curl: add support for the IPFS protocols:

- ipfs://<cid>
- ipns://<cid>

This allows you tu use ipfs in curl like:
curl ipfs://<cid>
and
curl ipns://<cid>

Fo

curl: add support for the IPFS protocols:

- ipfs://<cid>
- ipns://<cid>

This allows you tu use ipfs in curl like:
curl ipfs://<cid>
and
curl ipns://<cid>

For more information consult the readme at:
https://curl.se/docs/ipfs.html

Closes #8805

show more ...

bufq: remove Curl_bufq_skip_and_shift (unused)

Closes #11915

scripts/singleuse.pl: add curl_global_trace

cmake: fix unity symbol collisions in h2 builds

Regression from 331b89a319d0067fa1e6441719307cfef9c7960f

Reviewed-by: Daniel Stenberg
Reviewed-by: Jay Satiro
Closes #11912

RELEASE-NOTES: synced

github/labeler: improve the match patterns

This includes new rules for setting the appleOS and logging labels and
matches on some example files. Also, enable dot mode for wildcard
ma

github/labeler: improve the match patterns

This includes new rules for setting the appleOS and logging labels and
matches on some example files. Also, enable dot mode for wildcard
matches in the .github directory.

show more ...

upload-file.d: describe the file name slash/backslash handling

Closes #11911

libssh: cap SFTP packet size sent

Due to libssh limitations

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Closes #11804

curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0

Closes #11905

mailmap: unify Michael Osipov under a single email

docs: use CURLSSLBACKEND_NONE

[ssl] use CURLSSLBACKEND_NONE instead of (curl_sslbackend)-1 in
documentation and examples.

Signed-off-by: Ted Lyngmo <ted@lyncon.se>

Clos

docs: use CURLSSLBACKEND_NONE

[ssl] use CURLSSLBACKEND_NONE instead of (curl_sslbackend)-1 in
documentation and examples.

Signed-off-by: Ted Lyngmo <ted@lyncon.se>

Closes #11909

show more ...

github/labeler: give the sync-labels config item a default value

This shouldn't be necessary and is likely a bug with this beta version
of the labeller.

Also, fix the negative m

github/labeler: give the sync-labels config item a default value

This shouldn't be necessary and is likely a bug with this beta version
of the labeller.

Also, fix the negative matches for the documentation label.

Follow-up to dd12b452a
Closes #11907

show more ...

github/labeler: fix up more the labeler config format

The new version didn't like the workaround we had for a bug in the
previous labeler version, and it should no longer be needed.

github/labeler: fix up more the labeler config format

The new version didn't like the workaround we had for a bug in the
previous labeler version, and it should no longer be needed.

Follow-up to dd12b452a
Closes #11906

show more ...

github/labeler: fix indenting to try to appease labeller

Follow-up to dd12b452a

libssh2: fix error message on failed pubkey-from-file

- If libssh2_userauth_publickey_fromfile_ex returns -1 then show error
message "SSH public key authentication failed: Reason unkno

libssh2: fix error message on failed pubkey-from-file

- If libssh2_userauth_publickey_fromfile_ex returns -1 then show error
message "SSH public key authentication failed: Reason unknown (-1)".

When libssh2_userauth_publickey_fromfile_ex returns -1 it does so as a
generic error and therefore doesn't set an error message. AFAICT that is
not documented behavior.

Prior to this change libcurl retrieved the last set error message which
would be from a previous function failing. That resulted in misleading
auth failed error messages in verbose mode.

Bug: https://github.com/curl/curl/issues/11837#issue-1891827355
Reported-by: consulion@users.noreply.github.com

Closes https://github.com/curl/curl/pull/11881

show more ...

pytest: exclude test_03_goaway in CI runs due to timing dependency

Closes #11860

lib: disambiguate Curl_client_write flag semantics

- use CLIENTWRITE_BODY *only* when data is actually body data
- add CLIENTWRITE_INFO for meta data that is *not* a HEADER
- debug a

lib: disambiguate Curl_client_write flag semantics

- use CLIENTWRITE_BODY *only* when data is actually body data
- add CLIENTWRITE_INFO for meta data that is *not* a HEADER
- debug assertions that BODY/INFO/HEADER is not used mixed
- move `data->set.include_header` check into Curl_client_write
so protocol handlers no longer have to care
- add special in FTP for `data->set.include_header` for historic,
backward compatible reasons
- move unpausing of client writes from easy.c to sendf.c, so that
code is in one place and can forward flags correctly

Closes #11885

show more ...

tftpd: always use curl's own tftp.h

Using the system's provided arpa/tftp.h and optimizing, GCC 12 detects
and reports a stringop-overread warning:

tftpd.c: In function ‘write_b

tftpd: always use curl's own tftp.h

Using the system's provided arpa/tftp.h and optimizing, GCC 12 detects
and reports a stringop-overread warning:

tftpd.c: In function ‘write_behind.isra’:
tftpd.c:485:12: warning: ‘write’ reading between 1 and 2147483647 bytes from a region of size 0 [-Wstringop-overread]
485 | return write(test->ofile, writebuf, count);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from tftpd.c:71:
/usr/include/arpa/tftp.h:58:30: note: source object ‘tu_data’ of size 0
58 | char tu_data[0]; /* data or error string */
| ^~~~~~~

This occurs because writebuf points to this field and the latter
cannot be considered as being of dynamic length because it is not
the last field in the structure. Thus it is bound to its declared
size.

This commit always uses curl's own version of tftp.h where the
target field is last in its structure, effectively avoiding the
warning.

As HAVE_ARPA_TFTP_H is not used anymore, cmake/configure checks for
arpa/tftp.h are removed.

Closes #11897

show more ...

test1474: make precheck more robust on non-Solaris systems

If uname -r returns something odd, perl could return an error code and
the test would be erroneously skipped. The qx// syntax a

test1474: make precheck more robust on non-Solaris systems

If uname -r returns something odd, perl could return an error code and
the test would be erroneously skipped. The qx// syntax avoid this.

Followup to 08f9b2148

show more ...

github/labeler: switch to the 5 beta version

This version adds an important feature that will allow more PRs to be
labelled. Rather than being limited to labeling PRs with files that

github/labeler: switch to the 5 beta version

This version adds an important feature that will allow more PRs to be
labelled. Rather than being limited to labeling PRs with files that
match a single glob, it can now label them if multiple changed files
match any one of a number of globs.

show more ...

lib: enable hmac for digest as well

Previously a build that disabled NTLM and aws-sigv4 would fail to build
since the hmac was disabled, but it is also needed for digest auth.

F

lib: enable hmac for digest as well

Previously a build that disabled NTLM and aws-sigv4 would fail to build
since the hmac was disabled, but it is also needed for digest auth.

Follow-up to e92edfbef64448ef

Fixes #11890
Reported-by: Aleksander Mazur
Closes #11896

show more ...

idn: if idn2_check_version returns NULL, return error

... this avoids a NULL dereference for this unusual case.

Reported-by: s0urc3_ on hackerone
Closes #11898

http: fix CURL_DISABLE_BEARER_AUTH breakage

When bearer auth was disabled, the if/else logic got wrong and caused
problems.

Follow-up to e92edfbef64448ef461
Fixes #11892

http: fix CURL_DISABLE_BEARER_AUTH breakage

When bearer auth was disabled, the if/else logic got wrong and caused
problems.

Follow-up to e92edfbef64448ef461
Fixes #11892
Reported-by: Aleksander Mazur
Closes #11895

show more ...

wolfssl: allow capath with CURLOPT_CAINFO_BLOB

Remain consistent with OpenSSL. While CAfile is nulled as documented
with CURLOPT_CAINFO_BLOB, CApath remains intact.

Closes #11886

wolfssl: use ssl_cafile/ssl_capath variables consistent with openssl.c

Closes #11886