RELEASE-NOTES: synced

ws: fix autoping handling

Reported-by: Alexey Savchuk
Fixes #10289
Closes #10294

curl_log: avoid printf() format checking with mingw

Since it does not seem to like %zu and more

Follow-up to db91dbbf2

Fixes #10291
Closes #10292

tool_getparam: fix compiler warning when !HAVE_WRITABLE_ARGV

Follow-up to 2ed0e1f70ee176edf3d2

Closes #10286

openssl: make the BIO_METHOD a local variable in the connection filter

This avoids UAF issues when `curl_global_cleanup()` is called before all
transfers have been completely handled. Un

openssl: make the BIO_METHOD a local variable in the connection filter

This avoids UAF issues when `curl_global_cleanup()` is called before all
transfers have been completely handled. Unfortunately this seems to be a
more common pattern than we like.

Closes #10285

show more ...

curl: output warning at --verbose output for debug-enabled version

+ a libcurl warning in the debug output

Assisted-by: Jay Satiro

Ref: https://curl.se/mail/lib-2023-01/003

curl: output warning at --verbose output for debug-enabled version

+ a libcurl warning in the debug output

Assisted-by: Jay Satiro

Ref: https://curl.se/mail/lib-2023-01/0039.html
Closes #10278

show more ...

src: add --http3-only

Warning: --http3 and --http3-only are subject to change again (or be
removed) before HTTP/3 support goes non-experimental.

Closes #10264

curl.h: add CURL_HTTP_VERSION_3ONLY

As the previous CURL_HTTP_VERSION_3 option gets a slightly altered meaning.

Closes #10264

connect: fix access of pointer before NULL check

Detected by Coverity CID 1518992

Closes #10284

easyoptions: Fix header printing in generation script

The optiontable.pl script prints the header comment when generating
easyoptions.c, but it wasn't escaping all characters which jumbl

easyoptions: Fix header printing in generation script

The optiontable.pl script prints the header comment when generating
easyoptions.c, but it wasn't escaping all characters which jumbled the
curl ascii logo. Fix by escaping.

Cloes #10275

show more ...

tool_getparam: fix hiding of command line secrets

Closes #10276

tests: document the cfilter debug logging options

Closes #10283

curl_log: for failf/infof and debug logging implementations

- new functions and macros for cfilter debugging
- set CURL_DEBUG with names of cfilters where debug logging should be

curl_log: for failf/infof and debug logging implementations

- new functions and macros for cfilter debugging
- set CURL_DEBUG with names of cfilters where debug logging should be
enabled
- use GNUC __attribute__ to enable printf format checks during compile

Closes #10271

show more ...

RELEASE-NOTES: synced

msh3: update to v0.6

Closes #10192

ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl

Using common method for SSL_CTX initialization of verfiy peer and CA
settings. This also provides X509_STORE sharing to b

ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl

Using common method for SSL_CTX initialization of verfiy peer and CA
settings. This also provides X509_STORE sharing to become available for
ngtcp2+openssl HTTP/3.

Reported-by: violetlige on github

Fixes #10222
Closes #10239

show more ...

cf-socket: make infof() call use %zu for size_t output

Detected by Coverity CID 1518986 and CID 1518984

Closes #10268

os400: fixes to make-lib.sh and initscript.sh

Adjust how exports list is generated from header files to account for
declarations across multiple lines and CURL_DEPRECATED(...) tags.

os400: fixes to make-lib.sh and initscript.sh

Adjust how exports list is generated from header files to account for
declarations across multiple lines and CURL_DEPRECATED(...) tags.

Update initscript.sh

Specify qadrt_use_inline to prevent unistd.h in ASCII runtime defining
close(a) -> close_a(a)

Fixes #10266
Closes #10267

show more ...

tests-httpd: basic infra to run curl against an apache httpd plus nghttpx for h3

- adding '--with-test-httpd=<path>' to configure non-standard apache2
install
- python env and base

tests-httpd: basic infra to run curl against an apache httpd plus nghttpx for h3

- adding '--with-test-httpd=<path>' to configure non-standard apache2
install
- python env and base classes for running httpd
- basic tests for connectivity with h1/h2/h3
- adding test cases for truncated responses in http versions.
- adding goaway test for HTTP/3.
- adding "stuttering" tests with parallel downloads in chunks with
varying delays between chunks.

- adding a curltest module to the httpd server, adding GOAWAY test.
- mod_curltest now installs 2 handlers
- 'echo': writing as response body what came as request body
- 'tweak': with query parameters to tweak response behaviour
- marked known fails as skip for now

Closes #10175

show more ...

quic: improve connect error message, debugging info, fix false connect report

- ECONNECTREFUSED has not its own fail message in quic filters
- Debug logging in connect eyballing improved

quic: improve connect error message, debugging info, fix false connect report

- ECONNECTREFUSED has not its own fail message in quic filters
- Debug logging in connect eyballing improved
- Fix bug in ngtcp2/quiche that could lead to false success reporting.

Reported-by: Divy Le Ray

Fixes #10245
Closes #10248

show more ...

quiche: fix build without any HTTP/2 implementation

Fixes #10260
Closes #10263

.github/workflows/linux.yml: add a quiche CI job

Move over from zuul

Closes #10241

curl.h: allow up to 10M buffer size

Bump the limit from 512K. There might be reasons for applications using
h3 to set larger buffers and there is no strong reason for curl to have
a

curl.h: allow up to 10M buffer size

Bump the limit from 512K. There might be reasons for applications using
h3 to set larger buffers and there is no strong reason for curl to have
a very small maximum.

Ref: https://curl.se/mail/lib-2023-01/0026.html

Closes #10256

show more ...

GHA: use designated ngtcp2 and its dependencies versions

Designate ngtcp2 and its dependency versions so that the CI build does
not fail without our control.

Closes #10257

docs/cmdline-opts/hsts.d: explain hsts more

Closes #10258