GHA: update five dependencies

- rojopolis/spellcheck-github-actions digest to ab8ac45
- nghttp2/nghttp2 to v1.64.0
- actions/cache digest to 6849a64
- github/codeql-action digest

GHA: update five dependencies

- rojopolis/spellcheck-github-actions digest to ab8ac45
- nghttp2/nghttp2 to v1.64.0
- actions/cache digest to 6849a64
- github/codeql-action digest to 6624720
- Update actions/checkout digest to 11bd719

Closes #15341
Closes #15346
Closes #15365
Closes #15366
Closes #15387

show more ...

GHA: drop "3" from openssl names and keys

Also:
- drop patch suffix from cache key for thread-sanitizer local build
Follow-up to 73d2779196f5b4d5b45945e06b4bbdec11b6d921 #15379

GHA: drop "3" from openssl names and keys

Also:
- drop patch suffix from cache key for thread-sanitizer local build
Follow-up to 73d2779196f5b4d5b45945e06b4bbdec11b6d921 #15379

Closes #15383

show more ...

CI: update dependency openssl/openssl to v3.4.0

Closes #15377

ci: fix renovate's matching for OpenSSL and quictls

Renovate only matches on the raw version numbers of a package, but
OpenSSL includes `openssl-` as a prefix in the version number. This

ci: fix renovate's matching for OpenSSL and quictls

Renovate only matches on the raw version numbers of a package, but
OpenSSL includes `openssl-` as a prefix in the version number. This
change means that the match string now expects the `openssl-` prefix
and will just update the version portion.

This also updates quictls so that renovate can detect and update the
version correctly.

Closes #15359

show more ...

GHA: use `--no-install-suggests --no-install-recommends` where missing

It prevents `apt-get install` commands installing unnecessary packages.

Makes the 8 HTTP/3 jobs around 30 seco

GHA: use `--no-install-suggests --no-install-recommends` where missing

It prevents `apt-get install` commands installing unnecessary packages.

Makes the 8 HTTP/3 jobs around 30 seconds faster each.

before: https://github.com/curl/curl/actions/runs/11466168597
after: https://github.com/curl/curl/actions/runs/11469013245?pr=15373

Closes #15373

show more ...

CI: run with standard mod_http2

We used to include a special mod_h2 in our CI that supports the
directive H2MaxDataFrameLen for test_02_20. Since then, ubuntu-lastest
includes a more

CI: run with standard mod_http2

We used to include a special mod_h2 in our CI that supports the
directive H2MaxDataFrameLen for test_02_20. Since then, ubuntu-lastest
includes a more recent apache httpd. Let's see if we can live without
the special.

Closes #15353

show more ...

GHA/linux: bump to quictls 3.3.0

Closes #15334

GHA: update ngtcp2/ngtcp2 and awslabs/aws-lc

- update ngtcp2/ngtcp2 to v1.8.1
- update awslabs/aws-lc to v1.37.0

Closes #15318
Closes #15329

CI: explicitly specify the OS version when necessary

Commit 8ea120f6 added --break-system-packages which works in Ubuntu
24.04 but not 22.04, so explicitly specify that version in the ru

CI: explicitly specify the OS version when necessary

Commit 8ea120f6 added --break-system-packages which works in Ubuntu
24.04 but not 22.04, so explicitly specify that version in the runner
instead of relying on ubuntu-latest to provide it. Some runners have
regressed back to 22.04 for ubuntu-latest, resulting in build failures.

show more ...

GHA/linux: fixup pip for Ubuntu 24.04

`ubuntu-latest` became `ubuntu-24.04` today.

Closes #15287

GHA: optimize test prereq steps

- Linux: move test and pytest prereqs right before test run.
- returns build phase results faster.
- allows skipping steps for jobs that don't nee

GHA: optimize test prereq steps

- Linux: move test and pytest prereqs right before test run.
- returns build phase results faster.
- allows skipping steps for jobs that don't need them.
- makes dependencies more transparent.
- sync prereq install step names.
- use `tests/requirements.txt` more.

Closes #15275

show more ...

CI: update rojopolis/spellcheck, actions/checkout, actions/upload-artifact

- update rojopolis/spellcheck-github-actions digest to 7ff888c
- update actions/checkout digest to eef6144

CI: update rojopolis/spellcheck, actions/checkout, actions/upload-artifact

- update rojopolis/spellcheck-github-actions digest to 7ff888c
- update actions/checkout digest to eef6144
- update actions/upload-artifact digest to b4b15b8

Closes #15207
Closes #15184
Closes #15187

show more ...

CI: bump github/codeql-action, vmactions/omnios-vm and actions/cache

- bump github/codeql-action from 3.26.10 to 3.26.11
- bump vmactions/omnios-vm from 1.0.7 to 1.0.8
- bump actions

CI: bump github/codeql-action, vmactions/omnios-vm and actions/cache

- bump github/codeql-action from 3.26.10 to 3.26.11
- bump vmactions/omnios-vm from 1.0.7 to 1.0.8
- bump actions/cache from 4.0.2 to 4.1.1

Closes #15178
Closes #15179
Closes #15244

show more ...

ci: dump `curl_config.h` to log in all jobs

Also:
- GHA/windows: merge full and brief dump into a single job step.
- fix shellcheck warning 'useless cat'.

Closes #15266

GHA: drop `--parallel` option for CMake + Ninja jobs

It's managed by Ninja automatically.

Closes #15249

cmake: add native `pkg-config` detection for mbedTLS, MSH3, Quiche, Rustls, wolfSSL

Also:
- detect and add required system libraries for Rustls on macOS and
non-Windows.
- add

cmake: add native `pkg-config` detection for mbedTLS, MSH3, Quiche, Rustls, wolfSSL

Also:
- detect and add required system libraries for Rustls on macOS and
non-Windows.
- add Linux CMake jobs for the touched dependencies.
Caveats:
- MSH3 generates a broken `libmsh3.pc`, so needs manual config.
Upstream PR: https://github.com/nibanks/msh3/pull/225
- Rustls `.pc` file missing, so needs manual config.

An internal change worthy of mention is that we are using the lib path
and name information returned by `pkg-config` as-is. Meaning the libname
doesn't include the full path, like it's usual with native cmake
detection. The path comes separately and needs to be rolled separately.
For this we add it to targets via `link_directories()`. We also keep tab
of them in `CURL_LIBDIRS` and use that in `libcurl.pc`. Feature checks
also need to receive these paths. CMake doesn't offer
a `CMAKE_REQUIRED_*` variable for this purpose, only
a `CMAKE_REQUIRED_LINK_OPTIONS` accepting raw linker flags. Add a macro
to convert a list of paths to linker options to solve it. wolfSSL
requires this for now.

Closes #15193

show more ...

GHA/linux, http3-linux: add CMake support, sync steps, other improvements

- use shallow clone for submodules.
- reduce total job timeout from 90/60 -> 45 minutes.
- use `$HOME` inste

GHA/linux, http3-linux: add CMake support, sync steps, other improvements

- use shallow clone for submodules.
- reduce total job timeout from 90/60 -> 45 minutes.
- use `$HOME` instead of literal.
- http3-linux: sync step yaml order with linux.yml.
- http3-linux: add cmake + ninja support like in linux.yml.
- http3-linux: dump confgure log, test config, curl -V like in linux.yml.
- http3-linux: skip restoring gnutls and wolfssl when not used.
- dump `curl_config.h`.
- fold a long line.

Closes #15242

show more ...

ci: update dependency ngtcp2/nghttp3 to v1.6.0

Closes #15161

ci: update dependency ngtcp2/ngtcp2 to v1.8.0

Closes #15162

GHA/linux: drop duplicate names from cache keys

Closes #15131

CI: bump actions/checkout from 4.1.7 to 4.2.0

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/rel

CI: bump actions/checkout from 4.1.7 to 4.2.0

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/692973e3d937129bcbf40652eb9f2f61becf3332...d632683dd7b4114ad314bca15554477dd762a938)

---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Closes #15095

show more ...

ci: tidy-ups

- http3-linux: add newlines for readability.
- http3-linux: use `make pytest` to run pytest.
- checksrc: use `|` multiline to sync with other uses.
- checksrc: prefe

ci: tidy-ups

- http3-linux: add newlines for readability.
- http3-linux: use `make pytest` to run pytest.
- checksrc: use `|` multiline to sync with other uses.
- checksrc: prefer `$()`.
- prefer `>-` over `>` for folded option lists.
- cygwin: drop a `grep` no longer necessary.

Closes #15081

show more ...

GHA linux: restore `apt-get update`

It seems like the Ubuntu apt mirror list or other preloaded data on the
Linux runner can go stale (?) throughout a single week causing failures
li

GHA linux: restore `apt-get update`

It seems like the Ubuntu apt mirror list or other preloaded data on the
Linux runner can go stale (?) throughout a single week causing failures
like this, in some of the jobs:
```
Ign:16 http://security.ubuntu.com/ubuntu jammy-updates/main amd64 libapr1-dev amd64 1.7.0-8ubuntu0.22.04.1
Err:16 mirror+file:/etc/apt/apt-mirrors.txt jammy-updates/main amd64 libapr1-dev amd64 1.7.0-8ubuntu0.22.04.1
404 Not Found [IP: 40.81.13.82 80]
Get:24 http://azure.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libnghttp2-dev amd64 1.43.0-1ubuntu0.2 [117 kB]
Get:25 http://azure.archive.ubuntu.com/ubuntu jammy-updates/main amd64 vsftpd amd64 3.0.5-0ubuntu1.1 [123 kB]
Fetched 4029 kB in 2s (1682 kB/s)
E: Failed to fetch mirror+file:/etc/apt/apt-mirrors.txt/pool/main/a/apr/libapr1-dev_1.7.0-8ubuntu0.22.04.1_amd64.deb 404 Not Found [IP: 40.81.13.82 80]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
Error: Process completed with exit code 100.
```
https://github.com/curl/curl/actions/runs/11074211380/job/30772496037#step:32:63

Restore `apt update` to fix it.

Follow-up to 1b8449674adb57ee0f60e761d654c69b20ee8fcf #14992

Closes #15082

show more ...

GHA/http3-linux: add name to align with other Linux workflows

Closes #15069

GHA: use more ninja, build examples in the last step, and more

- linux: bump up test parallelism for valgrind tests to `-j4`
(from `-j2`). (EXPERIMENTAL)
- linux: drop `apt-get upd

GHA: use more ninja, build examples in the last step, and more

- linux: bump up test parallelism for valgrind tests to `-j4`
(from `-j2`). (EXPERIMENTAL)
- linux: drop `apt-get update` for the default architecture on the GHA
native runner. It makes prereq install steps complete faster.
The runner image gets weekly updates, and that should be enough to
guarantee fresh packages in most cases:
https://github.com/actions/runner-images/commits/main/images/ubuntu/Ubuntu2204-Readme.md
- aws-lc: use ninja with cmake.
- aws-lc: build examples with cmake.
- aws-lc: drop `apt update`.
- aws-lc, wolfssl, linux32, http3-linux: move building examples to
the last step.
Follow-up to 45202cbba4bb3d12b4469063864b57d2f8765d9c #14906
- windows: formatting.

Closes #14992

show more ...