                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 8.9.1 (31 Jul 2024)

Daniel Stenberg (31 Jul 2024)

- RELEASE-NOTES: synced

- THANKS: add names from the 8.9.1 release notes

  Also remove duplicates

Stefan Eissing (30 Jul 2024)

- x509asn1: unittests and fixes for gtime2str

  Fix issues in GTime2str() and add unit test cases to verify correct
  behaviour.

  Follow-up to 3c914bc6801

  Closes #14316

Tal Regev (30 Jul 2024)

- vtls: avoid forward declaration in MultiSSL builds

  The MSVC compiler cannot have forward declaration with const and static
  variable, causing this error:
  ```
  curl\lib\vtls\vtls.c(417,44): warning C4132: 'Curl_ssl_multi': const object s
  hould be initialized
  ```

  Ref: #14276
  Closes #14305

Viktor Szakats (30 Jul 2024)

- tidy-up: URL updates (one more)

  Follow-up to 767d5811b5c783b42cea999dd42ecf0453085d17 #14318

- tidy-up: URL updates

  Closes #14318

- cmake: drop `if(PKG_CONFIG_FOUND)` guard for `pkg_check_modules()`

  The oldest cmake supported by curl is v3.7.0, which already has such
  guard (using `PKG_CONFIG_EXECUTABLE`) inside `pkg_check_modules()`. The
  advantage of leaving that guard to CMake is that it will define/reset
  all output variables, while the manual guard doesn't do this and also
  leaves for example `NETTLE_FOUND` undefined.

  Delete the single use of this guard from the recently added `nettle`
  detection, where I included it by accident. Then possibly re-introduce
  it universally if we find it useful after more evaluation.

  Follow-up to 669ce42275635dc1f881dab3dfc9a55c9ab49b21 #14285
  Closes #14309

Daniel Stenberg (30 Jul 2024)

- mailmap: dedupe an author showing up twice in shortlog -s

Ivan Kuchin (30 Jul 2024)

- misc: cleanup after removing years from copyright

  - remove leftover copyright years from few test files
  - fix email in copyright lines
  - consistent format of copyright lines

  Closes #14312

Alex Snast (30 Jul 2024)

- wolfssl: avoid calling get_cached_x509_store if store is uncachable

  There's no need for get_cached_x509_store call if the return value won't
  be used for caching anyway.

  Closes #14306

Daniel Stenberg (30 Jul 2024)

- contrithanks.sh: use -F with -v to match lines as strings

  Makes names involving [brackets] work.

Viktor Szakats (30 Jul 2024)

- GHA/non-native: bump FreeBSD/arm64 python modules

  FreeBSD seems to upgrade their Python separately for arm64
  and Intel. Today, arm64 caught up with the Intel packages.
  Update our CI to reflect it.

  Closes #14310

dependabot[bot] (30 Jul 2024)

- GHA: bump github/codeql-action and msys2/setup-msys2

  - bump github/codeql-action from 3.25.13 to 3.25.15

  Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.
  25.13 to 3.25.15.
  - [Release notes](https://github.com/github/codeql-action/releases)
  - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
  - [Commits](https://github.com/github/codeql-action/compare/2d790406f505036ef
  40ecba973cc774a50395aac...afb54ba388a7dca6ecae48f608c4ff05ff4cc77a)

  ---
  updated-dependencies:
  - dependency-name: github/codeql-action
    dependency-type: direct:production
    update-type: version-update:semver-patch
  ...

  Signed-off-by: dependabot[bot] <support@github.com>
  Closes #14300

  - bump msys2/setup-msys2 from 2.23.0 to 2.24.0

  Bumps [msys2/setup-msys2](https://github.com/msys2/setup-msys2) from 2.23.0 t
  o 2.24.0.
  - [Release notes](https://github.com/msys2/setup-msys2/releases)
  - [Changelog](https://github.com/msys2/setup-msys2/blob/main/CHANGELOG.md)
  - [Commits](https://github.com/msys2/setup-msys2/compare/d0e80f58dffbc64f6a3a
  1f43527d469b4fc7b6c8...5df0ca6cbf14efcd08f8d5bd5e049a3cc8e07fd2)

  ---
  updated-dependencies:
  - dependency-name: msys2/setup-msys2
    dependency-type: direct:production
    update-type: version-update:semver-minor
  ...

  Signed-off-by: dependabot[bot] <support@github.com>
  Closes #14301

Daniel Stenberg (30 Jul 2024)

- x509asn1: clean up GTime2str

  Co-authored-by: Stefan Eissing
  Reported-by: Dov Murik

  Closes #14307

- tool_operate: more defensive socket code

  - use 'struct sockaddr' to getsockname() and its sa_family member

  - use 'curl_socklen_t' instead of 'socklen_t'

  - check for AF_INET6 to exist instead assuming it does

  Should be generally more portable.

  Reported-by: Harry Sintonen
  Closes #14304

Viktor Szakats (29 Jul 2024)

- configure: limit `__builtin_available` test to Darwin

  This feature test always fails on non-Apple systems. (For Apple targets
  it's supported by llvm and Apple clang.)

  Syncs behaviour with CMake.

  Follow-up to cfd6f43d6ca7e57670b422bab7bbf10221a2cf3e #14127
  Cherry-picked from #14097
  Closes #14196

Daniel Stenberg (29 Jul 2024)

- RELEASE-NOTES: synced

- CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching

  and add a few more see-also

  Closes #14302

Viktor Szakats (29 Jul 2024)

- cmake: detect `libssh` via `pkg-config`

  Also:
  - fix broken libssh `pkg-config` behaviour on old Linux.
    (when found, `LIBSSH_LINK_LIBRARIES` remains undefined.)

  - delete manual libssh config from Old Linux CI job,
    it's no longer necessary.

  Closes #14199

- GHA/non-native: improve, migrate x86_64 FreeBSD with tests from Cirrus CI

  - run tests via `make test-ci` instead of `make check` with autotools.
  - add `x86_64` job for FreeBSD, with tests.
    It matches the existing Cirrus CI job, with these differences:
    - finishes 3x faster (thanks to parallel tests enabled).
    - librtmp is not enabled because it's slated for removal by FreeBSD.
      (already past the removal deadline, thought the package still
      installs.)
    - DICT and TELNET servers fail to start. Couldn't figure out why.
      It means skipping test 1450 and 1452.
    - it runs more tests, e.g. websockets and ip6-localhost.
    - no `pkg update -f`.
    - it misses the `CRYPTOGRAPHY_DONT_BUILD_RUST=1`, `pkg delete curl`,
      `chmod 777`, `sudo -u nobody` and `sysctl net.inet.tcp.blackhole`
      tricks. The latter is the default in these runners, the others did
      not affect results.
  - set `-j0` for tests in the NetBSD job. Flaky otherwise.

  Closes #14244

- cmake: detect `nettle` when building with GnuTLS

  `nettle` is a direct dependency of curl, when building with GnuTLS.
  Add a new `Find` module to detect it.

  Also:
  - GHA/macos: drop `nettle` hack no longer necessary.
  - add `nettle` to `libcurl.pc`.
  - also add `nettle` to `libcurl.pc` in autotools builds.

  Follow-up to 781242ffa44a9f9b95b6da5ac5a1bf6372ec6257 #11967
  Closes #14285

- macos: fix Apple SDK bug workaround for non-macOS targets

  Turns out that MAC != OSX, despite what these names otherwise mean and
  what's suggested by source code comments. "MAC" in fact means Darwin
  (aka Apple), not macOS. "OSX" means macOS.

  GitHub bumped the macos-14 runner default to Xcode 15.4, hitting the
  llvm@15 incompatibility bug by default. Meaning the previous workaround
  for the SDK bug is necessary.

  This patch extend the workaround to not apply to mobile OS variants.

  Follow-up to ff784af461175584c73e7e2b65af00b1a5a6f67f #14159
  Reported-by: Sergey
  Confirmed-by: Marcel Raad
  Fixes #14269
  Closes #14275

Stefan Eissing (29 Jul 2024)

- wolfssl: CA store share fix

  When sharing the x509 store in wolfSSL, always use an explicitly
  constructed one, as the SSLCTX might have "only" an internal one which
  is not obeying reference count lifetimes.

  Fixes #14278
  Reported-by: Alex Snast
  Closes #14279

Randall S. Becker (29 Jul 2024)

- curl: support __ss_family use on NonStop platforms

  The definition of sockaddr_storage incorrectly specifies the ss_family
  field as __ss_family. This fix conditionally allows builds to succeed on
  all NonStop platforms.

  Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>

  Closes #14273

Daniel Stenberg (29 Jul 2024)

- test993: list 1000 messages over POP3

  Attempt to verify issue #14201

  Closes #14297

Stefan Eissing (29 Jul 2024)

- connect: fix connection shutdown for event based processing

  connections being shutdown would register sockets for events, but then
  never remove these sockets again. Nor would the shutdown effectively
  been performed.

  - If a socket event involves a transfer, check if that is the
    connection cache internal handle and run its multi_perform()
    instead (the internal handle is used for all shutdowns).
  - When a timer triggers for a transfer, check also if it is
    about the connection cache internal handle.
  - During processing shutdowns in the connection cache, assess
    the shutdown timeouts. Register a Curl_expire() of the lowest
    value for the cache's internal handle.

  Reported-by: Gordon Parke
  Fixes #14280
  Closes #14296

Daniel Stenberg (29 Jul 2024)

- tests: provide FTP directory contents in the test file

  Instead of providing a fixed single synthetic response in the test
  server itself. To allow us to better use *different* directory listings
  in different test cases. In this change, most listings remain the same
  as before.

  The wildcard match tests still use synthetic responses but we should fix
  that as well.

  Updated numerous test cases to use this.

  Closes #14295

- ftpserver.pl: make POP3 LIST serve content from the test file

  instead of a fixed list in the test server.

  Adjust test 853 accordingly.

  Closes #14293

- TODO: thread-safe sharing

- CURLSHOPT_SHARE.md: mention sessions/cookies as not thread-safe

  Sharing of these between threads are apparently also not done safely.

  Ref: #14290
  Reported-by: Aki Sakurai
  Closes #14292

- RELEASE-NOTES: synced

Patrick Monnerat (28 Jul 2024)

- os400: build cli manual.

  Use PASE perl to run manual generation scripts.

  As PASE perl is not aware of all possible input file encoding, convert
  all files to UTF-8 upon build start (this might be lengthy).

  OS/400 terminal emulation may only offer 76 columns, thus a new -c
  parameter has been added to the managen program, defining the allowed
  width.

  If perl is not available, omit generation and disable online manual.

  Closes #14289

Daniel Stenberg (27 Jul 2024)

- example/multi-uv: remove the use of globals

  - shows how to pass on local variables (better)

  - start the transfers nicer (with curl_multi_socket_action)

  - consistent and helpful function naming - to better show what functions
    and callbacks that are used for what

  - build warning-free with gcc -W -Wall -pedantic

  Closes #14287

Viktor Szakats (27 Jul 2024)

- runtests: fold timing details with GHA, sync `-r` tflags

  - move timing details into a foldable group when run in GitHub Actions.
    Spec:
    https://docs.github.com/en/actions/using-workflows/workflow-commands-for-gi
  thub-actions#grouping-log-lines

  - enable `-r` (run time stats) option in autotools' `test-ci` target,
    syncing it with cmake.

  Closes #14284

- GHA/windows: increase timeout for vcpkg build step [ci skip]

  Examples:
  https://github.com/curl/curl/actions/runs/10102112253/job/27937088909?pr=1427
  4
  https://github.com/curl/curl/actions/runs/10102112253/job/27937082353?pr=1427
  4
  https://github.com/curl/curl/actions/runs/10102112253/job/27937088478?pr=1427
  4

- GHA/macos: update comment about default Xcode on macos-14 runner [ci skip]

  New default since:
  https://github.com/actions/runner-images/blob/releases/macos-14-arm64/2024072
  2/images/macos/macos-14-arm64-Readme.md

Patrick Monnerat (27 Jul 2024)

- os400: workaround an IBM ASCII run-time library bug

  IBM-provided ASCII function puts() does not output an expected trailing
  newline: emulate the correct behavior using other functions.

  Closes #14281

Stefan Eissing (27 Jul 2024)

- transfer: speed limiting fix for 32bit systems

  When checking if a speed limit on receives applies, compare the receive
  sizes using the large int type to prevent an overflow on systems where
  size_t is 32bit.

  Fixes #14272
  Reported-by: Mamoru Tasaka
  Closes #14277

Anthony Hu (26 Jul 2024)

- wolfSSL: allow wolfSSL's implementation of kyber to be used

  Closes #14268

Daniel Stenberg (26 Jul 2024)

- lib: survive some NULL input args

  The input string pointer to:

  curl_escape
  curl_easy_escape
  curl_unescape
  curl_easy_unescape

  The running_handles pointer to:

  curl_multi_perform
  curl_multi_socket_action
  curl_multi_socket_all
  curl_multi_socket

  Reported-by: icy17 on github
  Fixes #14247
  Closes #14262

- RELEASE-PROCEDURE.md: restore next release date

  Pointed-out-by: extrimexxx on github
  Bug: https://github.com/curl/curl/pull/14267#issuecomment-2247062235

- RELEASE-NOTES: synced

  bumped to 8.9.1

- RELEASE-PROCEDURE.md: remove the initial build step

  Because it is no longer needed to be done by a person as the dmaketgz
  script does it by itself.

  Removed two past release dates, added two new future ones

  Closes #14267

Version 8.9.0 (24 Jul 2024)

Daniel Stenberg (24 Jul 2024)

- RELEASE-NOTES: synced

- THANKS: updates from the 8.9.0 release

- curl_easy_escape.md: move historic details to HISTORY

  Closes #14261

- docs/libcurl: add to cleanup docs that their inputs go invalid

  Reported-by: icy17 on github
  Fixes #14248
  Closes #14258

dependabot[bot] (23 Jul 2024)

- GHA: bump github/codeql-action from 3.25.11 to 3.25.13

  Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.
  25.11 to 3.25.13.
  - [Release notes](https://github.com/github/codeql-action/releases)
  - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
  - [Commits](https://github.com/github/codeql-action/compare/b611370bb5703a7ef
  b587f9d136a52ea24c5c38c...2d790406f505036ef40ecba973cc774a50395aac)

  ---
  updated-dependencies:
  - dependency-name: github/codeql-action
    dependency-type: direct:production
    update-type: version-update:semver-patch
  ...

  Signed-off-by: dependabot[bot] <support@github.com>
  Closes #14255

Stefan Eissing (23 Jul 2024)

- conncache: connection shutdown, multi_socket handling

  - implement the socket hash user/reader/writer processing also
    for connections that are being shut down by the connection cache.
  - split out handling of current vs. last pollset socket event handling
    into a function available in other code parts
  - add `shutdown_poll` pollset to `connectdata` struct so that changes
    in the pollset can be recorded during shutdown. (The internal handle
    cannot keep it since it might be used for many connections)

  Reported-by: calvin2021y on github
  Fixes #14252
  Closes #14257

Daniel Stenberg (22 Jul 2024)

- tool_cb_prg: output "flying saucers" with leading carriage return

  Because that is how the progress-bar is output, so when the progress-bar
  has been shown at least once and the information is reset, like for a
  redirect, there might be a moment where the size goes from known to
  unknown and then the flying saucerts are shown after a brief display of
  the progress-bar.

  It could previously cause accidental character leftovers on the right
  side of the bar when using a narrow display.

  Reported-by: Chris Webb
  Fixes #14213
  Closes #14246

- lib: Curl_posttransfer => multi_posttransfer

  Moved from transfer.c to multi.c as it was only used within multi.c

  Made a void, as it returned a fixed return code nothing checked.

  Closes #14240

- CURLOPT_SSL_VERIFYHOST.md: refresh

  Move mentions of old behavior to the HISTORY section to make it easier
  to read about modern behavior.

  Added a MATCHING section.

  Closes #14241

- multi: do a final progress update on connect failure

  To fix timing metric etc

  Co-authored-by: Justin Maggard
  Fixes #14204
  Closes #14239

Orgad Shaneh (19 Jul 2024)

- md4: fix compilation with OpenSSL 1.x with md4 disabled

  If OpenSSL 1.x is used, and it is configured with md4 disabled,
  OPENSSL_NO_MD4 is defined in opensslconf.h, but this header was not
  included before checking for this define.

  Later in md4.c, openssl/md4.h is included, and it includes that header
  indirectly, leading to inconsistency within md4.c.

  Since the md4.h branch was taken, wincrypt.h (or others) is not
  included, and later below the USE_WIN32_CRYPTO branch is taken, but the
  types are not defined.

  Closes #14218

martinevsky (19 Jul 2024)

- ftp: remove redundant null pointer check in loop condition

  Closes #14234

Justin Maggard (19 Jul 2024)

- mbedtls: check version before getting tls version

  mbedtls_ssl_get_version_number() was added in mbedtls 3.2.0. Check for
  that version before using it.

  Closes #14228

martinevsky (19 Jul 2024)

- urlapi: remove unused definition of HOST_BAD

  Closes #14235

Daniel Stenberg (19 Jul 2024)

- curldown: fixups

  - make DEFAULT sections less repetitive

  - make historic mentions use HISTORY

  - generate the protocols section on `# %PROTOCOLS%` instead of guessing
    where to put it

  - generate the availability section on `# %AVAILABILITY%` instead of
    guessing where to put it

  - make the protocols section more verbose

  Closes #14227

Tal Regev (19 Jul 2024)

- GHA/windows: enable libssh in !ssl MSVC job

  Closes #14232

- GHA/windows: enable libidn2 in !ssl MSVC job

  Closes #14200

Viktor Szakats (19 Jul 2024)

- GHA/macos: improve, fix gcc/llvm, add new test matrix

  This PR began as an attempt to drop GCC support, after repeated reports
  on fallouts when trying to use it on macOS.

  Then it transformed into a 3-week project turning up the issues causing
  the fallouts, ending up including llvm and all available Xcode / macOS
  SDK, macOS runner image, build tools and compiler vendors and versions.
  Accumulating 400 sub-commits.

  I developed and tested all fixes under this PR, then merged them as
  separate patches.

  This PR retained CI jobs updates, extensively reworking and extending
  them: [1]

  At first it seemed GCC and the Apple SDK is "naturally" growing more
  incompatible, as Apple added further non-standard features to their
  headers. This is partly true, but reality is more complicated.

  Besides some issues local to curl, there were bugs in Apple SDK
  headers, Homebrew GCC builds, feature missing in the old llvm version
  pre-installed on GitHub CI runner images, and subtle incompatibilities
  between GCC and llvm/clang when handling language extensions.

  Resulting compiler errors seldom pointed to a useful direction, and
  internet search was silent about these issues too. Thus, I had to peel
  them off layer by layer, using trial and error, and by recognizing
  patterns of failures accross 150-200 builds combinations. Exposing
  configure logs, and curl_config.h in the CI logs helped too.

  1. GCC header compatibility layer ("hack" as GCC calls it)

  The toughest issue is GCC's built-in compatibility layer:
    https://github.com/gcc-mirror/gcc/tree/master/fixincludes

  This patch layer is further patched by a "Darwin compatibility" project
  applied on top by Homebrew GCC via:
    https://github.com/iains/gcc-12-branch
    https://github.com/iains/gcc-13-branch
    https://github.com/iains/gcc-14-branch

  The hack layer is designed in a way that breaks more builds than it
  fixes, esp. in context of GHA runners. The idea is to build GCC
  specifically for the SDK for the target macOS version. The problem with
  this approach is that the Xcode + SDK installed on the local/CI machine
  often does not match with the SDK used on while building GCC on
  Homebrew's build machines. In these cases the GCC compatibility layer
  turns into an "uncompatibility" layer and consistently breaks builds.
  curl cannot offer a fix for this, because the solution (I found) is to
  patch the toolchain on the local machine. I implemented this for our CI
  builds and curl-for-win. In other case the user must do this patching
  manually, or choose a compatible GCC + Xcode/SDK combination.

  An upstream fix doesn't seem trivial either, because the issue is
  ingrained in the compatibility layer's design. Offering an `-fapplesdk`
  (or recognizing `-target`) option and/or fixing them within the compiler
  would seem like a more robust option, and also how mainline llvm solves
  this.

  Here's a table summarizing the GCC + SDK combinations and curl build
  failures: [2]

  More info: https://github.com/curl/curl/issues/10356#issuecomment-2222734103

  db135f8d7207b20d531e7e2100a49f3e16bdcfab #14119 macos: add workaround for gcc
  , non-c-ares, IPv6, compile error
  Ref: https://github.com/curl/curl-for-win/commit/e2db3c475f5981352e6e6a79854a
  255805b28deb
  Ref: https://github.com/curl/curl-for-win/commit/f5c58d7fef78e972be33ca2355dc
  b42ba56622a6

  2. Homebrew GCC's `availability` extension

  A recent minor Homebrew GCC upgrade caused major breakage. The "Darwin
  compatibility" patch applied to GCC implemented the `availability`
  compiler attribute in GCC. Apple SDK detected this and enabled using
  them, but as it turns out GCC accepts compiler attributes with slightly
  different rules than llvm/clang, and how the Apple SDK uses them,
  breaking builds.

  Affected Homebrew GCC versions are: 12.4.0, 13.3.0 and 14.1.0.

  Possibly tracked here: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796
  More info: https://github.com/llvm/llvm-project/issues/81767

  Commit implementing the `availability` macro:
  gcc-12: https://github.com/iains/gcc-12-branch/commit/fd5530b7cb0012bf4faeddd
  45e13054a1dfa6783
  gcc-13: https://github.com/iains/gcc-13-branch/commit/cb7e4eca68cfc4763474e2e
  b0935a844458842a8
  gcc-14: https://github.com/iains/gcc-14-branch/commit/ff62a108865a6403f501738
  0d7018250c1d3306f

  That applied to Homebrew GCC (12.4.0):
  https://github.com/Homebrew/homebrew-core/commit/b904223d9893f62bec2a8f7483bf
  5992747fc6c7#diff-89dd0b4176eca7fcc24b591943509bf8a8d6ea904d71e5dfcd6b78fed62
  fc574R44-R48

  Ref: #13700
  More info: https://github.com/curl/curl/pull/14091#issuecomment-2222703468

  e91fcbac7d86292858718a0bfebad57978761af4 #14155 macos: undo `availability` ma
  cro enabled by Homebrew gcc

  3. Proprietary Apple SDK macros

  Apple SDK expects certain macros predefined by the compiler. Missing
  them may causes odd issues. Mainline llvm is keeping up with Apple
  clang, but it needs a fresh version, while the one installed on GitHub
  runners is old (v15). I patched these in `lib/curl_setup.h`.

  baa3270846b2a7307cbd0dd5c02c4e5f00e388dd #14134 build: fix llvm 16 or older +
   Xcode 15 or newer, and gcc

  4. Apple SDK header bug

  Without certain predefined macros, SDK headers can take a codepath where
  it mis-defines its own `TARGET_OS_OSX` macro, which make it break its
  own headers later. I patched it in `lib/curl_setup.h`.

  ff784af461175584c73e7e2b65af00b1a5a6f67f #14159 build: fix llvm 17 and older 
  + macOS SDK 14.4 and newer

  5. `TargetConditionals.h` requires `sys/types.h`

  Fixed in curl. It caused feature-detection failurs with autotools, and
  could break builds in certain configurations.

  e1f6192939c9c5ab2310b60bedf4c07d635193f6 #14130 configure: fix `SystemConfigu
  ration` detection

  6. Differences between autotools and CMake compiler options

  Fixed it by syncing compiler warning options.

  59cadacfcc1d39472245979cdbd614c7a9af6f0d #14128 build: sync warning options b
  etween autotools, cmake & compilers

  7. Differences between autotools and CMake dependency detection

  Fixed it by improving detection of libidn2, with some more fixes
  pending for the next feature window.

  f43adc2c4978f7f82a359e89186e58a31d17b0ad #14137 cmake: detect `libidn2` also 
  via `pkg-config`
  Ref: #14136 cmake: detect `nghttp2` via `pkg-config`, enable by default

  8. libidn2 detection bug with CMake

  Fixed the root cause and also the trigger in the CI config.

  764fbabf6ed4c1d36c0ab2033ac8df52d9923cd7 #14175 cmake: fix builds with detect
  ed libidn2 lib but undetected header

  9. Suppressed compiler warnings inside Apple-specific curl code

  Fixed these warnings, which allowed to stop silencing them.

  b05dc7eb3592305de9fa85640767f3dd2a8d4c93 #14122 sectransp: fix `HAVE_BUILTIN_
  AVAILABLE` checks to not emit warnings
  5fa534b0dacdc120aaab0766047e0ecac37be4b3 #14162 sectransp: fix clang compiler
   warnings, stop silencing them

  10. CMake mis-detecting a CA bundle path on macOS

  d2ef6255f4a040397d2f40ab7cbf65a203201cd9 #14182 cmake: sync CA bundle/path de
  tection with autotools

  11. Failure to build tests with LibreSSL or wolfSSL with CMake

  Fixed by dropping unnecessary includes, makign test builds dependent
  on dependency headers.

  3765d75ce47b66289f946382b649d0e99389dc77 #14172 cmake: fix building `unit1600
  ` due to missing `ssl/openssl.h`

  12. curl tests with CMake

  curl's CMake was missing bits for running the C preprocessor accurately.
  It made tests 1119 and 1167 fail. I implemented the missing bits.

  efc2c5184d008fe2e5910fd03263e1ab0331d4e6 #14124 tests: include current direct
  ory when running test Perl commands
  c09db8b51b88ee6ad55bd637dcb4b47678e30906 #14129 cmake: create `configurehelp.
  pm` like autotools does
  67cc1e3400b77536a3ca529c986247e1ef985e6e #14125 test1119: adapt for `.md` inp
  ut

  13. GCC missing `__builtin_available()` support

  curl source code assumes this is available to enable certain codepaths.
  It's also intermixed with monotonic timer support.

  14. Monotonic timer support with GCC

  Detected by GCC, while it probably shouldn't be. llvm/clang detects it
  depending on target OS version. I've been playing with this, but so far
  without a conclusion or fix.

  15. Runtime/test failures with GCC

  I couldn't find the reason for most of this. A bunch of RTSP tests fail
  with GCC. SecureTransport + HTTP/2 is failing a bunch of tests. With
  OpenSSL it fails two of those. SecureTransport builds also fail one DoH
  test.

  16. Runtime/test failure in llvm/clang

  AppleIDN support received a fix with two more remaining.

  fd0250869f7837e4a48d7e6f54cc0801ad3820e8 #14179 #14176 IDN: fix ß with Apple
  IDN

  17. Other issues found and fixed while working on this:

  2c15aa5765900d4351e733671a1c8c3785beee1a        GHA/macos: delete misplaced `
  CFLAGS`, drop redundant CMake option
  80fb7c0bef209735ab352bf4afa31193a7bc65f1 #14126 configure: limit `SystemConfi
  guration` test to non-c-ares, IPv6 builds
  cfd6f43d6ca7e57670b422bab7bbf10221a2cf3e #14127 build: tidy up `__builtin_ava
  ilable` feature checks (Apple)
  bae555359979016999a9425a2d489f219a78abdd #14174 runtests: show name and keywo
  rds for failed tests in summary
  09cdf7e5315711dea4ce7dcf5d99a4d41e7f658b #14178 cmake: delete unused `HAVE_LI
  BSSH2`, `HAVE_LIBSOCKET` macros
  d3595c74fab829f07ef44da1b7fc2f5668767020 #14186 configure: CA bundle/path det
  ection fixes
  58772b0e082eda333e0a5fc8fb0bc7f17a3cd99c #14187 runtests: set `SOURCE_DATE_EP
  OCH` to fix failing around midnight
  18f1cd7a77c4beecfd977d43f55634eb593ac99e #14183 tests: sync feature names wit
  h `curl -V`
  4c22d97be786ed801e050da6872dd3143d6d0a59 #14181 build: use `#error` instead o
  f invalid syntax

  Pending merges:

  - #14185 runtests: fold test details for GitHub CI runs
  - #14197 cmake: grab-bag of tidy-ups
  - #14196 configure: limit `__builtin_available` test to Darwin

  Summary:

  In general GCC doesn't seem to be a good fit with curl and macOS for
  now. These "lucky" combinations (GitHub Actions runner) will build out
  of the box now: macos-14 + Xcode 15.0.1 + gcc-11, gcc-12, gcc-14. The
  rest builds with the ugly workaround in place, but all this still leaves
  some runtime issues.

  More info and links in the commit messages and source code.

  [1]: This PR:
  - add info about target OS version requirements per feature, with OS
    names and release years.
  - stop using `-Wno-deprecated-declarations` to suppress warnings.
  - use `LDFLAGS=-w` to suppress 'object file was built for newer macOS
    version than being linked' warnings.
    (there were tens of thousands of them in some jobs)
  - allow overriding Xcode version in all jobs.
  - improve job names.
  - abbreviate CMake as CM, autotools as AM for more compact job names.
  - shorten job names by using `!` instead of `no-` and `non-`.
  - bump parellel tests to 10 (from 5).
  - drop using `--enable-maintainer-mode` `./configure` option.
  - add gcc-12 no-ssl, autotools job with tests, ignore failing test
    results. (It's not yet clear why gcc-12 builds have different runtime
    results than clang/llvm ones.)
  - add comments with OS names and release years next to version numbers,
    e.g. 10.15  # Catalina (2019)
  - fix broken gcc-12 SecureTransport build.
  - show compiler, Xcode, SDK, gcc hack SDK versions, Homebrew
    preinstalled packages and C compiler predefined macros for each job.
    Useful for debugging all the strange problems these builds might have.
  - merge brew bundle and install steps.
  - move step names to the top.
  - dump configure log for both cmake and autotools also for successful
    builds. Useful for debugging.
  - dump curl_config.h in short (sorted #defines) and full form.
  - add support for the mainline llvm compiler.
  - set sysroot for gcc and llvm.
  - add timeout for cmake jobs.
  - add new job matrix: combinations
    It supports building all possible compiler, runner image, Xcode/SDK
    combinations, with cmake and autotools, target OS versions and with or
    without SecureTransport. It's quick. GHA limits the maximum number of
    matrix jobs at 256.
    I used this as a test-rig to fix the macOS build fallouts with gcc and
    llvm.
    I settled with 16 jobs, trying to maximize fallout coverage.
  - implement hack to make Homebrew gcc work with all available SDKs.
  - add handy mini-table about Xcode / SDK versions, OS names, years for
    each GHA images, with the defaults.
  - add tests for cmake jobs.
  - make cmake config hack to link GnuTLS less intrusive.
  - stop ignoring test 1452, seems fine now.
  - fix to enable libpsl in autotools builds.
  - enable libpsl in cmake builds.
  - add an llvm job with tests (both autotools and cmake).
  - delete similar macOS jobs from Circle CI. GHA is now arm64 too.

  [2]: Homebrew GCC vs GHA runner images vs curl builds:
  ```
  macOS      Xcode   gcc         gcc SDK hacks      Xcode SDK   SDK major Build
   Compile
             (*def)  (Homebrew)  (CommandLineTools)             versions       
   error
  --------  -------- ----------  ------------------ ----------  --------- -----
   ---------------------
  macos-12   13.1    GCC 11.4.0  MacOSX12           MacOSX12.0
  macos-12   13.2.1  GCC 11.4.0  MacOSX12           MacOSX12.1
  macos-12   13.3.1  GCC 11.4.0  MacOSX12           MacOSX12.3
  macos-12   13.4.1  GCC 11.4.0  MacOSX12           MacOSX12.3
  macos-12   14.0.1  GCC 11.4.0  MacOSX12           MacOSX12.3
  macos-12   14.1    GCC 11.4.0  MacOSX12           MacOSX13.0  MISMATCH  FAIL 
   /Applications/Xcode_14.1.app/Contents/Developer/Platforms/MacOSX.platform/De
  veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be
  fore 'extern'
  macos-12  *14.2    GCC 11.4.0  MacOSX12           MacOSX13.1  MISMATCH  FAIL 
   /Applications/Xcode_14.2.app/Contents/Developer/Platforms/MacOSX.platform/De
  veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be
  fore 'extern'
  macos-13   14.1    GCC 11.4.0  MacOSX13           MacOSX13.0
  macos-13   14.2    GCC 11.4.0  MacOSX13           MacOSX13.1
  macos-13   14.3.1  GCC 11.4.0  MacOSX13           MacOSX13.3
  macos-13  *15.0.1  GCC 11.4.0  MacOSX13           MacOSX14.0  MISMATCH  FAIL 
   /Applications/Xcode_15.0.1.app/Contents/Developer/Platforms/MacOSX.platform/
  Developer/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown 
  type name 'dispatch_queue_t'
  macos-13   15.1    GCC 11.4.0  MacOSX13           MacOSX14.2  MISMATCH  FAIL 
   /Applications/Xcode_15.1.app/Contents/Developer/Platforms/MacOSX.platform/De
  veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown ty
  pe name 'dispatch_queue_t'
  macos-13   15.2    GCC 11.4.0  MacOSX13           MacOSX14.2  MISMATCH  FAIL 
   /Applications/Xcode_15.2.app/Contents/Developer/Platforms/MacOSX.platform/De
  veloper/SDKs/MacOSX.sdk/usr/include/dispatch/queue.h:103:1: error: unknown ty
  pe name 'dispatch_queue_t'
  macos-14   14.3.1  GCC 11.4.0  MacOSX14           MacOSX13.3  MISMATCH  FAIL 
   /Users/runner/work/curl/curl/bld/lib/curl_config.h:792:19: error: two or mor
  e data types in declaration specifiers
  macos-14  *15.0.1  GCC 11.4.0  MacOSX14           MacOSX14.0
  macos-14   15.1    GCC 11.4.0  MacOSX14           MacOSX14.2
  macos-14   15.2    GCC 11.4.0  MacOSX14           MacOSX14.2
  macos-14   15.3    GCC 11.4.0  MacOSX14           MacOSX14.4
  macos-14   15.4    GCC 11.4.0  MacOSX14           MacOSX14.5
  macos-14   16.0    GCC 11.4.0  MacOSX14           MacOSX15.0  MISMATCH  FAIL 
   /opt/homebrew/Cellar/gcc@11/11.4.0/lib/gcc/11/gcc/aarch64-apple-darwin23/11/
  include-fixed/stdio.h:83:8: error: unknown type name 'FILE'
  macos-12   13.1    GCC 12.4.0  MacOSX12           MacOSX12.0
  macos-12   13.2.1  GCC 12.4.0  MacOSX12           MacOSX12.1
  macos-12   13.3.1  GCC 12.4.0  MacOSX12           MacOSX12.3
  macos-12   13.4.1  GCC 12.4.0  MacOSX12           MacOSX12.3
  macos-12   14.0.1  GCC 12.4.0  MacOSX12           MacOSX12.3
  macos-12   14.1    GCC 12.4.0  MacOSX12           MacOSX13.0  MISMATCH  FAIL 
   /Applications/Xcode_14.1.app/Contents/Developer/Platforms/MacOSX.platform/De
  veloper/SDKs/MacOSX.sdk/usr/include/os/object.h:275:1: error: expected ';' be
  fore 'extern'
  macos-12  *14.2    GCC 12.4.0  MacOSX12           MacOSX13.1  MISMATCH  FAIL 
   /Applications/Xcode_14.2.app/Contents/Developer/Platforms/MacOSX.platform/De
