cmake: fix `HAVE_H_ERRNO_ASSIGNABLE` detection

Fix `HAVE_H_ERRNO_ASSIGNABLE` to not run, only compile its test snippet,
aligning this with autotools. This fixes an error when doing
c

cmake: fix `HAVE_H_ERRNO_ASSIGNABLE` detection

Fix `HAVE_H_ERRNO_ASSIGNABLE` to not run, only compile its test snippet,
aligning this with autotools. This fixes an error when doing
cross-builds and also actually detects this feature. It affected systems
not allowlisted into this, e.g. SerenityOS.

We used this detection result to enable `HAVE_GETADDRINFO_THREADSAFE`.

Follow-up to 04a3a377d83fd72c4cf7a96c9cb6d44785e33264 #11979
Ref: #12095 (closed in favour of this patch)
Ref: #11964 (effort to sync cmake detections with autotools)

Reported-by: Kartatz on Github
Assisted-by: Kartatz on Github
Fixes #12093
Closes #12094

show more ...

build: add `src/.checksrc` to source tarball

Regression from e5bb88b8f824ed87620bd923552534c83c2a516e #11958

Bug: https://github.com/curl/curl/pull/11958#issuecomment-1757079071

build: add `src/.checksrc` to source tarball

Regression from e5bb88b8f824ed87620bd923552534c83c2a516e #11958

Bug: https://github.com/curl/curl/pull/11958#issuecomment-1757079071
Reported-by: Romain Geissler
Fixes #12084
Closes #12085

show more ...

RELEASE-NOTES: synced

THANKS: add contributors from 8.4.0

socks: return error if hostname too long for remote resolve

Prior to this change the state machine attempted to change the remote
resolve to a local resolve if the hostname was longer th

socks: return error if hostname too long for remote resolve

Prior to this change the state machine attempted to change the remote
resolve to a local resolve if the hostname was longer than 255
characters. Unfortunately that did not work as intended and caused a
security issue.

Bug: https://curl.se/docs/CVE-2023-38545.html

show more ...

CI: remove slowed-network tests

- remove these tests as they are currently not reliable in our CI
setups.

curl handles the test cases, but CI sometimes fails on these due to

CI: remove slowed-network tests

- remove these tests as they are currently not reliable in our CI
setups.

curl handles the test cases, but CI sometimes fails on these due to
additional conditions. Rather than mix them in, an additional CI job
will be added in the future that is specific to them.

Closes https://github.com/curl/curl/pull/12075

show more ...

libcurl-env-dbg.3: move debug variables from libcurl-env.3

- Move documentation of libcurl environment variables used only in debug
builds from libcurl-env into a separate document lib

libcurl-env-dbg.3: move debug variables from libcurl-env.3

- Move documentation of libcurl environment variables used only in debug
builds from libcurl-env into a separate document libcurl-env-dbg.

- Document more debug environment variables.

Previously undocumented or missing a description:

CURL_ALTSVC_HTTP, CURL_DBG_SOCK_WBLOCK, CURL_DBG_SOCK_WPARTIAL,
CURL_DBG_QUIC_WBLOCK, CURL_DEBUG, CURL_DEBUG_SIZE, CURL_GETHOSTNAME,
CURL_HSTS_HTTP, CURL_FORCETIME, CURL_SMALLREQSEND, CURL_SMALLSENDS,
CURL_TIME.

Closes https://github.com/curl/curl/pull/11811

show more ...

test670: increase the test timeout

This should make it more immune to loaded servers.

Ref: #11328

MQTT: improve receive of ACKs

- add `mq->recvbuf` to provide buffering of incomplete
ACK responses
- continue ACK reading until sufficient bytes available
- fixes test failures

MQTT: improve receive of ACKs

- add `mq->recvbuf` to provide buffering of incomplete
ACK responses
- continue ACK reading until sufficient bytes available
- fixes test failures on low network receives

Closes #12071

show more ...

quic: fix BoringSSL build

Add guard around `SSL_CTX_set_ciphersuites()` use.

Bug: https://github.com/curl/curl/pull/12065#issuecomment-1752171885

Follow-up to aa9a6a177017e

quic: fix BoringSSL build

Add guard around `SSL_CTX_set_ciphersuites()` use.

Bug: https://github.com/curl/curl/pull/12065#issuecomment-1752171885

Follow-up to aa9a6a177017e4b74d33cdf85a3594900f4a7f81

Co-authored-by: Jay Satiro
Reviewed-by: Daniel Stenberg
Closes #12067

show more ...

test1540: improve reliability

- print that bytes have been received on pausing, but not how many

Closes #12069

test2302: improve reliability

- make result print collected write data, unless
change in meta flags is detected
- will show same result even when data arrives via
several wri

test2302: improve reliability

- make result print collected write data, unless
change in meta flags is detected
- will show same result even when data arrives via
several writecb invocations

Closes #12068

show more ...

curl_easy_pause: set "in callback" true on exit if true

Because it might have called another callback in the mean time that then
set the bit FALSE on exit.

Reported-by: Jay Sati

curl_easy_pause: set "in callback" true on exit if true

Because it might have called another callback in the mean time that then
set the bit FALSE on exit.

Reported-by: Jay Satiro
Fixes #12059
Closes #12061

show more ...

h3: add support for ngtcp2 with AWS-LC builds

```
curl 8.4.0-DEV (x86_64-apple-darwin) libcurl/8.4.0-DEV (SecureTransport) AWS-LC/1.15.0 nghttp2/1.56.0 ngtcp2/0.19.1 nghttp3/0.15.0
R

h3: add support for ngtcp2 with AWS-LC builds

```
curl 8.4.0-DEV (x86_64-apple-darwin) libcurl/8.4.0-DEV (SecureTransport) AWS-LC/1.15.0 nghttp2/1.56.0 ngtcp2/0.19.1 nghttp3/0.15.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Largefile MultiSSL NTLM SSL threadsafe UnixSockets
```

Also delete an obsolete GnuTLS TODO and update the header comment in
`FindNGTCP2.cmake`.

Reviewed-by: Daniel Stenberg
Closes #12066

show more ...

build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros

Syncing this up with CMake.

Source code uses the built-in `OPENSSL_IS_AWSLC` and
`OPENSSL_IS_BORINSSL` macros to dete

build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros

Syncing this up with CMake.

Source code uses the built-in `OPENSSL_IS_AWSLC` and
`OPENSSL_IS_BORINSSL` macros to detect BoringSSL and AWS-LC. No help is
necessary from the build tools.

The one use of `HAVE_BORINGSSL` in the source turned out to be no longer
necessary for warning-free BoringSSL + Schannel builds. Ref: #1610 #2634

autotools detects this anyway for display purposes.
CMake detects this to decide whether to use the BoringSSL-specific
crypto lib with ngtcp2. It detects AWS-LC, but doesn't use the detection
result just yet (planned in #12066).

Ref: #11964

Reviewed-by: Daniel Stenberg
Reviewed-by: Jay Satiro
Closes #12065

show more ...

CI: move distcheck job from Azure Pipelines to GitHub Actions

This will allow for more trigger excludes within Azure Pipelines.

Also fixes seemingly broken check with scripts/instal

CI: move distcheck job from Azure Pipelines to GitHub Actions

This will allow for more trigger excludes within Azure Pipelines.

Also fixes seemingly broken check with scripts/installcheck.sh.
Ref: 190374c74ec4e5247d9066544c86e8d095e1d7b5

Assisted-by: Philip Heiduck
Closes #9532

show more ...

url: fall back to http/https proxy env-variable if ws/wss not set

Reported-by: Craig Andrews
Fixes #12031
Closes #12058

cf-socket: simulate slow/blocked receives in debug

add 2 env variables for non-UDP sockets:
1. CURL_DBG_SOCK_RBLOCK: percentage of receive calls that randomly
should return EAGAIN

cf-socket: simulate slow/blocked receives in debug

add 2 env variables for non-UDP sockets:
1. CURL_DBG_SOCK_RBLOCK: percentage of receive calls that randomly
should return EAGAIN
2. CURL_DBG_SOCK_RMAX: max amount of bytes read from socket

Closes #12035

show more ...

http2: refused stream handling for retry

- answer HTTP/2 streams refused via a GOAWAY from the server to
respond with CURLE_RECV_ERROR in order to trigger a retry
on another conn

http2: refused stream handling for retry

- answer HTTP/2 streams refused via a GOAWAY from the server to
respond with CURLE_RECV_ERROR in order to trigger a retry
on another connection

Reported-by: black-desk on github
Ref #11859
Closes #12054

show more ...

CURLOPT_DEBUGFUNCTION.3: warn about internal handles

- Warn that the user's debug callback may be called with the handle
parameter set to an internal handle.

Without this warn

CURLOPT_DEBUGFUNCTION.3: warn about internal handles

- Warn that the user's debug callback may be called with the handle
parameter set to an internal handle.

Without this warning the user may assume that the only handles their
debug callback receives are the easy handles on which they set
CURLOPT_DEBUGFUNCTION.

This is a follow-up to f8cee8cc which changed DoH handles to inherit
the debug callback function set in the user's easy handle. As a result
those handles are now passed to the user's debug callback function.

Closes https://github.com/curl/curl/pull/12034

show more ...

url: fix typo

test458: verify --expand-output, expanding a file name accepting option

Verifies the fix in #12055 (commit f2c8086ff15e6e995e1)

tool_getparam: accept variable expansion on file names too

Reported-by: PBudmark on github
Fixes #12048
Closes #12055

RELEASE-NOTES: synced

multi: do CURLM_CALL_MULTI_PERFORM at two more places

... when it does a state transition but there is no particular socket or
timer activity. This was made apparent when commit b5bb84c

multi: do CURLM_CALL_MULTI_PERFORM at two more places

... when it does a state transition but there is no particular socket or
timer activity. This was made apparent when commit b5bb84c removed a
superfluous timer expiry.

Reported-by: Dan Fandrich.
Fixes #12033
Closes #12056

show more ...