curl-compilers.m4: use -O2 as default optimize for clang

Not -Os

Closes #9444

tool_operate: fix msnprintfing the error message

Follow-up to 7be53774c41c59b47075fba

Coverity CID 1513717 pointed out that we cannot use sizeof() on the
error buffer anymore.

tool_operate: fix msnprintfing the error message

Follow-up to 7be53774c41c59b47075fba

Coverity CID 1513717 pointed out that we cannot use sizeof() on the
error buffer anymore.

Closes #9440

show more ...

curl_ctype: add space around <= operator in ISSPACE macro

Follow-up to f65f750

Closes #9441

CURLOPT_PROXY_SSLCERT_BLOB.3: this is for HTTPS proxies

The 'protocols' listed were previously wrong.

Reported-by: ProceduralMan on github
Fixes #9434
Closes #9435

curl_ctype: convert to macros-only

This no longer provide functions, only macros. Runs faster and produces
smaller output.

The biggest precaution this change brings:

DO

curl_ctype: convert to macros-only

This no longer provide functions, only macros. Runs faster and produces
smaller output.

The biggest precaution this change brings:

DO NOT use post/pre-increments when passing arguments to the macros.

Closes #9429

show more ...

misc: ISSPACE() => ISBLANK()

Instances of ISSPACE() use that should rather use ISBLANK(). I think
somewhat carelessly used because it sounds as if it checks for space or
whitespace,

misc: ISSPACE() => ISBLANK()

Instances of ISSPACE() use that should rather use ISBLANK(). I think
somewhat carelessly used because it sounds as if it checks for space or
whitespace, but also includes %0a to %0d.

For parsing purposes, we should only accept what we must and not be
overly liberal. It leads to surprises and surprises lead to bad things.

Closes #9432

show more ...

ctype: remove all use of <ctype.h>, use our own versions

Except in the test servers.

Closes #9433

cmake: skip superfluous hex2dec conversion using math expr

CMake seems to be able to compare two hex values just fine.
Also make sure CURL_TARGET_WINDOWS_VERSION is respected.

A

cmake: skip superfluous hex2dec conversion using math expr

CMake seems to be able to compare two hex values just fine.
Also make sure CURL_TARGET_WINDOWS_VERSION is respected.

Assisted-by: Marcel Raad
Reviewed-by: Viktor Szakats
Reported-by: Keitagit-kun on github

Follow up to #9312
Fixes #9406
Closes #9411

show more ...

curl_easy_pause.3: unpausing is as fast as possible

Reported-by: ssdbest on github
Fixes #9410
Closes #9430

CURLOPT_DNS_INTERFACE.3: mention it works for almost all protocols

Except file.

Reported-by: ProceduralMan on github
Fixes #9427
Closes #9428

NPN: remove support for and use of

Next Protocol Negotiation is a TLS extension that was created and used
for agreeing to use the SPDY protocol (the precursor to HTTP/2) for
HTTPS. I

NPN: remove support for and use of

Next Protocol Negotiation is a TLS extension that was created and used
for agreeing to use the SPDY protocol (the precursor to HTTP/2) for
HTTPS. In the early days of HTTP/2, before the spec was finalized and
shipped, the protocol could be enabled using this extension with some
servers.

curl supports the NPN extension with some TLS backends since then, with
a command line option `--npn` and in libcurl with
`CURLOPT_SSL_ENABLE_NPN`.

HTTP/2 proper is made to use the ALPN (Application-Layer Protocol
Negotiation) extension and the NPN extension has no purposes
anymore. The HTTP/2 spec was published in May 2015.

Today, use of NPN in the wild should be extremely rare and most likely
totally extinct. Chrome removed NPN support in Chrome 51, shipped in
June 2016. Removed in Firefox 53, April 2017.

Closes #9307

show more ...

RELEASE-NOTES: synced

and bump the tentative next release version to 7.85.1

configure: fail if '--without-ssl' + explicit parameter for an ssl lib

A side effect of a previous change to configure (576e507c78bdd2ec88)
exposed a non-critical issue that can happen i

configure: fail if '--without-ssl' + explicit parameter for an ssl lib

A side effect of a previous change to configure (576e507c78bdd2ec88)
exposed a non-critical issue that can happen if configure is called with
both '--without-ssl' and some parameter setting the use of a ssl library
(e.g. --with-gnutls). The configure script would end up assuming this is
a MultiSSL build, due to the way the case statement is written.

I have changed the order of the variables in the string concatenation
for the case statement and also tweaked the options so that
--without-ssl never turns the build into a MultiSSL one and also clearly
stating that there are conflicting parameters if the user sets it like
described above.

Closes #9414

show more ...

tests/certs/scripts: insert standard curl source headers

... including the SPDX-License-Identifier.

These omissions were not detected by the RUEUSE CI job nor the copyright.pl
s

tests/certs/scripts: insert standard curl source headers

... including the SPDX-License-Identifier.

These omissions were not detected by the RUEUSE CI job nor the copyright.pl
scanners because we have a general wildcard in .reuse/dep5 for
"tests/certs/*".

Reported-by: Samuel Henrique
Fixes #9417
Closes #9420

show more ...

docs: remove mentions of deprecated '--without-openssl' config parameter

Closes #9415

manpages: Fix spelling of "allows to" -> "allows one to"

References:
https://salsa.debian.org/lintian/lintian/-/blob/master/tags/t/typo-in-manual-page.tag
https://english.stackexc

manpages: Fix spelling of "allows to" -> "allows one to"

References:
https://salsa.debian.org/lintian/lintian/-/blob/master/tags/t/typo-in-manual-page.tag
https://english.stackexchange.com/questions/60271/grammatical-complements-for-allow/60285#60285

Closes #9419

show more ...

CURLOPT_WILDCARDMATCH.3: Fix backslash escaping under single quotes

Lintian (on Debian) has been complaining about this for a while but
I didn't bother initially as the groff parser th

CURLOPT_WILDCARDMATCH.3: Fix backslash escaping under single quotes

Lintian (on Debian) has been complaining about this for a while but
I didn't bother initially as the groff parser that we use is not
affected by this.

But I have now noticed that the online manpage is affected by it:
https://curl.se/libcurl/c/CURLOPT_WILDCARDMATCH.html

(I'm using double quotes for quoting-only down below)

The section that should be parsed as "'\'" ends up being parsed as
"'´".

This is due to roffit not parsing "'\\'" correctly, which is fine
as the "correct" way of writing "'\'" is "'\e'" instead.

Note that this fix is not enough to fix the online manpage at
curl's website, as roffit seems to parse it wrongly either way.

My intent is to at least fix the manpage so that roffit can
be changed to parse "'\e'" correctly (although I suggest making
roffit parse both ways correctly, since that's what groff does).

More details at:
https://bugs.debian.org/966803
https://salsa.debian.org/lintian/lintian/-/blob/930b18e4b28b7540253f458ef42a884cca7965c3/tags/a/acute-accent-in-manual-page.tag

Closes #9418

show more ...

tool_operate: reduce errorbuffer allocs

- parallel transfers: only alloc and keep errorbuffers in memory for
actual "live" transfers and not for the ones in the pending queue

tool_operate: reduce errorbuffer allocs

- parallel transfers: only alloc and keep errorbuffers in memory for
actual "live" transfers and not for the ones in the pending queue

- serial transfers: reuse the same fixed buffer for all transfers, not
allocated at all.

Closes #9394

show more ...

misc: spelling fixes

Found using codespell 2.2.1.

Also delete the redundant protocol designator from an archive.org URL.

Reviewed-by: Daniel Stenberg
Closes #9403

tool_progress: remove 'Qd' from the parallel progress bar

The "queued" value is no longer showing anything useful to the user. It
is an internal number of transfers waiting at that momen

tool_progress: remove 'Qd' from the parallel progress bar

The "queued" value is no longer showing anything useful to the user. It
is an internal number of transfers waiting at that moment.

Closes #9389

show more ...

tool_operate: prevent over-queuing in parallel mode

When doing a huge amount of parallel transfers, we must not add them to
the per_transfer list frivolously since they all use memory af

tool_operate: prevent over-queuing in parallel mode

When doing a huge amount of parallel transfers, we must not add them to
the per_transfer list frivolously since they all use memory after all.
This was previous done without really considering millions or billions
of transfers. Massive parallelism would use a lot of memory for no good
purpose.

The queue is now limited to twice the paralleism number.

This makes the 'Qd' value in the parallel progress meter mostly useless
for users, but works for now for us as a debug display.

Reported-by: justchen1369 on github
Fixes #8933
Closes #9389

show more ...

cmake: fix original MinGW builds

1. Re-enable `HAVE_GETADDRINFO` detection on Windows

Commit d08ee3c83d6bd416aef62ff844c98e47c4682429 (in 2013) added logic
that automatica

cmake: fix original MinGW builds

1. Re-enable `HAVE_GETADDRINFO` detection on Windows

Commit d08ee3c83d6bd416aef62ff844c98e47c4682429 (in 2013) added logic
that automatically assumed `getaddrinfo()` to be present for builds
with IPv6 enabled. As it turns out, certain toolchains (e.g. original
MinGW) by default target older Windows versions, and thus do not
support `getaddrinfo()` out of the box. The issue was masked for
a while by CMake builds forcing a newer Windows version, but that
logic got deleted in commit 8ba22ffb2030ed91312fc8634e29516cdf0a9761.
Since then, some CI builds started failing due to IPv6 enabled,
`HAVE_GETADDRINFO` set, but `getaddrinfo()` in fact missing.

It also turns out that IPv6 works without `getaddrinfo()` since commit
67a08dca27a6a07b36c7f97252e284ca957ff1a5 (from 2019, via #4662). So,
to resolve all this, we can now revert the initial commit, thus
restoring `getaddrinfo()` detection and support IPv6 regardless of its
outcome.

Reported-by: Daniel Stenberg

2. Omit `bcrypt` with original MinGW

Original (aka legacy/old) MinGW versions do not support `bcrypt`
(introduced with Vista). We already have logic to handle that in
`lib/rand.c` and autotools builds, where we do not call the
unsupported API and do not link `bcrypt`, respectively, when using
original MinGW.

This patch ports that logic to CMake, fixing the link error:
`c:/mingw/bin/../lib/gcc/mingw32/9.2.0/../../../../mingw32/bin/ld.exe: cannot find -lbcrypt`

Ref: https://ci.appveyor.com/project/curlorg/curl/builds/44624888/job/40vle84cn4vle7s0#L508
Regression since 76172511e7adcf720f4c77bd91f49278300ec97e

Fixes #9214
Fixes #9393
Fixes #9395
Closes #9396

show more ...

RELEASE-NOTES: synced

curl 7.85.0 release

THANKS: add contributors from the 7.85.0 release

getparam: correctly clean args

Follow-up to bf7e887b2442783ab52

The previous fix for #9128 was incomplete and caused #9397.

Fixes #9397
Closes #9399