                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 8.0.1 (20 Mar 2023)

Daniel Stenberg (20 Mar 2023)

- RELEASE-NOTES: synced

  curl 8.0.1

- Revert "multi: remove PENDING + MSGSENT handles from the main linked list"

  This reverts commit f6d6f3ce01e377932f1ce7c24ee34d45a36950b8.

  The commits caused issues in the 8.0.0 release. Needs a retake.

  Reported-by: Kamil Dudka
  Closes #10795

- include/curl/curlver.h: bump to 8.0.1

Version 8.0.0 (20 Mar 2023)

Daniel Stenberg (20 Mar 2023)

- RELEASE-NOTES: synced

  The curl 8.0.0 release

- THANKS: from the 8.0.0 release

- scripts/delta: fix "ambiguous argument" when used in branches

- SECURITY-PROCESS.md: Busy-loops are not security problems

  Closes #10790

Stefan Eissing (17 Mar 2023)

- tests/http: do not save files for downloads in scorecard testing

  Closes #10788

Daniel Stenberg (17 Mar 2023)

- cf-socket: use port 80 when resolving name for local bind

  It turns out c-ares returns an error when asked to resolve a host name with
  ares_getaddrinfo using port number 0.

  Reported as a c-ares bug here: https://github.com/c-ares/c-ares/issues/517

  The work-around is to simply use port 80 instead, as the number typically doe
  s
  not make a difference and a non-zero number works for c-ares.

  Fixes #10759
  Reported-by: Matt Jolly
  Closes #10789

- curl.h: require gcc 12.1 for the deprecation magic

  Reported-by: kchow-FTNT on github
  Fixes #10726
  Closes #10784

- Revert "rtsp: use dynbuf instead of custom reallocs"

  This reverts commit 1b9ea3239d22147e00d8 because of OSS-fuzz reports.
  I'll do another take after the pending release.

  Closes #10785

- test422: verify --next used without a prior URL

  Closes #10782

- tool_getparam: error if --next is used without a prior URL

  Reported-by: 積丹尼 Dan Jacobson
  Ref: https://github.com/curl/curl/pull/10769#discussion_r1137895629

  Closes #10782

- libssh: use dynbuf instead of realloc

  When building lines to show for SFTP directory listings.

  Closes #10778

- lib2305: deal with CURLE_AGAIN

  The test does a slightly ugly busy-loop for this case but should be
  managable due to it likely being a very short moment.

  Mention CURLE_AGAIN in curl_ws_recv.3

  Fixes #10760
  Reported-by: Jay Satiro
  Closes #10781

- rtsp: use dynbuf instead of custom reallocs

  For the RTP buffering.

  Closes #10776

- libssh2: remove unused variable from libssh2's struct

  Closes #10777

- RELEASE-NOTES: synced

- multi: remove PENDING + MSGSENT handles from the main linked list

  As they are not driving transfers or any socket activity, the main loop
  does not need to iterate over these handles. A performance improvement.

  They are instead only held in their own separate lists.

  Assisted-by: Stefan Eissing
  Ref: #10743
  Closes #10762

- multi: turn link/unlinking easy handles into dedicated functions

- http_aws_sigv4: fix scan-build "value stored to 'ret' is never read"

  Follow-up to 495d09810aa9a

  Closes #10766

- lib: skip Curl_llist_destroy calls

  Linked lists themselves do not carry any allocations, so for the lists
  that do not have have a set destructor we can just skip the
  Curl_llist_destroy() call and save CPU time.

  Closes #10764

- lib643: LIB644 is never defined, this is dead code

  Closes #10765

- libtest/Makefile.inc: remove superfluous variables

  Rely on the defaults when possible.

  Closes #10765

- tests/http: remove year ranges from copyrights

  Closes #10763

Casey Bodley (14 Mar 2023)

- aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3

  all s3 requests default to UNSIGNED-PAYLOAD and add the required
  x-amz-content-sha256 header. this allows CURLAUTH_AWS_SIGV4 to correctly
  sign s3 requests to amazon with no additional configuration

  Signed-off-by: Casey Bodley <cbodley@redhat.com>

  Closes #9995

Viktor Szakats (14 Mar 2023)

- wolfssl: add quic/ngtcp2 detection in cmake, and fix builds

  - add QUIC/ngtcp2 detection in CMake with wolfSSL.

    Because wolfSSL uses zlib if available, move compression detection
    before TLS detection. (OpenSSL might also need this in the future.)

  - wolfSSL 5.5.0 started using C99 types in its `quic.h` header, but it
    doesn't #include the necessary C99 header itself, breaking builds
    (unless another dependency pulled it by chance.) Add local workaround
    for it. For this to work with all build tools, we had to fix our
    header detection first. Ref: #10745

    Ref: https://github.com/curl/curl-for-win/commit/6ad5f6ecc15620c15625fc4434
  76b3a1ecef4f3f

  Closes #10739

Stefan Eissing (14 Mar 2023)

- secure-transport: fix recv return code handling

  Return code handling of recv calls were not always correct when an error
  occured or the connection was closed.

  Closes #10717

- http2: Use KEEP_SEND_HOLD for flow control in HTTP/2

  - use the defined, but so far not used, KEEP_SEND_HOLD bit for flow
    control based suspend of sending in transfers.

  Prior to this change KEEP_SEND_PAUSE bit was used instead, but that can
  interfere with pausing streams from the user side via curl_easy_pause.

  Fixes https://github.com/curl/curl/issues/10751
  Closes https://github.com/curl/curl/pull/10753

Dan Fandrich (13 Mar 2023)

- tests: fix control code that hid some text in runtests.1

- tests: sync option lists in runtests.pl & its man page

Daniel Stenberg (13 Mar 2023)

- multi: make multi_perform ignore/unignore signals less often

  For improved performance

  Reported-by: Jerome St-Louis
  Ref: #10743
  Closes #10750

Viktor Szakats (13 Mar 2023)

- cmake: delete unused HAVE__STRTOI64

  Also delete obsolete surrounding comments.

  Reviewed-by: Daniel Stenberg
  Closes #10756

- CI: fix copyright header

  Follow-up to 395b9175b7422d699fa93643973295c106cdf147

Daniel Stenberg (13 Mar 2023)

- RELEASE-PROCEDURE.md: update coming release dates

Stefan Eissing (13 Mar 2023)

- tests/http: add pytest to GHA and improve tests

  - added to: ngtcp2-quictls, ngtcp2-gnutls and the linux varians
    quiche, bearssl, libressl, mbedtls, openssl3, rustls
  - added disabled in ngtcp2-wolfssl due to weird SSL_connect() errors
    not reproducable locally

  Improvements on pytest:

  -  handling of systems with nghttpx in $PATH
     - configure will seach $PATH got nghttpx used in pytest
     - pytest fixes for managing nghttpx without h3 support
     - ngtcp2-wolfssl: use a fully enabled wolfssl build

  - lower parallel count for http/1.1 tests, since we do not
     want to test excessive connections.
  - check built curl for HTTPS-proxy support in proxy tests
  - bearssl does not like one of our critical cert extensions, making
    it non-critical now
  - bearssl is too slow for test_12, skipping
  - making sure we do h3 tests only when curl and server support is there

  Closes #10699

Marcel Raad (13 Mar 2023)

- tool_operate: silence unused parameter warning

  `global` is only used in the `my_setopt` macro version without
  `CURL_DISABLE_LIBCURL_OPTION` since commit 4774decf10a.

  Closes https://github.com/curl/curl/pull/10752

Viktor Szakats (13 Mar 2023)

- build: fix stdint/inttypes detection with non-autotools

  Fix `stdint.h` and `inttypes.h` detection with non-autotools builds on
  Windows. (autotools already auto-detected them accurately.)

  `lib/config-win32.h` builds (e.g. `Makefile.mk`):
  - set `HAVE_STDINT_H` where supported.
  - set `HAVE_INTTYPES_H` for MinGW.

  CMake:
  - auto-detect them on Windows. (They were both force-disabled.)
  - delete unused `CURL_PULL_STDINT_H`.
  - delete unused `CURL_PULL_INTTYPES_H`.
  - stop detecting `HAVE_STDINT_H` twice.
    Present since the initial CMake commit: 4c5307b45655ba75ab066564afdc0c111a8
  b9291

  curl doesn't use these C99 headers, we need them now to workaround
  broken wolfSSL builds. Ref: #10739

  Once that clears up, we can delete these detections and macros (unless
  we want to keep them for future us.)

  Reviewed-by: Daniel Stenberg
  Closes #10745

Daniel Stenberg (13 Mar 2023)

- RELEASE-NOTES: synced

- ftp: add more conditions for connection reuse

  Reported-by: Harry Sintonen
  Closes #10730

Dan Fandrich (12 Mar 2023)

- tests: make first.c the same for both lib tests and unit tests

  The only difference used to be global variable used in unittest tests.
  After cb7ed5a removed individual flag overrides for the unittests, first.c
  was no longer recompiled for unit tests to include the flag, so whether it
  worked or gave a link error depended on whether it was compiled in
  libtest or unittest first. This way also speeds up the build by
  eliminating 40 identical compile invocations.

  Fixes #10749

- tests: use AM_CPPFILES to modify flags in unit tests

  Using CPPFLAGS sometimes caused odd compile issues when building tests
  with parallel make and AM_CPPFILES is the right flag, anyway.

  Follow-up to cb7ed5a

  Ref #10749

Viktor Szakats (13 Mar 2023)

- Makefile.mk: fix -g option in debug mode [ci skip]

  Add it to `CFLAGS` (was: `LDFLAGS`).

  Closes #10747

Jay Satiro (12 Mar 2023)

- tool: improve --stderr handling

  - freopen stderr with the user-specified file (--stderr file) instead of
    using a separate 'errors' stream.

  - In tool_setup.h override stdio.h's stderr macro as global variable
    tool_stderr.

  Both freopen and overriding the stderr macro are necessary because if
  the user-specified filename is "-" then stdout is assigned to
  tool_stderr and no freopen takes place. See the PR for more information.

  Ref: https://github.com/curl/curl/issues/10491

  Closes https://github.com/curl/curl/pull/10673

Dan Fandrich (11 Mar 2023)

- CI: don't run CI jobs if only another CI was changed

  Also skip builds on non-Windows platforms when only Windows build files
  have changed.

  This should reduce the number of useless builds and the associated
  waiting time and chance of spurious failures, freeing resources for
  new PRs.

  Closes #10742

- http: don't send 100-continue for short PUT requests

  This is already how curl is documented to behave in Everything curl, but
  in actuality only short POSTs skip this. This should knock 30 seconds
  off a full run of the test suite since the 100-continue timeout will no
  longer be hit.

  Closes #10740

- tests: add DELAY keyword to more tests using waits

- tests: hack to build most unit tests under cmake

  These are only built when a libcurl static library is available, since
  we're not building a special libcurlu library yet and these tests rely
  on private symbols that aren't available in the shared library. A few
  unit tests do require libcurlu, so those are not built.

  Closes #10722

- tests: fix MSVC unreachable code warnings in unit tests

  Switch unit1654 to use the proper test macros as well.

- tests: make CPPFLAGS common to all unit tests

  There's no need to specify them individually.

- tests: keep cmake unit tests names in sync

  Put only the test names into Makefile.inc so they can be used by both
  cmake and automake. This will prevent the list of tests from becoming
  out of date when they are also built under cmake.

Viktor Szakats (11 Mar 2023)

- src: silence wmain() warning for all build methods

  llvm/clang and gcc doesn't recognize the wmain() function in Unicode
  Windows builds:

  llvm/clang:
  ```
  ../../src/tool_main.c:239:5: warning: no previous prototype for function 'wma
  in' [-Wmissing-prototypes]
  int wmain(int argc, wchar_t *argv[])
      ^
  1 warning generated.
  ```

  gcc:
  ```
  ../../src/tool_main.c:239:5: warning: no previous prototype for 'wmain' [-Wmi
  ssing-prototypes]
    239 | int wmain(int argc, wchar_t *argv[])
        |     ^~~~~
  ```

  Before this patch, we already silenced it with CMake. This patch moves
  the silencing to the source, so that it applies to all build tools.

  Bug: https://github.com/curl/curl/issues/7229#issuecomment-1464806651

  Reviewed-by: Marcel Raad
  Closes #10744

Dan Fandrich (10 Mar 2023)

- CI: fix retrying on brew failures

  The previous attempt didn't consider that the shell would exit
  immediately after the false statement in the retry case.

  Follow-up to dc141a37

Stefan Eissing (10 Mar 2023)

- http2: fix error handling during parallel operations

  RST and connection close were not handled correctly during parallel
  transfers, leading to aborted response bodies being reported complete.

  Closes #10715

Daniel Stenberg (10 Mar 2023)

- url: only reuse connections with same GSS delegation

  Reported-by: Harry Sintonen
  Closes #10731

Viktor Szakats (10 Mar 2023)

- lib: silence clang/gcc -Wvla warnings in brotli headers

  brotli v1.0.0 throughout current latest v1.0.9 and latest master [1]
  trigger this warning.

  It happened with CMake and GNU Make. autotools builds avoid it with
  the `convert -I options to -isystem` macro.

  llvm/clang:
  ```
  In file included from ./curl/lib/content_encoding.c:36:
  ./brotli/x64-ucrt/usr/include/brotli/decode.h:204:34: warning: variable lengt
  h array used [-Wvla]
      const uint8_t encoded_buffer[BROTLI_ARRAY_PARAM(encoded_size)],
                                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ./brotli/x64-ucrt/usr/include/brotli/port.h:253:34: note: expanded from macro
   'BROTLI_ARRAY_PARAM'
                                   ^~~~~~
  In file included from ./curl/lib/content_encoding.c:36:
  ./brotli/x64-ucrt/usr/include/brotli/decode.h:206:48: warning: variable lengt
  h array used [-Wvla]
      uint8_t decoded_buffer[BROTLI_ARRAY_PARAM(*decoded_size)]);
                             ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
  ./brotli/x64-ucrt/usr/include/brotli/port.h:253:35: note: expanded from macro
   'BROTLI_ARRAY_PARAM'
                                   ~^~~~~
  ```

  gcc:
  ```
  In file included from ./curl/lib/content_encoding.c:36:
  ./brotli/x64-ucrt/usr/include/brotli/decode.h:204:5: warning: ISO C90 forbids
   variable length array 'encoded_buffer' [-Wvla]
    204 |     const uint8_t encoded_buffer[BROTLI_ARRAY_PARAM(encoded_size)],
        |     ^~~~~
  ./brotli/x64-ucrt/usr/include/brotli/decode.h:206:5: warning: ISO C90 forbids
   variable length array 'decoded_buffer' [-Wvla]
    206 |     uint8_t decoded_buffer[BROTLI_ARRAY_PARAM(*decoded_size)]);
        |     ^~~~~~~
  ```

  [1] https://github.com/google/brotli/commit/ed1995b6bda19244070ab5d331111f16f
  67c8054

  Reviewed-by: Daniel Stenberg
  Reviewed-by: Marcel Raad
  Closes #10738

Daniel Stenberg (10 Mar 2023)

- curl_path: create the new path with dynbuf

  Closes #10729

- url: remove dummy protocol handler

  Just two added checks were needed saves a whole handler struct.

  Closes #10727

Dan Fandrich (10 Mar 2023)

- CI: retry a failed brew update too, not just brew install

  Also, make sure an eventual failure ends up returning a failure code so
  the job stops.

Daniel Stenberg (10 Mar 2023)

- url: fix the SSH connection reuse check

  Reported-by: Harry Sintonen
  Closes #10735

- CURLOPT_PROXY.3: curl+NSS does not handle HTTPS over unix domain socket

  It results in error "NSS error -5985 (PR_ADDRESS_NOT_SUPPORTED_ERROR)"

  Disabled test 1470 for NSS builds and documented the restriction.

  Reported-by: Dan Fandrich
  Fixes #10723
  Closes #10734

- CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe

  Reported-by: Hiroki Kurosawa
  Closes #10732

- telnet: only accept option arguments in ascii

  To avoid embedded telnet negotiation commands etc.

  Reported-by: Harry Sintonen
  Closes #10728

- test1903: test use of COOKIEFILE - reset - COOKIEFILE

  This also tests for the memory leak bug fixed by parent commit b559ef6f.

  Ref: #10694

  Closes https://github.com/curl/curl/pull/10712

Jay Satiro (10 Mar 2023)

- url: fix cookielist memleak when curl_easy_reset

  - Free set.cookelist in Curl_freeset instead of Curl_close.

  Prior to this change the cookielist linked list wasn't freed by
  curl_easy_reset which calls Curl_freeset to free all set.

  Bug: https://github.com/curl/curl/issues/10694#issuecomment-1458619157
  Reported-by: Sergey Ryabinin

  Closes https://github.com/curl/curl/pull/10709

Dan Fandrich (10 Mar 2023)

- tests: fix some keywords and unused sections

- tests: fix test1301 to call the right binary

  It was refactored in commit 480ac6e5 but this step was missed.

- tests: add timeout, SLOWDOWN and DELAY keywords to tests

  These are tests that are testing timing and end up being quite slow.

Daniel Stenberg (10 Mar 2023)

- RELEASE-NOTES: synced

Stefan Eissing (10 Mar 2023)

- wolfSSL: ressurect the BIO `io_result`

  In pytest'ing the situation occored that wolfSSL reported an
  IO error when the underlying BIO operation was returning an
  CURLE_AGAIN condition.

  Readding the `io_result` filter context member to detect such
  situations.

  Also, making sure that the returned CURLcode is initialized
  on all recv operations outcome.

  Closes #10716

- gssapi: align global `gss_OID_desc` vars to silence ld warnings on macOS vent
  ura

  Refs #9975 which first reported this.

  Closes #10718

Daniel Stenberg (10 Mar 2023)

- libssh2: only set the memory callbacks when debugging

  This makes us debug libssh2 less and libcurl more when for example
  running torture tests that otherwise will spend a lot of time in libssh2
  functions.

  We leave libssh2 to test libssh2.

  Closes #10721

- docs/SECURITY-PROCESS.md: updates

  - allow Low+Medium issues to be managed through plain PRs
  - update the bug-bounty part to reflect current reality

  Closes #10719

Dan Fandrich (9 Mar 2023)

- tests: fix tag markup issues in some tests

Marcel Raad (9 Mar 2023)

- tests: add `cookies` features

  These tests don't work with `--disable-cookies`.

  Closes https://github.com/curl/curl/pull/10713

- test420: add cookies keyword

  It fails with `--disable-cookies`.

  Closes https://github.com/curl/curl/pull/10713

Dan Fandrich (8 Mar 2023)

- CI: Add more labeler match patterns

  Also, add the  CI, tests or libcurl API tags in conjunction with any
  others that might also apply.

Andy Alt (9 Mar 2023)

- GHA: minor improvements to spellcheck

  Closes #10640

Daniel Stenberg (9 Mar 2023)

- test1671: fix after fix

- test421: -w %{header_json} test with multiple same header names

  To reproduce the issue in #10704

- tool_writeout_json. fix the output for duplicate header names

  Header entries with index != 0 are handled at the index 0 level so they
  should then be skipped when iterated over.

  Reported-by: Boris Okunskiy
  Fixes #10704
  Closes #10707

- headers: make curl_easy_header and nextheader return different buffers

  By letting curl_easy_header() and curl_easy_nextheader() store the
  header data in their own struct storage when they return a pointer to
  it, it makes it possible for applications to use them both in a loop.
  Like the curl tool does.

  Reported-by: Boris Okunskiy
  Fixes #10704
  Closes #10707

rcombs (8 Mar 2023)

- urlapi: take const args in _dup and _get functions

  Closes #10708

- urlapi: avoid mutating internals in getter routine

  This was not intended.

  Closes #10708

Daniel Stenberg (8 Mar 2023)

- urlapi: '%' is illegal in host names

  Update test 1560 to verify

  Ref: #10708
  Closes #10711

- ftp: make the 'ftpauth' a more normal 'char *'-array

  Closes #10703

Evgeny Grin (Karlson2k) (8 Mar 2023)

- doc: fix compiler warning in libcurl.m4

  Current test for curl_free() may produce warnings with strict compiler
  flags or even with default compiler flags with upcoming versions.
  These warning could turned into errors by -Werror or similar flags.
  Such warnings/errors are avoided by this patch.

  Closes #10710

Viktor Szakats (8 Mar 2023)

- misc: fix typos

  Closes #10706

Stefan Eissing (7 Mar 2023)

- ftp: active mode with SSL, add the damn filter

  - since 7.87.0 we lost adding the SSL filter for an active
    FTP connection that uses SSL. This leads to hangers and timeouts
    as reported in #10666.

  Reported-by: SandakovMM on github
  Fixes #10666
  Closes #10669

Daniel Stenberg (7 Mar 2023)

- docs: extend the URL API descriptions

  Closes #10701

Stefan Eissing (7 Mar 2023)

- url: fix logic in connection reuse to deny reuse on "unclean" connections

  - add parameter to `conn_is_alive()` cfilter method that returns
    if there is input data waiting on the connection
  - refrain from re-using connnection from the cache that have
    input pending
  - adapt http/2 and http/3 alive checks to digest pending input
    to check the connection state
  - remove check_cxn method from openssl as that was just doing
    what the socket filter now does.
  - add tests for connection reuse with special server configs

  Closes #10690

Daniel Stenberg (6 Mar 2023)

- x509asn1: use plain %x, not %lx, when the arg is an int

  Pointed out by Coverity.

  Closes #10689

Stefan Eissing (6 Mar 2023)

- http2: fix handling of RST and GOAWAY to recognize partial transfers

  - a reset transfer (HTTP/2 RST) did not always lead to the proper
    error message on receiving its response, leading to wrong reports
    of a successful transfer
  - test_05_02 was able to trigger this condition with increased transfer
    count. The simulated response errors did not carry a 'Content-Length'
    so only proper RST handling could detect the abort
  - When doing such transfers in parallel, a connection could enter the
    state where
    a) it had been closed (GOAWAY received)
    b) the RST had not been "seen" for the transfer yet
    or c) the GOAWAY announced an error and the last successful
    stream id was not checked against ongoing transfers

  Closes #10693

- tests: use dynamic ports numbers in pytest suite

  - necessary ports are bound at start of test suite and then
    given to server fixtures for use.
  - this make parallel use of pytest (in separate directories),
    practically safe for use as OS tend to not reuse such port numbers
    for a while

  Closes #10692

- connect: fix time_connect and time_appconnect timer statistics

  - time_connect was not updated when the overall connection failed,
    e.g. when SSL verification was unsuccessful, refs #10670
  - rework gather those values to interrogate involved filters,
    also from all eyeballing attempts, to report the maximum of
    those values.
  - added 3 test cases in test_06 to check reported values on
    successful, partially failed and totally failed connections.

  Reported-by: Master Inspire
  Fixes #10670
  Closes #10671

Daniel Stenberg (6 Mar 2023)

- test1905: update output cookie order

  After the #10685 update

- test420: verify expiring cookies

  Cookies that are loaded fine from a jar but then are expired in headers.

- cookie: don't load cookies again when flushing

  Reported-by: Sergio Mijatovic
  Fixes #10677
  Closes #10685

- RELEASE-NOTES: synced

Andy Alt (6 Mar 2023)

- docs: note '--data-urlencode' option

  Closes #10687

Daniel Stenberg (6 Mar 2023)

- DEPRECATE: the original legacy mingw version 1

  Remove completely in September 2023

  Closes #10667

Harry Sintonen (6 Mar 2023)

- rand: use arc4random as fallback when available

  Normally curl uses cryptographically strong random provided by the
  selected SSL backend. If compiled without SSL support, a naive built-in
  function was used instead.

  Generally this was okay, but it will result in some downsides for non-
  SSL builds, such as predictable temporary file names.

  This change ensures that arc4random will be used instead, if available.

  Closes #10672

Grisha Levit (6 Mar 2023)

- tool: dump headers even if file is write-only

  The fixes in #10079 brought a (seemingly unrelated) change of open mode
  from `wb`/`ab` to `wb+`/`ab+` for the headerfile. This makes it no
  longer possible to write the header file to e.g. a pipe, like:

      curl -D >(grep ...) file:///dev/null

  Which presently results in `Warning: Failed to open /dev/fd/63`

  See #10079
  Closes #10675

Jay Satiro (6 Mar 2023)

- tests: fix gnutls-serv check

  - If gnutls-serv doesn't exist then don't try to execute it.

  Follow-up to 2fdc1d81.

  Closes https://github.com/curl/curl/pull/10688

Daniel Stenberg (6 Mar 2023)

- lib1560: fix enumerated type mixed with another type

  Follow-up to c84c0f9aa3bb006

  Closes #10684

Viktor Szakats (5 Mar 2023)

- cmake: fix enabling LDAPS on Windows

  Before this patch, enabling LDAPS required a manual C flag:
  https://github.com/curl/curl-for-win/blob/c1cfc31cfc04f24f7a4f946564d6f0e1b4d
  7dd36/curl-cmake.sh#L105

  Fix this and enable LDAPS automatically when using `wldap32` (and
  when not explicitly disabled). This matches autotools and `Makefile.mk`
  behavior. Also remove issue from KNOWN_BUGS.

  Add workaround for MSVS 2010 warning triggered by LDAPS now enabled
  in more CI tests:
  `ldap.c(360): warning C4306: 'type cast' : conversion from 'int' to 'void *' 
  of greater size`
  Ref: https://ci.appveyor.com/project/curlorg/curl/builds/46408284/job/v8mwl9y
  fbmoeqwlr#L312

  Reported-by: JackBoosY on github
  Reviewed-by: Jay Satiro
  Reviewed-by: Marcel Raad
  Fixes #6284
  Closes #10674

- Makefile.mk: delete redundant `HAVE_LDAP_SSL` macro [ci skip]

  Since abebb2b8939c6b3e0f951eb2d9ec3729b569aa2c, we set this macro for
  all Windows `wldap32` builds using `Makefile.mk`.

  For OpenLDAP builds this macro is not enough to enable LDAPS, and
  OpenLDAP is not an option in `Makefile.mk`. For Novell LDAP it might
  have helped, but it's also not an option anymore in `Makefile.mk`.

  The future for LDAPS is that we should enable it by default without
  extra build knobs.

  Reviewed-by: Marcel Raad
  Closes #10681

- cmake: skip CA-path/bundle auto-detection in cross-builds

  Also remove issue from KNOWN_BUGS.

  Reported-by: Cristian Morales Vega
  Reviewed-by: Marcel Raad
  Fixes #6178
  Closes #10676

Daniel Stenberg (3 Mar 2023)

- schannel: loop over the algos to pick the selected one

  Avoid using the funny macro and the extra buffer copy.

  Closes #10647

- wildcard: remove files and move functions into ftplistparser.c

- ftp: allocate the wildcard struct on demand

  The feature is rarely used so this frees up data for the vast majority
  of easy handles that don't use it.

  Rename "protdata" to "ftpwc" since it is always an FTP wildcard struct
  pointer. Made the state struct field an unsigned char to save space.

  Closes #10639

- lib1560: test parsing URLs with ridiculously large fields

  In the order of 120K.

  Closes #10665

Brad Spencer (3 Mar 2023)

- urlapi: parse IPv6 literals without ENABLE_IPV6

  This makes the URL parser API stable and working the same way
  independently of libcurl supporting IPv6 transfers or not.

  Closes #10660

Jan Engelhardt (3 Mar 2023)

- build: drop the use of XC_AMEND_DISTCLEAN
