cd2nroff/manage: use UTC when SOURCE_DATE_EPOCH is set

Make them independent of the TZ setting. Also set a date string like
YYYY-MM-DD to avoid a local month name in the date.

R

cd2nroff/manage: use UTC when SOURCE_DATE_EPOCH is set

Make them independent of the TZ setting. Also set a date string like
YYYY-MM-DD to avoid a local month name in the date.

Reported-by: Carlos Henrique Lima Melara
Fixes #13242
Closes #13243

show more ...

RELEASE-NOTES: synced

docs/MAIL-ETIQUETTE: convert to markdown

To render nicer. To get spellchecked.

Closes #13247

reuse: add copyright + license info to individual docs/*.md files

Instead of use 'docs/*.md' in dep5. For clarity and avoiding a wide-
matching wildcard.

+ Remove mention of old

reuse: add copyright + license info to individual docs/*.md files

Instead of use 'docs/*.md' in dep5. For clarity and avoiding a wide-
matching wildcard.

+ Remove mention of old files from .reuse/dep5
+ add info to .github/dependabot.yml
+ make scripts/copyright.pl warn on non-matching patterns

Closes #13245

show more ...

test470: warn about unicode quote character read from config file

Idea-by: Emanuele Torre

test469: verify warning when argument has unicode quote

tool_getparam: output warning for leading unicode quote character

... in the option argument.

Typically this is a mistake done when copying example command lines from
online doc

tool_getparam: output warning for leading unicode quote character

... in the option argument.

Typically this is a mistake done when copying example command lines from
online documentation using the wrong quote character.

Presumably there are also other potential quote characters that might be
used, and this check is done without even knowing that unicode is used!

Reported-by: Sanjay Pujare
Fixes #13214
Closes #13215

show more ...

tool: follow-up getenv fix

Remove a double free. Change the IPFS env use to a plain getenv() simply
because coverity gets confused.

Follow-up to 9126b141c9398fe
Closes #13241

idn: make Curl_idnconvert_hostname() use Curl_idn_decode()

In the name of less code duplication

Closes #13236

curl-confopts.m4: define CARES_NO_DEPRECATED when c-ares is used

Starting in 1.28.0 c-ares added deprecation warnings for some API calls
libcurl uses.

Closes #13240

vquic: use CURL_FORMAT_CURL_OFF_T for 64 bit printf output

Reported-by: Keitagit-kun on github
Fixes #13224
Closes #13231

openldap: create ldap URLs correctly for IPv6 addresses

Reported-by: Sergio Durigan Junior
Fixes #13228
Closes #13235

curl: use curl_getenv instead of the curlx_ version

The curlx one was once introduced when we still considered dropping the
libcurl function at some point. To reduce confusion and to mak

curl: use curl_getenv instead of the curlx_ version

The curlx one was once introduced when we still considered dropping the
libcurl function at some point. To reduce confusion and to make it
easier to understand when curl_free() should be used, use the actual
libcurl function call directly instead.

Closes #13230

show more ...

curl_sha512_256: do not use workaround for NetBSD when not needed

Assisted-by: riastradh on github
Assisted-by: Michael Kaufmann
Closes #13225

m4: fix rustls pkg-config codepath

The previous pkg-config code would successfully detect rustls but did
not set all appropriate variables and call the right macros to properly
confi

m4: fix rustls pkg-config codepath

The previous pkg-config code would successfully detect rustls but did
not set all appropriate variables and call the right macros to properly
configure cURL.

Reported-by: kpcyrd on github
Fixes #13200
Closes #13202

show more ...

deps: update librustls 0.12.0 -> 0.13.0

This commit updates the optional rustls-ffi librustls dependency from
0.12.0 to 0.13.0. This version is based on the latest available rustls
r

deps: update librustls 0.12.0 -> 0.13.0

This commit updates the optional rustls-ffi librustls dependency from
0.12.0 to 0.13.0. This version is based on the latest available rustls
release (0.23.4).

The breaking API changes from 0.12.0 to 0.13.0 are in API surface unused
by curl, so this is an in-place update without any code changes.

The `RUSTLS.md` documentation is updated to reflect the new version in
use, and to clarify that `cbindgen` isn't required to build `librustls`
- it's only used by developers to update the vendored `rustls.h` header
file maintained upstream.

Closes #13238

show more ...

RELEASE-NOTES: synced

tool_xattr: "guess" URL scheme if none is provided

... when figuring out the source URL to store.

Reported-by: Dagfinn Ilmari Mannsåker
Fixes #13205
Closes #13221

tool_xattr: in debug builds, act normally if CURL_FAKE_XATTR is not set

Closes #13220

content_encoding: brotli and others, pass through 0-length writes

- curl's transfer handling may write 0-length chunks at the end of the
download with an EOS flag. (HTTP/2 does this co

content_encoding: brotli and others, pass through 0-length writes

- curl's transfer handling may write 0-length chunks at the end of the
download with an EOS flag. (HTTP/2 does this commonly)

- content encoders need to pass-through such a write and not count this
as error in case they are finished decoding

Fixes #13209
Fixes #13212
Closes #13219

show more ...

libssh2: set length to 0 if strdup failed

Internally, libssh2 dereferences the NULL pointer if length is non-zero.
The callback function cannot return the error condition, so at least

libssh2: set length to 0 if strdup failed

Internally, libssh2 dereferences the NULL pointer if length is non-zero.
The callback function cannot return the error condition, so at least
prevent subsequent crash.

Closes #13213

show more ...

RELEASE-PROCEDURE: mention an initial working build

This is the step that was not done and caused the 8.7.0 mishap (it
lacked the correctly generated hugehelp file).

Remove the

RELEASE-PROCEDURE: mention an initial working build

This is the step that was not done and caused the 8.7.0 mishap (it
lacked the correctly generated hugehelp file).

Remove the mention of the copyright script as this is verified by a CI
job these days: the REUSE one.

Closes #13216

show more ...

curl_sha512_255: fix detection of OpenSSL 1.1.1 or later

Use the same OPENSSL_VERSION_NUMBER comparison as in lib/vtls/openssl.c.

Closes #13208

cf-socket: remove references to l_ip, l_port

Fixes #13210
Closes #13211

openssl: do not set SSL_MODE_RELEASE_BUFFERS

While it might save some memory, it causes OpenSSL to instead do a huge
amount of allocations.

Ref: #13136
Closes #13203