| 1da198d1 | 21-Nov-2024 |
Viktor Szakats |
GHA: disable building tests, apps, docs in dependencies
Also:
- for LibreSSL download the official source tarball instead of
using the tagged Git repo and running the build script
GHA: disable building tests, apps, docs in dependencies
Also:
- for LibreSSL download the official source tarball instead of
using the tagged Git repo and running the build script which
merged the OpenBSD libressl repo into it. The latter method
was also broken at the time of this commit.
Build times:
```
before after
aws-lc: 1m55s ~40s
libressl: 1m16s ~1m20s
openssl-tsan: 5m47s 3m43s
openssl: 6m38s 4m49s
quictls-no-deprecated: 2m28s 1m51s
quictls: ~6m08s 4m16s
wolfssl-all: 1m36s 52s
wolfssl-master: 1m34s 53s
wolfssl-opensslextra: 50s 32s
```
LibreSSL build options are unchanged, but by using the tarball now
instead of two repos and a generator script, it also should be faster,
and more stable.
Closes #15622
show more ...
|
| f153b4bf | 21-Nov-2024 |
Viktor Szakats |
cmake: include `wolfssl/options.h` first
It was missing while detecting `wolfSSL_DES_ecb_encrypt`,
`wolfSSL_BIO_new` and `wolfSSL_BIO_set_shutdown`.
We have not seen it causing
cmake: include `wolfssl/options.h` first
It was missing while detecting `wolfSSL_DES_ecb_encrypt`,
`wolfSSL_BIO_new` and `wolfSSL_BIO_set_shutdown`.
We have not seen it causing issues in stable wolfSSL releases as of
v5.7.4, until a recent commit in wolfSSL master, which broke detections:
```
curl/CMakeFiles/CMakeScratch//CheckSymbolExists.c:8:19: error: ‘wolfSSL_BIO_new’ undeclared (first use in this function); did you mean ‘wolfSSL_CTX_new’?
curl/CMakeFiles/CMakeScratch//CheckSymbolExists.c:8:19: error: ‘wolfSSL_BIO_set_shutdown’ undeclared (first use in this function); did you mean ‘wolfSSL_set_shutdown’?
```
This in turn disabled `HTTPS-proxy` and failed related pytests:
https://github.com/curl/curl/actions/runs/11953800545/job/33324250039?pr=15620
wolfSSL source diff causing the regression:
https://github.com/wolfSSL/wolfSSL/compare/be70bea687526a51e3d751d425bbaaa412b451ee..c06f65a8ace311667d9b9d7fd320b6b25f8b1bf8
The wolfSSL build says:
```
Note: Make sure your application includes "wolfssl/options.h" before any other wolfSSL headers.
You can define "WOLFSSL_USE_OPTIONS_H" in your application to include this automatically.
```
This patch makes sure to follow this rule across the curl codebase.
Also:
- include `wolfssl/options.h` first in `lib/vtls/wolfssl.c`.
It was preceded by `wolfssl/version.h`, which did not cause issues.
Background for the pre-existing include order:
Ref: deb9462ff2de8e955c67ed441f5f48619a31198d #3903
Ref: https://curl.se/mail/lib-2015-04/0069.html
Bug: https://github.com/curl/curl/pull/15620#issuecomment-2491872463
Follow-up to d68a121266671c806b5065c2fdce52d292bf7830 #14064
Closes #15623
show more ...
|
| 6238888c | 21-Nov-2024 |
Wyatt O'Day |
schannel: remove TLS 1.3 ciphersuite-list support
Drop TLS 1.3 ciphersuite-list support from SChannel because of the
number of bugs in SChannel itself (a closed-source TLS library). TLS
schannel: remove TLS 1.3 ciphersuite-list support
Drop TLS 1.3 ciphersuite-list support from SChannel because of the
number of bugs in SChannel itself (a closed-source TLS library). TLS 1.3
with SChannel still works, however the ciphersuite negotiation is left
entirely to SChannel.
Bug: https://hackerone.com/reports/2792484
Reported-by: newfunction on hackerone
Fixes https://github.com/curl/curl/issues/15482
Closes https://github.com/curl/curl/pull/15621
show more ...
|
| e233073f | 14-Nov-2024 |
Viktor Szakats |
cmake: do not echo most inherited `LDFLAGS` to config files
Sync with autotools and filter out most linker flags inherited via
`CMAKE_SHARED_LINKER_FLAGS` (that includes `LDFLAGS` env) b
cmake: do not echo most inherited `LDFLAGS` to config files
Sync with autotools and filter out most linker flags inherited via
`CMAKE_SHARED_LINKER_FLAGS` (that includes `LDFLAGS` env) before
echoing them in `libcurl.pc` `Libs.private` and `curl-config`
`--static-libs`.
Keep inheriting `-l`, `-L`, `-F`, `--library-path=`, `-framework`
options.
Follow-up to e244d50064a56723c2ba4f0df8c847d6b70de0cb #15550
Follow-up to 9f56bb608ecfbb8978c6cb72a04d9e8b23162d82 #14681
Follow-up to 8ed66f98a954cfce92f770adeb2320deb1ea700e
Closes #15617
show more ...
|
| cb2ae6e8 | 13-Nov-2024 |
Jay Satiro |
curl_multi_socket_all.md: soften the deprecation warning
- Instead of saying "do not use", explain that the function was
deprecated for performance reasons.
Some users may hav
curl_multi_socket_all.md: soften the deprecation warning
- Instead of saying "do not use", explain that the function was
deprecated for performance reasons.
Some users may have a legitimate use of this function even though we
deprecated it. Since there are no plans to remove it from the API get
rid of the "do not use" warning.
Bug: https://curl.se/mail/lib-2024-11/0029.html
Reported-by: Jacob Champion
Closes https://github.com/curl/curl/pull/15576
show more ...
|
| dada880f | 17-Nov-2024 |
Brendon Smith |
docs: document default `User-Agent`
curl offers a `--user-agent` option for modifying the `User-Agent`
header supplied in its requests.
The man page section for this option expl
docs: document default `User-Agent`
curl offers a `--user-agent` option for modifying the `User-Agent`
header supplied in its requests.
The man page section for this option explains how to use the
`--user-agent` option, but does not explain which `User-Agent` curl uses
by default.
By default, curl uses curl/VERSION, such as `User-Agent: curl/8.11.0`.
Note that this appears to be different from the libcurl default (no
User-Agent header).
This commit documents the default `User-Agent` in the man page section
for the `--user-agent` option, as well as on the "Art of Scripting"
page.
The `%VERSION` placeholder will be used to insert the current version
as described in the man page generator docs.
Closes #15608
show more ...
|
| ca6d3d2e | 17-Nov-2024 |
Daniel Stenberg |
show-headers.md: clarify the headers are saved with the data
Fixes #15605
Reported-by: tkzv on github
Closes #15606 |
| 7fbd0666 | 17-Nov-2024 |
Viktor Szakats |
GHA/macos: enable ECH in wolfSSL jobs
Homebrew wolfSSL builds recently enabled all features.
It allows to enable ECH in curl for these jobs.
https://github.com/Homebrew/homebrew
GHA/macos: enable ECH in wolfSSL jobs
Homebrew wolfSSL builds recently enabled all features.
It allows to enable ECH in curl for these jobs.
https://github.com/Homebrew/homebrew-core/commit/97d1ed6e6db63071853f0d0c5b3b02cb22983be9
https://github.com/Homebrew/homebrew-core/pull/191561
Closes #15607
show more ...
|
| 9a90678c | 17-Nov-2024 |
Daniel Stenberg |
RELEASE-NOTES: synced |
| c56dee68 | 17-Nov-2024 |
Daniel Stenberg |
multi: add clarifying comment for wakeup_write()
Coverity raised it as a "suspicious sizeof".
Closes #15600 |
| 4b07b7eb | 17-Nov-2024 |
Viktor Szakats |
netrc: fix pointer to bool conversion
with MSVC 2008 and 2010:
```
lib/netrc.c(107): error C2440: 'initializing' : cannot convert from 'char *' to 'bool'
```
Ref: https://ci.
netrc: fix pointer to bool conversion
with MSVC 2008 and 2010:
```
lib/netrc.c(107): error C2440: 'initializing' : cannot convert from 'char *' to 'bool'
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/51002792/job/jtoxd4mk984oi6fd#L164
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/51002792/job/0wxlw9a8g04e56vt#L177
Follow-up to e9b9bbac22c26cf67316fa8e6c6b9e831af31949 #15586
Closes #15601
show more ...
|
| 2dc54e30 | 16-Nov-2024 |
Daniel Stenberg |
socket: handle binding to "host!<ip>"
Regression since 3060557af702d (shipped in 8.9.0)
Fixes #15553
Reported-by: marcos-ng on github
Closes #15583 |
| e9b9bbac | 15-Nov-2024 |
Daniel Stenberg |
netrc: address several netrc parser flaws
- make sure that a match that returns a username also returns a
password, that should be blank if no password is found
- fix handling
netrc: address several netrc parser flaws
- make sure that a match that returns a username also returns a
password, that should be blank if no password is found
- fix handling of multiple logins for same host where the password/login
order might be reversed.
- reject credentials provided in the .netrc if they contain ASCII control
codes - if the used protocol does not support such (like HTTP and WS do)
Reported-by: Harry Sintonen
Add test 478, 479 and 480 to verify. Updated unit 1304.
Closes #15586
show more ...
|
| 6081703b | 17-Nov-2024 |
Viktor Szakats |
GHA/linux: enable ECH in wolfSSL jobs
wolfSSL `--enable-all` builds support ECH. Enable it for 3 jobs using
such builds.
Also:
- GHA/windows: drop ECH from the job name.
GHA/linux: enable ECH in wolfSSL jobs
wolfSSL `--enable-all` builds support ECH. Enable it for 3 jobs using
such builds.
Also:
- GHA/windows: drop ECH from the job name.
Closes #15598
show more ...
|
| bc34ebc8 | 10-Nov-2024 |
Daniel Stenberg |
curl.h: mark two error codes as obsolete
Not used by libcurl since many years
Closes #15538 |
| a8268865 | 12-Nov-2024 |
renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
CI: update dependencies
- debian:bookworm-slim Docker digest to c00d13c
- github/codeql-action digest to ea9e4e3
- fsfe/reuse-action action to v5
- awslabs/aws-lc to v1.39.0
CI: update dependencies
- debian:bookworm-slim Docker digest to c00d13c
- github/codeql-action digest to ea9e4e3
- fsfe/reuse-action action to v5
- awslabs/aws-lc to v1.39.0
Closes #15555
Closes #15556
Closes #15579
Closes #15594
show more ...
|
| 24085b53 | 14-Nov-2024 |
Tal Regev |
GHA/windows: enable GSS-API in an MSVC job
Ref: #15545
Ref: #15564
Ref: #15585
Closes #15549 |
| c41e9cc1 | 15-Nov-2024 |
Viktor Szakats |
krb5: fix socket/sockindex confusion, MSVC compiler warnings
- fix socket/sockindex confusion on writes:
The callstack used to end with `Curl_write_plain()` accepting a socket
krb5: fix socket/sockindex confusion, MSVC compiler warnings
- fix socket/sockindex confusion on writes:
The callstack used to end with `Curl_write_plain()` accepting a socket
till 7.87.0. This call got swapped for `Curl_conn_send()`, expecting
a sockindex. `socket_write()` was updated accordingly. Its callers
missed it and continued operating on sockets: `do_sec_send()`,
`sec_write()`, passing it down the stack and `Curl_conn_send()`
resolving it as if it were a sockindex.
It affected FTP Kerberos authentication.
Discovered through MSVC warnings:
```
curl\lib\krb5.c(652,28): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
curl\lib\krb5.c(654,28): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
curl\lib\krb5.c(656,26): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
curl\lib\krb5.c(657,26): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
curl\lib\krb5.c(665,24): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
curl\lib\krb5.c(666,24): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
```
Ref: https://github.com/curl/curl/actions/runs/11846599621/job/33014592805#step:9:32
Follow-up to 5651a36d1ae46db61a31771a8d4d6dcf2a510856 #10280
Bug: https://github.com/curl/curl/pull/15549#issuecomment-2474154067
Fixes #15582
- fix uninitialized buffer:
```
curl\lib\krb5.c(288,1): warning C4701: potentially uninitialized local variable '_gssresp' used
```
Ref: https://github.com/curl/curl/actions/runs/11848626645/job/33020501026?pr=15585#step:9:31
- silence unreachable code compiler warning:
```
curl\lib\krb5.c(370,1): warning C4702: unreachable code
```
Ref: https://github.com/curl/curl/actions/runs/11848626645/job/33020501026?pr=15585#step:9:30
Closes #15585
show more ...
|
| c14a9c81 | 08-Nov-2024 |
Logan Buth |
CURLOPT_PREREQFUNCTION.md: add result code on failure
Closes #15542 |
| a06c0a5b | 14-Nov-2024 |
andrewkirillov-ibm |
Rename struct var to fix AIX build
Fixing issue #15580 by renaming struct var to tool_var to avoid conflict
with the same structure name defined in AIX system headers.
Fixes #15
Rename struct var to fix AIX build
Fixing issue #15580 by renaming struct var to tool_var to avoid conflict
with the same structure name defined in AIX system headers.
Fixes #15580
Closes #15581
show more ...
|
| 8115e790 | 15-Nov-2024 |
Viktor Szakats |
tidy-up: indentation [ci skip] |
| cb7558af | 14-Nov-2024 |
Viktor Szakats |
configure: replace `$#` shell syntax
With a more portable alternative.
Fixes (seen on macOS):
```
../configure: line 47131: 1: command not found
```
Ref: https://git
configure: replace `$#` shell syntax
With a more portable alternative.
Fixes (seen on macOS):
```
../configure: line 47131: 1: command not found
```
Ref: https://github.com/curl/curl/actions/runs/11846071276/job/33012894013#step:7:635
Follow-up to e244d50064a56723c2ba4f0df8c847d6b70de0cb #15550
Closes #15584
show more ...
|
| 9eb5c7cf | 13-Nov-2024 |
Viktor Szakats |
cmake: restore cmake args list in `buildinfo.txt`
This feature was recently dropped because of a bad side-effect of
silencing unused cmake command-line option warnings.
Fix this
cmake: restore cmake args list in `buildinfo.txt`
This feature was recently dropped because of a bad side-effect of
silencing unused cmake command-line option warnings.
Fix this issue by retrieving variable values using `get_property()`,
instead of accessing the variables directly. It allows restoring
this feature without the bad side-effect.
Also limit the logic to CI runs.
Follow-up to 96edb5f611c9e54da1ae824d9dc0e219619c24c0 #15501
Closes #15563
show more ...
|
| c66964f2 | 14-Nov-2024 |
Viktor Szakats |
configure: add FIXMEs for disabled pkg-config references
Follow-up to d511ec8b0a56b2a99226fe556abe9f815153c648 #15573 |
| d511ec8b | 13-Nov-2024 |
Viktor Szakats |
build: omit certain deps from `libcurl.pc` unless found via `pkg-config`
The idea of linking dependencies found to `libcurl.pc` turns out not
to work in practice in some cases.
build: omit certain deps from `libcurl.pc` unless found via `pkg-config`
The idea of linking dependencies found to `libcurl.pc` turns out not
to work in practice in some cases.
Specifically: gss, ldap, mbedtls, libmsh3, rustls
A `.pc` may not work or be missing for a couple of reasons:
- not all build methods generate it: mbedTLS, Rustls
- generated file is broken: msh3
Ref: https://github.com/nibanks/msh3/pull/225
- installed package flavour isn't shipping with one:
FreeBSD GSS, OmniOS LDAP, macOS LDAP
The effect of such issues shall be subtle in theory, because
`libcurl.pc` normally lists these dependencies in the `Requires.private`
section meant for static linking. But, e.g. `pkg-config --exists`
requires these to be present, and builds sometimes use this check
regardless of build type. This bug is not present in `pkgconf`; it only
checks for them when `--static` is also passed.
Fix these by adding affected `.pc` references to `libcurl.pc` only when
we detected the dependency via `pkg-config`.
There are a few side-effects of this solution:
- references are never added for dependencies where curl doesn't
implement `pkg-config` detection. These are:
- autotools: ldap, mbedtls, msh3
- cmake: ldap (pending #15273)
- generated `libcurl.pc` depends on the build-time environment.
- generated `libcurl.pc` depends on curl build tool (cmake, autotools).
- generated `libcurl.pc` depends on curl build implementation details.
Make an exception for GNU GSS, where I blindly guess that `gss.pc` is
always available, as no issues were reported.
Other, not mentioned, dependencies continue to be added regardless
of the detection method.
Reported-by: Harmen Stoppels, Thomas, Daniel Engberg, Andy Fiddaman
Fixes #15469
Fixes #15507
Fixes #15535
Fixes https://github.com/curl/curl/pull/15163#issuecomment-2473358444
Closes #15573
show more ...
|
