- Instead of saying "do not use", explain that the function was
deprecated for performance reasons.
Some users may have a legitimate use of this function even though we
deprecated it. Since there are no plans to remove it from the API get
rid of the "do not use" warning.
Bug: https://curl.se/mail/lib-2024-11/0029.html
Reported-by: Jacob Champion
Closes https://github.com/curl/curl/pull/15576
curl offers a `--user-agent` option for modifying the `User-Agent`
header supplied in its requests.
The man page section for this option explains how to use the
`--user-agent` option, but does not explain which `User-Agent` curl uses
by default.
By default, curl uses curl/VERSION, such as `User-Agent: curl/8.11.0`.
Note that this appears to be different from the libcurl default (no
User-Agent header).
This commit documents the default `User-Agent` in the man page section
for the `--user-agent` option, as well as on the "Art of Scripting"
page.
The `%VERSION` placeholder will be used to insert the current version
as described in the man page generator docs.
Closes#15608
- make sure that a match that returns a username also returns a
password, that should be blank if no password is found
- fix handling of multiple logins for same host where the password/login
order might be reversed.
- reject credentials provided in the .netrc if they contain ASCII control
codes - if the used protocol does not support such (like HTTP and WS do)
Reported-by: Harry Sintonen
Add test 478, 479 and 480 to verify. Updated unit 1304.
Closes#15586
- fix socket/sockindex confusion on writes:
The callstack used to end with `Curl_write_plain()` accepting a socket
till 7.87.0. This call got swapped for `Curl_conn_send()`, expecting
a sockindex. `socket_write()` was updated accordingly. Its callers
missed it and continued operating on sockets: `do_sec_send()`,
`sec_write()`, passing it down the stack and `Curl_conn_send()`
resolving it as if it were a sockindex.
It affected FTP Kerberos authentication.
Discovered through MSVC warnings:
```
curl\lib\krb5.c(652,28): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
curl\lib\krb5.c(654,28): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
curl\lib\krb5.c(656,26): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
curl\lib\krb5.c(657,26): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
curl\lib\krb5.c(665,24): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
curl\lib\krb5.c(666,24): warning C4244: 'function': conversion from 'curl_socket_t' to 'int', possible loss of data
```
Ref: https://github.com/curl/curl/actions/runs/11846599621/job/33014592805#step:9:32
Follow-up to 5651a36d1ae46db61a31771a8d4d6dcf2a510856 #10280
Bug: https://github.com/curl/curl/pull/15549#issuecomment-2474154067Fixes#15582
- fix uninitialized buffer:
```
curl\lib\krb5.c(288,1): warning C4701: potentially uninitialized local variable '_gssresp' used
```
Ref: https://github.com/curl/curl/actions/runs/11848626645/job/33020501026?pr=15585#step:9:31
- silence unreachable code compiler warning:
```
curl\lib\krb5.c(370,1): warning C4702: unreachable code
```
Ref: https://github.com/curl/curl/actions/runs/11848626645/job/33020501026?pr=15585#step:9:30Closes#15585
Fixing issue #15580 by renaming struct var to tool_var to avoid conflict
with the same structure name defined in AIX system headers.
Fixes#15580Closes#15581
This feature was recently dropped because of a bad side-effect of
silencing unused cmake command-line option warnings.
Fix this issue by retrieving variable values using `get_property()`,
instead of accessing the variables directly. It allows restoring
this feature without the bad side-effect.
Also limit the logic to CI runs.
Follow-up to 96edb5f611c9e54da1ae824d9dc0e219619c24c0 #15501Closes#15563
The idea of linking dependencies found to `libcurl.pc` turns out not
to work in practice in some cases.
Specifically: gss, ldap, mbedtls, libmsh3, rustls
A `.pc` may not work or be missing for a couple of reasons:
- not all build methods generate it: mbedTLS, Rustls
- generated file is broken: msh3
Ref: https://github.com/nibanks/msh3/pull/225
- installed package flavour isn't shipping with one:
FreeBSD GSS, OmniOS LDAP, macOS LDAP
The effect of such issues shall be subtle in theory, because
`libcurl.pc` normally lists these dependencies in the `Requires.private`
section meant for static linking. But, e.g. `pkg-config --exists`
requires these to be present, and builds sometimes use this check
regardless of build type. This bug is not present in `pkgconf`; it only
checks for them when `--static` is also passed.
Fix these by adding affected `.pc` references to `libcurl.pc` only when
we detected the dependency via `pkg-config`.
There are a few side-effects of this solution:
- references are never added for dependencies where curl doesn't
implement `pkg-config` detection. These are:
- autotools: ldap, mbedtls, msh3
- cmake: ldap (pending #15273)
- generated `libcurl.pc` depends on the build-time environment.
- generated `libcurl.pc` depends on curl build tool (cmake, autotools).
- generated `libcurl.pc` depends on curl build implementation details.
Make an exception for GNU GSS, where I blindly guess that `gss.pc` is
always available, as no issues were reported.
Other, not mentioned, dependencies continue to be added regardless
of the detection method.
Reported-by: Harmen Stoppels, Thomas, Daniel Engberg, Andy Fiddaman
Fixes#15469Fixes#15507Fixes#15535
Fixes https://github.com/curl/curl/pull/15163#issuecomment-2473358444Closes#15573
- stop passing explicit libpaths via `CMAKE_SHARED_LINKER_FLAGS` and
`CMAKE_EXE_LINKER_FLAGS`. `link_directories()` is doing that already.
- use `curl_required_libpaths()` to pass libpaths to the feature test.
Reported-by: Daniel Engberg
Fixes#15536
Also fixes GSS feature detection with non-gcc/clang compilers,
such as MSVC.
- add libpaths to `CURL_LIBPATHS`.
- move `GSS_CFLAGS`, `GSS_LDFLAGS` stringifications to FindGSS.
To match the `CFLAGS` format returned by the rest of Find modules.
- reorder calls to match other dependencies.
- don't extend system `LDFLAGS` when FindGSS did not return any.
- ignore `LDFLAGS` when detecting GSS via `pkg-config`. `LDFLAGS` holds
a copy of libpaths and libs in this case. Ignore those to avoid these
duplicates making into `libcurl.pc` and `curl-config`. Also syncing
behavior with other Find modules which also ignore raw `LDFLAGS`.
- ignore raw `LDFLAGS` coming from `krb5-config --libs`. FindGSS
no longer returns dependency-specific `LDFLAGS` after this. Syncing
behavior with other Find modules.
- reduce scope of checker state push/pop/set.
Closes#15545
krb5 defines `strtok_r` for Windows unconditionally in its public
header:
dc5554394e/src/include/win-mac.h (L214-L215)
resulting in this warning:
```
lib\strtok.h(31,9): warning C4005: 'strtok_r': macro redefinition
C:\vcpkg\installed\x64-windows\include\win-mac.h(215,9):
see previous definition of 'strtok_r'
```
The krb5 macro collides with curl's internal definition, in case
the `strtok_r` function is undetected and falling back to a local
replacement.
Reported-by: Tal Regev
Bug: https://github.com/curl/curl/pull/15549#issuecomment-2468251761Closes#15564
`libcurl.pc` `Libs.private` (since 8.11.0, and in `Libs` before 7.20.0)
and `curl-config` `--static-libs` (since 7.17.1, and in `Libs` between
7.7.2-7.25.0). This included all flags inherited from the environment,
in addition to those coming from dependency detections.
To avoid spilling all linker flags inherited from the environment to
the libcurl config files, this patch omits them all, except `-L`, `-F`,
`--library-path=` and `-framework` options, which are still passed.
The rationale for the exceptions is that `LIBS` is passed as-is, and
`LDFLAGS`, `LIBS` are the canonical way to pass custom libs options
to a build. `LIBS` may not work without a matching custom libpath.
This brings autotools behaviour closer to cmake, and `curl-config`
closer to `libcurl.pc`.
Follow-up to 9f56bb608ecfbb8978c6cb72a04d9e8b23162d82 #14681
Follow-up to 4c8adc8fee5e55754da3d8f8d982733a7bf3dece
Reported-by: Peter Marko
Fixes#15533Closes#15550
An upstream update `impacket` pip package started requiring `blinker`.
An older version is shipping with Ubuntu, causing this on install:
```
Attempting uninstall: blinker
Found existing installation: blinker 1.7.0
ERROR: Cannot uninstall blinker 1.7.0, RECORD file not found. Hint: The package was installed by debian.
```
Fix it by switching to venv and install everything separate from the
system.
The overhead is the same as using `pip --ignore-installed`, which also
installs everything from scratch.
The 3rd option is to uninstall the system `python3-blinker` package, but
it was the slowest.
Closes#15578
Homebrew switched to `pkgconf`, and now pkg-config installs an extra
package. Update package list to avoid that.
The side-effect of `pkgconf` is that this former log message:
```
-- Package 'libcrypto', required by 'libssh2', not found
```
https://github.com/curl/curl/actions/runs/11779568834/job/32808325442#step:7:84
is replaced by this, and repeated 10 times:
```
Package libcrypto was not found in the pkg-config search path.
Perhaps you should add the directory containing `libcrypto.pc'
to the PKG_CONFIG_PATH environment variable
Package 'libcrypto', required by 'libssh2', not found
```
https://github.com/curl/curl/actions/runs/11792711391/job/32846858320#step:7:85Closes#15575
Fix builds with CMake configured to falsely return successful detection
when using `check_function_exists()` (and `check_library_exists()`, and
anything based on `try_compile()` that's relying on the linker). After
such mis-detection the build fails when trying to use the feature that
doesn't in fact exist.
The mis-detection is caused by this CMake setting:
```
set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY)
```
It is set by default (or on conditions) when using 3rd-party toolchain:
https://github.com/leetal/ios-cmake/blob/master/ios.toolchain.cmake
After this patch the curl build overrides this setting for the duration
of feature tests, and logs a message about it.
Also preset and skip feature tests for known mis-detections:
- `connect()` in `libsocket`
- `getpass_r()`
- `eventfd()` (did not cause an issue due to a separate bug)
- `sendmmsg()` (did not cause an issue because it's Linux-only)
If mis-detections are still seen, the workaround is to force-set the
specific feature by passing `-DHAVE_*=OFF` to cmake.
Also consider passing `-DENABLE_STRICT_TRY_COMPILE=ON` for
`ios.toolchain.cmake` to fix the root cause.
Interestingly curl itself uses this setting to speed up compile-only
detections: be17f298ff508d62d493d4a8d43e56a1e2861a50 #3744
Also:
- OtherTests.cmake: restore original value of
`CMAKE_TRY_COMPILE_TARGET_TYPE`. Before this patch it reset it
to empty.
- OtherTests.cmake: unset a local variable after use, quote a string.
Follow-up to 8e345057761a8f796403923a96f2c8fd3edca647 #15164
Follow-up to 8b76a8aeb21c8ae2261147af1bddd0d4637c252c #15525
Ref: https://github.com/leetal/ios-cmake/issues/47
Ref: https://gitlab.kitware.com/cmake/cmake/-/issues/18121
Ref: https://cmake.org/cmake/help/latest/variable/CMAKE_TRY_COMPILE_TARGET_TYPE.html
Reported-by: Dan Rosser
Fixes#15557Closes#15559
Instead of installing the cmake package which is a meta-port (includes
documentation and manpages etc) install cmake-core which is cmake itself
to save a few cpu cycles.
Also drop nghttp2 in favour of the slimmer libnghttp2.
Closes#15540
The script's previous treatment of this meta-data was a
misunderstanding. (Added in 1ebc53df25181908) The mistrust is not for
the root cert at this date (it would simply be removed from the bundle
then instead) but for created server certificates:
If a builtin certificate has a CKA_NSS_SERVER_DISTRUST_AFTER
timestamp before the SCT or NotBefore date of a certificate that
builtin issued, then clients can elect not to trust it.
That is however information that cannot be provided in the generated PEM
output.
Fixes#15547
Reported-by: Andrew Ayer
Closes#15552
Different variable names were used in flag save and restore operations,
which could cause existing `CPPFLAGS` and `LDFLAGS` be accidentally lost
when detecting Rustls.
Follow-up to 647e86a3efe1eea7a2a456c009cfe1eb55fe48eb #13179Closes#15546
A recent update caused CMake builds to mis-detect this symbol on iOS.
Auto-detection also seems redundant given that it's a Windows-only
function and most Windows builds were already opted-in.
Drop detections and use it in all Windows builds with large file support
enabled.
Feature history:
- pririotizing for Windows: aaacd02466f77d03b8fdc19e91a0a3ec72f4c38a #14678
- Windows opt-in cmake: 8e74c0729d0cace00a202fc6c33c1b35703e220a #11950
- Windows opt-in: aa6c94c5bf4f5caa31c0213d9cd7058c29a9b30b #11944
- use in libcurl: 9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93 #11918
- use in example: 817d1c01064ac81e9609819b15738ee540ef056c
Regression from 8e345057761a8f796403923a96f2c8fd3edca647 #15164
Reported-by: Maarten Billemont
Fixes#15525Closes#15526
- gnutls/gnutls to v3.8.8
- rojopolis/spellcheck-github-actions digest to 403efe0
- awslabs/aws-lc to v1.38.0
- github/codeql-action digest to 4f3212b
Closes#15487Closes#15490Closes#15516Closes#15528
Provide libcurl's memory functions as callbacks to replace nghttp2's own memory
functions. This allows custom memory callbacks provided by users of libcurl to
be used by nghttp2 as well.
Closes#15527
Using this option (only available in debug builds) makes curl always
call curl_easy_duphandle() on the handle before using it.
To help us catch curl_easy_duphandle() mistakes better.
Add a CI job using this.
Bonus: the previous runtests option -e is now also supported as
--test-event
Closes#15504
Homebrew gcc 14.2.0_1 fixed the issue, and the workaround is no longer
needed. Not only not needed, but the workaround is breaking builds with
the fixed gcc.
Auto-detect the upstream fix and stop applying the local workaround if
detected.
Assisted-by: Bo Anderson
Ref: https://github.com/Homebrew/homebrew-core/issues/194778#issuecomment-2462764619
Follow-up to e91fcbac7d86292858718a0bfebad57978761af4 #14155Closes#15508
Collecting the args list has the undesired side-effect of silencing
CMake warnings about unused variables passed via the command-line.
Drop it till a better method is found to retrieve them.
Reported-by: Kai Pastor
Ref: https://github.com/curl/curl/pull/14936#issuecomment-2460350977
Follow-up to 1fdea1684602a1ae2870c67b5f3e8fd34f63da95 #14802Closes#15501
As discovered earlier, Homebrew gcc is built against a specific Apple
SDK version and doesn't work when matched up with a different version,
e.g. the one advertised as default by the macos runner image.
Before this patch this was resolved with brute force by zapping the
hack-layer gcc component to avoid the bad interference. This worked
for us, but it's fragile, accidental and doesn't translate to
real-world build environments. Thus, impractical.
Avoid this by explicitly selecting the SDK version gcc was built for and
meant to be used with, as shown by `gcc --print-sysroot`.
It assumes that the gcc binaries preinstalled on the runner images
always ship with the SDK version they reference. It also assumes
this works with and without `brew update`.
Also:
- add 4 quick build-only jobs to test all gcc/macos combos.
- list SDKs offered via CommandLineTools.
Suggested-by: Bo Anderson
Ref: https://github.com/Homebrew/homebrew-core/issues/194778#issuecomment-2462764619
Follow-up to c349bd668c91f2484ae21c0f361ddf497143093c #14097Closes#15518
