autotools: stop setting `-std=gnu89` with `--enable-warnings`

Do not alter the C standard when building with `--enable-warnings` when
building with gcc.

On one hand this alters

autotools: stop setting `-std=gnu89` with `--enable-warnings`

Do not alter the C standard when building with `--enable-warnings` when
building with gcc.

On one hand this alters warning results compared to a default build.
On the other, it may produce different binaries, which is unexpected.

Also fix new warnings that appeared after removing `-std=gnu89`:

- include: fix public curl headers to use the correct printf mask for
`CURL_FORMAT_CURL_OFF_T` and `CURL_FORMAT_CURL_OFF_TU` with mingw-w64
and Visual Studio 2013 and newer. This fixes the printf mask warnings
in examples and tests. E.g. [1]

- conncache: fix printf format string [2].

- http2: fix potential null pointer dereference [3].
(seen on Slackware with gcc 11.)

- libssh: fix printf format string in SFTP code [4].
Also make MSVC builds compatible with old CRT versions.

- libssh2: fix printf format string in SFTP code for MSVC.
Applying the same fix as for libssh above.

- unit1395: fix `argument is null` and related issues [5]:
- stop calling `strcmp()` with NULL to avoid undefined behaviour.
- fix checking results if some of them were NULL.
- do not pass NULL to printf `%s`.

- ci: keep a build job with `-std=gnu89` to continue testing for
C89-compliance. We can apply this to other gcc jobs as needed.
Ref: b23ce2cee7329bbf425f18b49973b7a5f23dfcb4 (2022-09-23) #9542

[1] https://dev.azure.com/daniel0244/curl/_build/results?buildId=18581&view=logs&jobId=ccf9cc6d-2ef1-5cf2-2c09-30f0c14f923b
[2] https://github.com/curl/curl/actions/runs/6896854263/job/18763831142?pr=12346#step:6:67
[3] https://github.com/curl/curl/actions/runs/6896854253/job/18763839238?pr=12346#step:30:214
[4] https://github.com/curl/curl/actions/runs/6896854253/job/18763838007?pr=12346#step:29:895
[5] https://github.com/curl/curl/actions/runs/6896854253/job/18763836775?pr=12346#step:33:1689

Closes #12346

show more ...

build: always revert `#pragma GCC diagnostic` after use

Before this patch some source files were overriding gcc warning options,
but without restoring them at the end of the file. In CMa

build: always revert `#pragma GCC diagnostic` after use

Before this patch some source files were overriding gcc warning options,
but without restoring them at the end of the file. In CMake UNITY builds
these options spilled over to the remainder of the source code,
effecitvely disabling them for a larger portion of the codebase than
intended.

`#pragma clang diagnostic` didn't have such issue in the codebase.

Reviewed-by: Marcel Raad
Closes #12352

show more ...

lib: client writer, part 2, accounting + logging

This PR has these changes:

Renaming of unencode_* to cwriter, e.g. client writers
- documentation of sendf.h functions
- mov

lib: client writer, part 2, accounting + logging

This PR has these changes:

Renaming of unencode_* to cwriter, e.g. client writers
- documentation of sendf.h functions
- move max decode stack checks back to content_encoding.c
- define writer phase which was used as order before
- introduce phases for monitoring inbetween decode phases
- offering default implementations for init/write/close

Add type paramter to client writer's do_write()
- always pass all writes through the writer stack
- writers who only care about BODY data will pass other writes unchanged

add RAW and PROTOCOL client writers
- RAW used for Curl_debug() logging of CURLINFO_DATA_IN
- PROTOCOL used for updates to data->req.bytecount, max_filesize checks and
Curl_pgrsSetDownloadCounter()
- remove all updates of data->req.bytecount and calls to
Curl_pgrsSetDownloadCounter() and Curl_debug() from other code
- adjust test457 expected output to no longer see the excess write

Closes #12184

show more ...

cfilter: provide call to tell connection to forget a socket

- fixed libssh.c workaround for a socket being closed by
the library
- eliminate the terrible hack in cf-socket.c to gue

cfilter: provide call to tell connection to forget a socket

- fixed libssh.c workaround for a socket being closed by
the library
- eliminate the terrible hack in cf-socket.c to guess when
this happened and try not closing the socket again.
- fixes race in eyeballing when socket could have failed to
be closed for a discarded connect attempt

Closes #12207

show more ...

spelling: fix codespell 2.2.6 typos

Closes #12019

libssh: cap SFTP packet size sent

Due to libssh limitations

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Closes #11804

spelling: use 'reuse' not 're-use' in code and elsewhere

Unify the spelling as both versions were previously used intermittently

Closes #11717

cmake: cache more config and delete unused ones

- cache more Windows config results for faster initialization.

- delete unused config macros `HAVE_SYS_UTSNAME_H`, `HAVE_SSL_H`.

cmake: cache more config and delete unused ones

- cache more Windows config results for faster initialization.

- delete unused config macros `HAVE_SYS_UTSNAME_H`, `HAVE_SSL_H`.

- delete dead references to `sys/utsname.h`.

Closes #11551

show more ...

libssh: when keyboard-interactive auth fails, try password

The state machine had a mistake in that it would not carry on to that
next step.

This also adds a verbose output what

libssh: when keyboard-interactive auth fails, try password

The state machine had a mistake in that it would not carry on to that
next step.

This also adds a verbose output what methods that are available from the
server and renames the macros that change to the next auth methods to
try.

Reported-by: 左潇峰
Fixes #11196
Closes #11197

show more ...

libssh: tell it to use SFTP non-blocking

Reported-by: Andreas Huebner
Fixes #11020
Closes #11039

lib: unify the upload/method handling

By making sure we set state.upload based on the set.method value and not
independently as set.upload, we reduce confusion and mixup risks, both

lib: unify the upload/method handling

By making sure we set state.upload based on the set.method value and not
independently as set.upload, we reduce confusion and mixup risks, both
internally and externally.

Closes #11017

show more ...

libssh: use dynbuf instead of realloc

When building lines to show for SFTP directory listings.

Closes #10778

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- save

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING

checksrc is updated to allow non-year using copyright statements

Closes #10205

show more ...

netware: remove leftover traces

Commit 3b16575ae938dec2a29454631a12aa52b6ab9c67 removed support for
building on Novell Netware, but a few leftover traces remained. This
removes the l

netware: remove leftover traces

Commit 3b16575ae938dec2a29454631a12aa52b6ab9c67 removed support for
building on Novell Netware, but a few leftover traces remained. This
removes the last bits.

Closes: #9966
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

vtls: localization of state data in filters

- almost all backend calls pass the Curl_cfilter intance instead of
connectdata+sockindex
- ssl_connect_data is remove from struct co

vtls: localization of state data in filters

- almost all backend calls pass the Curl_cfilter intance instead of
connectdata+sockindex
- ssl_connect_data is remove from struct connectdata and made internal
to vtls
- ssl_connect_data is allocated in the added filter, kept at cf->ctx

- added function to let a ssl filter access its ssl_primary_config and
ssl_config_data this selects the propert subfields in conn and data,
for filters added as plain or proxy
- adjusted all backends to use the changed api
- adjusted all backends to access config data via the exposed
functions, no longer using conn or data directly

cfilter renames for clear purpose:

- methods `Curl_conn_*(data, conn, sockindex)` work on the complete
filter chain at `sockindex` and connection `conn`.
- methods `Curl_cf_*(cf, ...)` work on a specific Curl_cfilter
instance.
- methods `Curl_conn_cf()` work on/with filter instances at a
connection.
- rebased and resolved some naming conflicts
- hostname validation (und session lookup) on SECONDARY use the same
name as on FIRST (again).

new debug macros and removing connectdata from function signatures where not
needed.

adapting schannel for new Curl_read_plain paramter.

Closes #9919

show more ...

lib: parse numbers with fixed known base 10

... instead of using 0 argument that allows decimal, hex or octal when
the number is documented and assumed to use base 10.

Closes #9

lib: parse numbers with fixed known base 10

... instead of using 0 argument that allows decimal, hex or octal when
the number is documented and assumed to use base 10.

Closes #9933

show more ...

lib: remove bad set.opt_no_body assignments

This struct field MUST remain what the application set it to, so that
handle reuse and handle duplication work.

Instead, the request

lib: remove bad set.opt_no_body assignments

This struct field MUST remain what the application set it to, so that
handle reuse and handle duplication work.

Instead, the request state bit 'no_body' is introduced for code flows
that need to change this in run-time.

Closes #9888

show more ...

lib: connection filters (cfilter) addition to curl:

- general construct/destroy in connectdata
- default implementations of callback functions
- connect: cfilters for connect and

lib: connection filters (cfilter) addition to curl:

- general construct/destroy in connectdata
- default implementations of callback functions
- connect: cfilters for connect and accept
- socks: cfilter for socks proxying
- http_proxy: cfilter for http proxy tunneling
- vtls: cfilters for primary and proxy ssl
- change in general handling of data/conn
- Curl_cfilter_setup() sets up filter chain based on data settings,
if none are installed by the protocol handler setup
- Curl_cfilter_connect() boot straps filters into `connected` status,
used by handlers and multi to reach further stages
- Curl_cfilter_is_connected() to check if a conn is connected,
e.g. all filters have done their work
- Curl_cfilter_get_select_socks() gets the sockets and READ/WRITE
indicators for multi select to work
- Curl_cfilter_data_pending() asks filters if the have incoming
data pending for recv
- Curl_cfilter_recv()/Curl_cfilter_send are the general callbacks
installed in conn->recv/conn->send for io handling
- Curl_cfilter_attach_data()/Curl_cfilter_detach_data() inform filters
and addition/removal of a `data` from their connection
- adding vtl functions to prevent use of Curl_ssl globals directly
in other parts of the code.

Reviewed-by: Daniel Stenberg
Closes #9855

show more ...

libssh: if sftp_init fails, don't get the sftp error code

This flow extracted the wrong code (sftp code instead of ssh code), and
the code is sometimes (erroneously) returned as zero any

libssh: if sftp_init fails, don't get the sftp error code

This flow extracted the wrong code (sftp code instead of ssh code), and
the code is sometimes (erroneously) returned as zero anyway, so skip
getting it and set a generic error.

Reported-by: David McLaughlin
Fixes #9737
Closes #9740

show more ...

misc: ISSPACE() => ISBLANK()

Instances of ISSPACE() use that should rather use ISBLANK(). I think
somewhat carelessly used because it sounds as if it checks for space or
whitespace,

misc: ISSPACE() => ISBLANK()

Instances of ISSPACE() use that should rather use ISBLANK(). I think
somewhat carelessly used because it sounds as if it checks for space or
whitespace, but also includes %0a to %0d.

For parsing purposes, we should only accept what we must and not be
overly liberal. It leads to surprises and surprises lead to bad things.

Closes #9432

show more ...

libssh: ignore deprecation warnings

libssh 0.10.0 marks all SCP functions as "deprecated" which causes
compiler warnings and errors in our CI jobs and elsewhere. Ignore
deprecation w

libssh: ignore deprecation warnings

libssh 0.10.0 marks all SCP functions as "deprecated" which causes
compiler warnings and errors in our CI jobs and elsewhere. Ignore
deprecation warnings if 0.10.0 or later is found in the build.

If they actually remove the functions at a later point, then someone can
deal with that pain and functionality break then.

Fixes #9382
Closes #9383

show more ...

libssh: make atime/mtime date overflow return error

Closes #9328

libssh: setting atime or mtime > 32bit is now just skipped

The libssh API used caps the time to an unsigned 32bit variable. Avoid
nasty surprises by instead not setting such time.

libssh: setting atime or mtime > 32bit is now just skipped

The libssh API used caps the time to an unsigned 32bit variable. Avoid
nasty surprises by instead not setting such time.

Spotted by Coverity.

Closes #9324

show more ...

libssh: skip the fake-close when libssh does the right thing

Starting in libssh 0.10.0 ssh_disconnect() will no longer close our
socket. Instead it will be kept alive as we want it, and

libssh: skip the fake-close when libssh does the right thing

Starting in libssh 0.10.0 ssh_disconnect() will no longer close our
socket. Instead it will be kept alive as we want it, and it is our
responsibility to close it later.

Ref: #8718
Ref: https://gitlab.com/libssh/libssh-mirror/-/merge_requests/240
Closes #9021

show more ...

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.

This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.

Closes #8869

show more ...