TODO: Select signature algorithms

Closes #12982

examples: use present tense in comments

remove "will" and some other word fixes

Closes #13003

docs: more language cleanups

- present tense
- avoid bad words

Closes #13003

setopt: Fix disabling all protocols

When disabling all protocols without enabling any, the resulting
set of allowed protocols remained the default set. Clearing the
allowed set befo

setopt: Fix disabling all protocols

When disabling all protocols without enabling any, the resulting
set of allowed protocols remained the default set. Clearing the
allowed set before inspecting the passed value from --proto make
the set empty even in the errorpath of no protocols enabled.

Co-authored-by: Dan Fandrich <dan@telarity.com>
Reported-by: Dan Fandrich <dan@telarity.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Closes: #13004

show more ...

fopen: fix narrowing conversion warning on 32-bit Android

This was fixed in commit 06dc599405f, but came back in commit
03cb1ff4d62.

When building for 32-bit ARM or x86 Android,

fopen: fix narrowing conversion warning on 32-bit Android

This was fixed in commit 06dc599405f, but came back in commit
03cb1ff4d62.

When building for 32-bit ARM or x86 Android, `st_mode` is defined as
`unsigned int` instead of `mode_t`, resulting in a
`-Wimplicit-int-conversion` clang warning because `mode_t` is
`unsigned short`. Add a cast to silence the warning, but only for
32-bit Android builds, because other architectures and platforms are
not affected.

Ref: https://android.googlesource.com/platform/bionic/+/refs/tags/ndk-r25c/libc/include/sys/stat.h#86
Closes https://github.com/curl/curl/pull/12998

show more ...

lib: Curl_read/Curl_write clarifications

- replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to
clarify when and at what level they operate
- send/recv of transfer related

lib: Curl_read/Curl_write clarifications

- replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to
clarify when and at what level they operate
- send/recv of transfer related data is now done via
`Curl_xfer_send()/Curl_xfer_recv()` which no longer has
socket/socketindex as parameter. It decides on the transfer
setup of `conn->sockfd` and `conn->writesockfd` on which
connection filter chain to operate.
- send/recv on a specific connection filter chain is done via
`Curl_conn_send()/Curl_conn_recv()` which get the socket index
as parameter.
- rename `Curl_setup_transfer()` to `Curl_xfer_setup()` for
naming consistency
- clarify that the special CURLE_AGAIN hangling to return
`CURLE_OK` with length 0 only applies to `Curl_xfer_send()`
and CURLE_AGAIN is returned by all other send() variants.
- fix a bug in websocket `curl_ws_recv()` that mixed up data
when it arrived in more than a single chunk

The method for sending not just raw bytes, but bytes that are either
"headers" or "body". The send abstraction stack, to to bottom, now is:

* `Curl_req_send()`: has parameter to indicate amount of header bytes,
buffers all data.
* `Curl_xfer_send()`: knows on which socket index to send, returns
amount of bytes sent.
* `Curl_conn_send()`: called with socket index, returns amount of bytes
sent.

In addition there is `Curl_req_flush()` for writing out all buffered
bytes.

`Curl_req_send()` is active for requests without body,
`Curl_buffer_send()` still being used for others. This is because the
special quirks need to be addressed in future parts:

* `expect-100` handling
* `Curl_fillreadbuffer()` needs to add directly to the new
`data->req.sendbuf`
* special body handlings, like `chunked` encodings and line end
conversions will be moved into something like a Client Reader.

In functions of the pattern `CURLcode xxx_send(..., ssize_t *written)`,
replace the `ssize_t` with a `size_t`. It makes no sense to allow for negative
values as the returned `CURLcode` already specifies error conditions. This
allows easier handling of lengths without casting.

Closes #12964

show more ...

multi: make add_handle free any multi_easy

If the easy handle that is being added to a multi handle has previously
been used for curl_easy_perform(), there is a private multi handle here

multi: make add_handle free any multi_easy

If the easy handle that is being added to a multi handle has previously
been used for curl_easy_perform(), there is a private multi handle here
that we can kill off. While it flushes some caches etc for the easy
handle would it be used for an easy interface transfer again after being
used in the multi stack, this cleanup simplifies behavior and uses less
memory.

Closes #12992

show more ...

docs: use present tense

avoid "will", detect "will" as a bad word in the CI

Also line wrapped a bunch of paragraphs

Closes #13001

CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return

... and cleanup other language.

Closes #12999

lib: send rework

Curl_read/Curl_write clarifications

- replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to 1clarify
when and at what level they operate

- sen

lib: send rework

Curl_read/Curl_write clarifications

- replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to 1clarify
when and at what level they operate

- send/recv of transfer related data is now done via
`Curl_xfer_send()/Curl_xfer_recv()` which no longer has
socket/socketindex as parameter. It decides on the transfer setup of
`conn->sockfd` and `conn->writesockfd` on which connection filter
chain to operate.

- send/recv on a specific connection filter chain is done via
`Curl_conn_send()/Curl_conn_recv()` which get the socket index as
parameter.

- rename `Curl_setup_transfer()` to `Curl_xfer_setup()` for naming
consistency

- clarify that the special CURLE_AGAIN handling to return `CURLE_OK`
with length 0 only applies to `Curl_xfer_send()` and CURLE_AGAIN is
returned by all other send() variants.

SingleRequest reshuffling

- move functions into request.[ch]
- differentiate between reset and free
- add Curl_req_done() to perform last actions
- add a send `bufq` to SingleRequest for future use in keeping upload data

Closes #12963

show more ...

RELEASE-NOTES: synced

http_chunks: remove unused 'endptr' variable

Closes #12996

lib: initialize output pointers to NULL before calling strto[ff,l,ul]

In order to make MSAN happy:

==2200945==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x5

lib: initialize output pointers to NULL before calling strto[ff,l,ul]

In order to make MSAN happy:

==2200945==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x596f3b3ed246 in curlx_strtoofft [...]/libcurl/src/lib/strtoofft.c:239:11
#1 0x596f3b402156 in Curl_httpchunk_read [...]/libcurl/src/lib/http_chunks.c:149:12
#2 0x596f3b348550 in readwrite_data [...]/libcurl/src/lib/transfer.c:607:11
[...]

==2202041==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x5a3fab66a72a in Curl_parse_port [...]/libcurl/src/lib/urlapi.c:547:8
#1 0x5a3fab650645 in parse_authority [...]/libcurl/src/lib/urlapi.c:796:12
#2 0x5a3fab6740f6 in parseurl [...]/libcurl/src/lib/urlapi.c:1176:16
#3 0x5a3fab664fc5 in parseurl_and_replace [...]/libcurl/src/lib/urlapi.c:1342:12
[...]

==2202320==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x569076a0d6b0 in ipv4_normalize [...]/libcurl/src/lib/urlapi.c:683:12
#1 0x5690769f2820 in parse_authority [...]/libcurl/src/lib/urlapi.c:803:10
#2 0x569076a160f6 in parseurl [...]/libcurl/src/lib/urlapi.c:1176:16
#3 0x569076a06fc5 in parseurl_and_replace [...]/libcurl/src/lib/urlapi.c:1342:12
[...]

Signed-off-by: Louis Solofrizzo <lsolofrizzo@scaleway.com>
Closes #12995

show more ...

lib: move client writer into own source

Refactoring of the client writer that passes the data to the
client/application's callback functions.

- split out into own source cw-out.

lib: move client writer into own source

Refactoring of the client writer that passes the data to the
client/application's callback functions.

- split out into own source cw-out.[ch] from sendf.c

- move tempwrite and tempcount from data->state into the context of the
client writer

- redesign the 3 tempwrite dynbufs as a linked list of dynbufs. On
paused transfers, this allows to "record" interleaved HEADER/BODY
chunks to be "played back" in the same order on unpausing.

- keep the overall size limit of all buffered data to DYN_PAUSE_BUFFER.
On exceeding that, return CURLE_TOO_LARGE instead of
CURLE_OUT_OF_MEMORY as before.

- add method to be called when a transfer is DONE to allow writing of
any data still buffered

- when paused, record HEADER writes exactly as they come for later
playback. HEADERs are documented to be written one-by-one.

Closes #12898

show more ...

urldata: move authneg bit from conn to Curl_easy

- from `conn->bits.authneg` to `data->req.authneg`
- this is a property of the request about to be made
and not a property of the c

urldata: move authneg bit from conn to Curl_easy

- from `conn->bits.authneg` to `data->req.authneg`
- this is a property of the request about to be made
and not a property of the connection
- in multiuse connections, transfer could step on each others
toes here potentially.

Closes #12949

show more ...

c-hyper: add header collection writer in hyper builds

Closes #12880

http: move headers collecting to writer

- add a client writer that does "push" response
headers written to the client if the headers api
is enabled
- remove special handling

http: move headers collecting to writer

- add a client writer that does "push" response
headers written to the client if the headers api
is enabled
- remove special handling in sendf.c
- needs to be installed very early on connection
setup to catch CONNECT response headers

Closes #12880

show more ...

sendf: Curl_client_write(), make passed in buf const

lib: remove curl_mimepart object when CURL_DISABLE_MIME

Remove curl_mimepart object from UserDefined structure when
CURL_DISABLE_MIME flag is active. Reduce size of UserDefined structure

lib: remove curl_mimepart object when CURL_DISABLE_MIME

Remove curl_mimepart object from UserDefined structure when
CURL_DISABLE_MIME flag is active. Reduce size of UserDefined structure.

Also remove unreachable code: when CURL_DISABLE_MIME is set, httpreq can
never have HTTPREQ_POST_MIME value and the same goes for the
CURL_DISABLE_FORM_API flag and the HTTPREQ_POST_FORM value

Closes #12948

show more ...

rustls: make curl compile with 0.12.0

Closes #12989

strtoofft: fix the overflow check

... to not rely on wrapping, since it is an undefined behavior that is
not what always might happen. This is in our private strtoff() parser
functio

strtoofft: fix the overflow check

... to not rely on wrapping, since it is an undefined behavior that is
not what always might happen. This is in our private strtoff() parser
function, used only on platforms without a native version.

Reported-by: vulnerabilityspotter on hackerone
Closes #12990

show more ...

libssh/libssh2: return error on too big range

If trying to get the range 0 - 2^63 and the remote file is 2^63 bytes or
larger.

Fixes #12983
Closes #12984

setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value

Prior to this change CURLOPT_PROXY_TLSAUTH_TYPE would return
CURLE_BAD_FUNCTION_ARGUMENT on any type other than NULL. Since there i

setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value

Prior to this change CURLOPT_PROXY_TLSAUTH_TYPE would return
CURLE_BAD_FUNCTION_ARGUMENT on any type other than NULL. Since there is
only one type of TLS auth and it is also the default (SRP) the TLS auth
would work anyway.

Closes https://github.com/curl/curl/pull/12981

show more ...

mprintf: fix format prefix I32/I64 for windows compilers

- Support I32 & I64 (eg: %I64d) for all Win32 builds.

Prior to this change mprintf support for the I format prefix, which is

mprintf: fix format prefix I32/I64 for windows compilers

- Support I32 & I64 (eg: %I64d) for all Win32 builds.

Prior to this change mprintf support for the I format prefix, which is a
Microsoft extension, was dependent on the compiler used.

When Borland compiler support was removed in fd7ef00f the prefix was
then no longer supported for that compiler; however since it's still
possible to build with Borland I'm restoring support for the prefix in
this way.

Reported-by: Paweł Witas

Fixes https://github.com/curl/curl/issues/12944
Closes https://github.com/curl/curl/pull/12950

show more ...

cd2nroff: gen: make `\>` in input to render as plain '>' in output

The same (copy and pasted) fix/mistake as in gen.pl