http2: fix EOF handling on uploads with auth negotiation

- doing a POST with `--digest` does an override on the initial request
with `Content-Length: 0`, but the http2 filter was unawa

http2: fix EOF handling on uploads with auth negotiation

- doing a POST with `--digest` does an override on the initial request
with `Content-Length: 0`, but the http2 filter was unaware of that
and expected the originally request body. It did therefore not
send a final DATA frame with EOF flag to the server.
- The fix overrides any initial notion of post size when the `done_send`
event is triggered by the transfer loop, leading to the EOF that
is necessary.
- refs #11194. The fault did not happen in testing, as Apache httpd
never tries to read the request body of the initial request,
sends the 401 reply and closes the stream. The server used in the
reported issue however tried to read the EOF and timed out on the
request.

Reported-by: Aleksander Mazur
Fixes #11194
Cloes #11200

show more ...

RELEASE-NOTES: synced

bump to 8.2.0

lib: remove unused functions, make single-use static

Closes #11174

scripts/singleuse.pl: add more API calls

configure: quote the assignments for run-compiler

Building for multilib failed, as the compiler command contains an
extra argument. That needs quoting.

Regression from b78ca50cb

configure: quote the assignments for run-compiler

Building for multilib failed, as the compiler command contains an
extra argument. That needs quoting.

Regression from b78ca50cb3dda361f9c1

Fixes #11179
Closes #11180

show more ...

misc: fix spelling mistakes

Reported-by: musvaage on github
Fixes #11171
Closes #11172

RELEASE-NOTES: synced

curl 8.1.1

THANKS: contributors from the 8.1.1 release

docs: fix fuzzing documentation link

Follow-up to 4c712a1b

CI: add an Alpine build with MUSL

MUSL is another libc implementation which has its own unique issues
worth testing.

Ref: #11140
Closes #11178

runtests: add a missing \n at the end of a log message

SECURITY-PROCESS.md: link security advisory doc and fix typo

Closes #11177

TODO: build curl with Windows Unicode support

Closes #7229

KNOWN_BUGS: hyper memory-leaks

Closes #10803

http/2: unstick uploads

- refs #11157 and #11175 where uploads get stuck or lead to RST streams
- fixes our h2 send behaviour to continue sending in the nghttp2 session
as long as

http/2: unstick uploads

- refs #11157 and #11175 where uploads get stuck or lead to RST streams
- fixes our h2 send behaviour to continue sending in the nghttp2 session
as long as it wants to. This will empty our send buffer as long as
the remote stream/connection window allows.
- in case the window is exhausted, the data remaining in the send buffer
will wait for a WINDOW_UPDATE from the server. Which is a socket event
that engages our transfer loop again
- the problem in the issue was that we did not exhaust the window, but
left data in the sendbuffer and no further socket events did happen.
The server was just waiting for us to send more.
- relatedly, there was an issue fixed that closing a stream with KEEP_HOLD
set kept the transfer from shutting down - as it should have - leading
to a timeout.

Closes #11176

show more ...

workflows/macos: add a job using gcc + debug + secure transport

lib: fix conversion warnings with gcc on macOS

sectransp.c: make the code c89 compatible

Follow-up to dd2bb485521c2ec713001b3a

Reported-by: FeignClaims on github
Fixes #11155
Closes #11159

Revert "urlapi: respect CURLU_ALLOW_SPACE and CURLU_NO_AUTHORITY for redirects"

This reverts commit df6c2f7b544f1f35f2a3e0be11f345affeb6fe9c.
(It only keep the test case that checks redi

Revert "urlapi: respect CURLU_ALLOW_SPACE and CURLU_NO_AUTHORITY for redirects"

This reverts commit df6c2f7b544f1f35f2a3e0be11f345affeb6fe9c.
(It only keep the test case that checks redirection to an absolute URL
without hostname and CURLU_NO_AUTHORITY).

I originally wanted to make CURLU_ALLOW_SPACE accept spaces in the
hostname only because I thought
curl_url_set(CURLUPART_URL, CURLU_ALLOW_SPACE) was already accepting
them, and they were only not being accepted in the hostname when
curl_url_set(CURLUPART_URL) was used for a redirection.

That is not actually the case, urlapi never accepted hostnames with
spaces, and a hostname with a space in it never makes sense.
I probably misread the output of my original test when I they were
normally accepted when using CURLU_ALLOW_SPACE, and not redirecting.

Some other URL parsers seems to allow space in the host part of the URL,
e.g. both python3's urllib.parse module, and Chromium's javascript URL
object allow spaces (chromium percent escapes the spaces with %20),
(they also both ignore TABs, and other whitespace characters), but those
URLs with spaces in the hostname are useless, neither python3's requests
module nor Chromium's window.location can actually use them.

There is no reason to add support for URLs with spaces in the host,
since it was not a inconsistency bug; let's revert that patch before it
makes it into release. Sorry about that.

I also reverted the extra check for CURLU_NO_AUTHORITY since that does
not seem to be necessary, CURLU_NO_AUTHORITY already worked for
redirects.

Closes #11169

show more ...

runtests: use the correct fd after select

The code was using the wrong fd when determining which runner was ready
with a response.

Ref: #10818
Closes #11160

test425: fix the log directory for the upload

This must be %LOGDIR to let it work with parallel tests.

Ref: #10969

runtests: handle interrupted reads from IPC pipes

These can be interrupted by signals, especially SIGINT to shut down, and
must be restarted so the IPC call arrives correctly. If the rea

runtests: handle interrupted reads from IPC pipes

These can be interrupted by signals, especially SIGINT to shut down, and
must be restarted so the IPC call arrives correctly. If the read just
returns an error instead, the IPC calling state will go out of sync and
a proper shutdown won't happen.

Ref: #10818

show more ...

http2: upload improvements

Make send buffer smaller to have progress and "upload done" reporting
closer to reality. Fix handling of send "drain" condition to no longer
trigger once t

http2: upload improvements

Make send buffer smaller to have progress and "upload done" reporting
closer to reality. Fix handling of send "drain" condition to no longer
trigger once the transfer loop reports it is done sending. Also do not
trigger the send "drain" on RST streams.

Background:
- a upload stall was reported in #11157 that timed out
- test_07_33a reproduces a problem with such a stall if the
server 404s the request and RSTs the stream.
- test_07_33b verifies a successful PUT, using the parameters
from #11157 and checks success

Ref: #11157
Closes #11165

show more ...

http2: increase stream window size to 10 MB

Reported-by: pandada8 on github

Fixes #11162
Closes #11167

lib: rename struct 'http_req' to 'httpreq'

Because FreeBSD 14 kidnapped the name.
Ref: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271526

Fixes #11163
Closes #11164