Revert "KNOWN_BUGS: build for iOS simulator on macOS 13.2 with Xcode 14"

This reverts commit 2e8a3d7cb73c85a9aa151e263315f8a496dbb9d4.

It's a user error for supplying incomplete inf

Revert "KNOWN_BUGS: build for iOS simulator on macOS 13.2 with Xcode 14"

This reverts commit 2e8a3d7cb73c85a9aa151e263315f8a496dbb9d4.

It's a user error for supplying incomplete information to the build system.

Reported-by: Ryan Schmidt
Ref: https://github.com/curl/curl/issues/11215#issuecomment-1658729367

show more ...

cmake: add support for single libcurl compilation pass

Before this patch CMake builds used two separate compilation passes to
build the shared and static libcurl respectively. This patch

cmake: add support for single libcurl compilation pass

Before this patch CMake builds used two separate compilation passes to
build the shared and static libcurl respectively. This patch allows to
reduce that to a single pass if the target platform and build settings
allow it.

This reduces CMake build times when building both static and shared
libcurl at the same time, making these dual builds an almost zero-cost
option.

Enable this feature for Windows builds, where the difference between the
two passes was the use of `__declspec(dllexport)` attribute for exported
API functions for the shared builds. This patch replaces this method
with the use of `libcurl.def` at DLL link time.

Also update `Makefile.mk` to use `libcurl.def` to export libcurl API
symbols on Windows. This simplifies (or fixes) this build method (e.g.
in curl-for-win, which generated a `libcurl.def` from `.h` files using
an elaborate set of transformations).

`libcurl.def` has the maintenance cost of keeping the list of public
libcurl API symbols up-to-date. This list seldom changes, so the cost
is low.

Closes #11546

show more ...

cmake: detect `SSL_set0_wbio` in OpenSSL

Present in OpenSSL 1.1.0 and BoringSSL.
Missing from LibreSSL 3.8.0.

Follow-up to f39472ea9f4f4e12cfbc0500c4580a8d52ce4a59

Whil

cmake: detect `SSL_set0_wbio` in OpenSSL

Present in OpenSSL 1.1.0 and BoringSSL.
Missing from LibreSSL 3.8.0.

Follow-up to f39472ea9f4f4e12cfbc0500c4580a8d52ce4a59

While here, also fix `RAND_egd()` detection which was broken, likely all
along. This feature is probably broken with CMake builds and also
requires a sufficiently obsolete OpenSSL version, so this part of the
update was not tested.

Closes #11555

show more ...

cmake: fixup H2 duplicate symbols for unity builds

Closes #11550

openssl: Support async cert verify callback

- Update the OpenSSL connect state machine to handle
SSL_ERROR_WANT_RETRY_VERIFY.

This allows libcurl users that are using custom c

openssl: Support async cert verify callback

- Update the OpenSSL connect state machine to handle
SSL_ERROR_WANT_RETRY_VERIFY.

This allows libcurl users that are using custom certificate validation
to suspend processing while waiting for external I/O during certificate
validation.

Closes https://github.com/curl/curl/pull/11499

show more ...

tool_cb_wrt: fix invalid unicode for windows console

- Suppress an incomplete UTF-8 sequence at the end of the buffer.

- Attempt to reconstruct incomplete UTF-8 sequence from prior

tool_cb_wrt: fix invalid unicode for windows console

- Suppress an incomplete UTF-8 sequence at the end of the buffer.

- Attempt to reconstruct incomplete UTF-8 sequence from prior call(s)
in current call.

Prior to this change, in Windows console UTF-8 sequences split between
two or more calls to the write callback would cause invalid "replacement
characters" U+FFFD to be printed instead of the actual Unicode
character. This is because in Windows only UTF-16 encoded characters are
printed to the console, therefore we convert the UTF-8 contents to
UTF-16, which cannot be done with partial UTF-8 sequences.

Reported-by: Maksim Arhipov

Fixes https://github.com/curl/curl/issues/9841
Closes https://github.com/curl/curl/pull/10890

show more ...

sectransp: prevent CFRelease() of NULL

When SecCertificateCopyCommonName() returns NULL, the common_name
pointer remains set to NULL which apparently when calling CFRelease() on
(som

sectransp: prevent CFRelease() of NULL

When SecCertificateCopyCommonName() returns NULL, the common_name
pointer remains set to NULL which apparently when calling CFRelease() on
(sometimes?) crashes.

Reported-by: Guillaume Algis
Fixes #9194
Closes #11554

show more ...

vtls: clarify "ALPN: offers" message

Before:
* ALPN: offers h2,http/1.1

After:
* ALPN: curl offers h2,http/1.1

Bug: https://curl.se/mail/lib-2023-07/0041.html
R

vtls: clarify "ALPN: offers" message

Before:
* ALPN: offers h2,http/1.1

After:
* ALPN: curl offers h2,http/1.1

Bug: https://curl.se/mail/lib-2023-07/0041.html
Reported-by: Richard W.M. Jones
Closes #11544

show more ...

urlapi: make sure zoneid is also duplicated in curl_url_dup

Add several curl_url_dup() tests to the general lib1560 test.

Reported-by: Rutger Broekhoff
Bug: https://curl.se/mail

urlapi: make sure zoneid is also duplicated in curl_url_dup

Add several curl_url_dup() tests to the general lib1560 test.

Reported-by: Rutger Broekhoff
Bug: https://curl.se/mail/lib-2023-07/0047.html
Closes #11549

show more ...

urlapi: fix heap buffer overflow

`u->path = Curl_memdup(path, pathlen + 1);` accesses bytes after the null-terminator.

```
==2676==ERROR: AddressSanitizer: heap-buffer-overflow

urlapi: fix heap buffer overflow

`u->path = Curl_memdup(path, pathlen + 1);` accesses bytes after the null-terminator.

```
==2676==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x04d48c75 at pc 0x0112708a bp 0x006fb7e0 sp 0x006fb3c4
READ of size 78 at 0x04d48c75 thread T0
#0 0x1127089 in __asan_wrap_memcpy D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\sanitizer_common\sanitizer_common_interceptors.inc:840
#1 0x1891a0e in Curl_memdup C:\actions-runner\_work\client\client\third_party\curl\lib\strdup.c:97
#2 0x18db4b0 in parseurl C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1297
#3 0x18db819 in parseurl_and_replace C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1342
#4 0x18d6e39 in curl_url_set C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1790
#5 0x1877d3e in parseurlandfillconn C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:1768
#6 0x1871acf in create_conn C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:3403
#7 0x186d8dc in Curl_connect C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:3888
#8 0x1856b78 in multi_runsingle C:\actions-runner\_work\client\client\third_party\curl\lib\multi.c:1982
#9 0x18531e3 in curl_multi_perform C:\actions-runner\_work\client\client\third_party\curl\lib\multi.c:2756
```

Closes #11560

show more ...

curl: make %output{} in -w specify a file to write to

It can be used multiple times. Use %output{>>name} to append.

Add docs. Test 990 and 991 verify.

Idea: #11400
Sugg

curl: make %output{} in -w specify a file to write to

It can be used multiple times. Use %output{>>name} to append.

Add docs. Test 990 and 991 verify.

Idea: #11400
Suggested-by: ed0d2b2ce19451f2
Closes #11416

show more ...

RELEASE-NOTES: synced

tool: add "variable" support

Add support for command line variables. Set variables with --variable
name=content or --variable name@file (where "file" can be stdin if set
to a single

tool: add "variable" support

Add support for command line variables. Set variables with --variable
name=content or --variable name@file (where "file" can be stdin if set
to a single dash (-)).

Variable content is expanded in option parameters using "{{name}}"
(without the quotes) if the option name is prefixed with
"--expand-". This gets the contents of the variable "name" inserted, or
a blank if the name does not exist as a variable. Insert "{{" verbatim
in the string by prefixing it with a backslash, like "\\{{".

Import an environment variable with --variable %name. It makes curl exit
with an error if the environment variable is not set. It can also rather
get a default value if the variable does not exist, using =content or
@file like shown above.

Example: get the USER environment variable into the URL:

--variable %USER
--expand-url = "https://example.com/api/{{USER}}/method"

When expanding variables, curl supports a set of functions that can make
the variable contents more convenient to use. It can trim leading and
trailing white space with "trim", output the contents as a JSON quoted
string with "json", URL encode it with "url" and base 64 encode it with
"b64". To apply functions to a variable expansion, add them colon
separated to the right side of the variable. They are then performed in
a left to right order.

Example: get the contents of a file called $HOME/.secret into a variable
called "fix". Make sure that the content is trimmed and percent-encoded
sent as POST data:

--variable %HOME=/home/default
--expand-variable fix@{{HOME}}/.secret
--expand-data "{{fix:trim:url}}"
https://example.com/

Documented. Many new test cases.

Co-brainstormed-by: Emanuele Torre
Assisted-by: Jat Satiro
Closes #11346

show more ...

KNOWN_BUGS: cygwin: make install installs curl-config.1 twice

Closes #8839

KNOWN_BUGS: build for iOS simulator on macOS 13.2 with Xcode 14

Closes #11215

KNOWN_BUGS: cmake outputs: no version information available

Closes #11158

KNOWN_BUGS: APOP authentication fails on POP3

Closes #10073

KNOWN_BUGS: hyper is slow

Closes #11203

configure, cmake, lib: more form api deprecation

Introduce a --enable-form-api configure option to control its inclusion
in builds. The condition name defined for it is CURL_DISABLE_FORM

configure, cmake, lib: more form api deprecation

Introduce a --enable-form-api configure option to control its inclusion
in builds. The condition name defined for it is CURL_DISABLE_FORM_API.

Form api code is dependent of MIME: configure and CMake handle this
dependency automatically: CMake by making it a dependent option
explicitly, configure by inheriting the MIME value by default and
rejecting explicit incompatible values.

"form-api" is now a new hidden test feature.

Update libcurl modules to respect this option and adjust tests
accordingly.

Closes #9621

show more ...

mailmap: add Derzsi Dániel

wolfssl: support loading system CA certificates

Closes #11452

nss: delete more NSS references

Fix the distcheck CI failure and delete more NSS references.

Follow-up to 7c8bae0d9c9b2dfeeb008b9a316117d7b9675175

Reviewed-by: Marcel Raad

nss: delete more NSS references

Fix the distcheck CI failure and delete more NSS references.

Follow-up to 7c8bae0d9c9b2dfeeb008b9a316117d7b9675175

Reviewed-by: Marcel Raad
Reviewed-by: Daniel Stenberg
Closes #11548

show more ...

nss: remove support for this TLS library

Closes #11459

macOS: fix target detection more

Now SCDynamicStoreCopyProxies is called (and the required frameworks are
linked in) on all versions of macOS and only on macOS. Fixes crash due
to un

macOS: fix target detection more

Now SCDynamicStoreCopyProxies is called (and the required frameworks are
linked in) on all versions of macOS and only on macOS. Fixes crash due
to undefined symbol when built with the macOS 10.11 SDK or earlier.

CURL_OSX_CALL_COPYPROXIES is renamed to CURL_MACOS_CALL_COPYPROXIES and
is now only defined when SCDynamicStoreCopyProxies will actually be
called. Previously, it was defined when ENABLE_IPV6 was not defined but
SCDynamicStoreCopyProxies is not called in that case.

TARGET_OS_OSX is only defined in the macOS 10.12 SDK and later and only
when dynamic targets are enabled. TARGET_OS_MAC is always defined but
means any Mac OS or derivative including macOS, iOS, tvOS, and watchOS.
TARGET_OS_IPHONE means any Darwin OS other than macOS.

Follow-up to c73b2f82

Fixes #11502
Closes #11516

show more ...

tool_operate: allow SSL_CERT_FILE and SSL_CERT_DIR

... used at once.

Reported-by: Gabriel Corona
Fixes #11325
Closes #11531