest/command/if.html#matches
https://cmake.org/cmake/help/latest/command/string.html#regex-match

Closes #15773

show more ...

RELEASE-NOTES: synced

VULN-DISCLOSURE-POLICY.md: mention the not setting CVSS

Closes #15779

http_aws_sigv4: Fix invalid compare function handling zero-length pairs

The compare_func() can violate the antisymmetric property required by
qsort. Specifically, when both aa->len == 0

http_aws_sigv4: Fix invalid compare function handling zero-length pairs

The compare_func() can violate the antisymmetric property required by
qsort. Specifically, when both aa->len == 0 and bb->len == 0, the
function returns conflicting results (-1 for compare_func(a, b) and -1
for compare_func(b, a)).

This violates the rules of qsort and may lead to undefined behavior,
including incorrect sorting or memory corruption in glibc [1].

Add a check to return 0 when both lengths are zero, ensuring proper
behavior and preventing undefined behavior in the sorting process.

Ref: https://www.qualys.com/2024/01/30/qsort.txt [1]

Closes #15778

show more ...

vtls: remove 'detach/attach' functions from TLS handler struct

Unused since 7c8bae0d9c9b2dfeeb

Closes #15776

vtls: remove unusued 'check_cxn' from TLS handler struct

The last use was removed in 7c5637b8b4

Closes #15775

vtls: replace "none"-functions with NULL pointers

For TLS backends that don't need these functions, they now use plain
NULL pointers instead of setting a function that does nothing.

vtls: replace "none"-functions with NULL pointers

For TLS backends that don't need these functions, they now use plain
NULL pointers instead of setting a function that does nothing.

Helps making it clearer that a specific TLS handler does not provide
anything specific for that action.

Closes #15772

show more ...