more #curl help

Get documentation for a specific option with curl -h

[option]daniel.haxx.se/blog/2024/08/09…

#curl welcomes #wcurl to the team

daniel.haxx.se/blog/2024/08/08…

@markuswerle @jakob @pluralistic This is how I interpret the situation: #GitHub offers open source programs free access to GitHub actions today exactly as it did in the past. This access is limited in CPU performance and parallelism. It always was. All free CI services do this.

The #curl project was bumped to a fancier account to give us more actions powers: more CPU and more parallelism.

That is them doing us a favor and them supporting us, not the other way around.

with this knowledge we are pondering what we can to do make things less annoying for #curl on Windows.

What now takes a few milliseconds on my Linux machine, takes several seconds on Windows. Not ideal.

what people have been using for years already will start working in #curl 8.10.0: -vv, -vvv and -vvvv for more verbose logging.

Up until now, adding more vs did not do anything different.

github.com/curl/curl/pull/1397…

PR by the awesome @icing

curl verbose option, repeated use by icing · Pull Request #13977 · curl/curl

make mentioning -v on the curl command line increase the verbosity of the trace output related discussion #13810 add trace group names for components: network, protocol, proxy. Usable in --trace-co...

^GitHub

Today is exactly five years since we did the first HTTP/3 transfers with #curl

My blog post from back then:

daniel.haxx.se/blog/2019/08/05…

#curl's 265th command line option is called --skip-existing. Lets you completely skip a download if there is a local file present already.

github.com/curl/curl/pull/1399…

curl: add --skip-existing by bagder · Pull Request #13993 · curl/curl

With this option, the entire download is skipped if the selected target filename already exists when the operation is about to begin. Also works fine with "globs". code documentation test cases...

^GitHub

Starting now, #curl shows extended help for a given command line option if you write it after --h. Like "curl -h --location" or "curl -h -O"

Shipping in the pending curl 8.10.0 in mid September.

github.com/curl/curl/pull/1399…

curl: --help [option] displays documentation for given cmdline option by bagder · Pull Request #13997 · curl/curl

First shot. The extracting of the help texts is still a little crude: because we typically have 270KB of text zlib compressed into a single blob, we have to scan for the text to show. As of now, I ...

^GitHub

I am inviting the #wcurl tool to get adopted by the #curl project.

curl.se/mail/archive-2024-08/0…

Watch @samueloph and the Debian curl maintainer team, discussing issues and the way forward at DebConf24:

saimei.ftp.acc.umu.se/pub/debi…

#curl #debian #debconf24

Unpopular opinion: Damn cool kids with their HTTPs 3 and QUICs and whatevers. HTTP/1.1 was good enough for everyone!

They're adding all that fancy stuff into the new #cURL version, and it causes #Transmission to crash. How am I going to seed all these Linux images now?!

github.com/transmission/transm…
github.com/curl/curl/issues/14…

#Gentoo

Starting with 8.9.1, SIGPIPE leaks in some cases · Issue #14344 · curl/curl

I did this After #14296, curl has started to leak SIGPIPE in some cases. I‘ve noticed this since the test suite I wrote for our in-house curl-wrapper now sometimes exits which SIGPIPE (I‘d say abou...

^GitHub

Bugfix rate in the #curl project is currently racing to an all-time high.

(yes, presumably this also means we insert more bugs as well as there need to be something to fix...)

The original #hackerone report for #curl's CVE-2024-7264: ASN.1 date parser overread is now published:

hackerone.com/reports/2629968

curl disclosed on HackerOne: CVE-2024-7264: ASN.1 date parser overread

## Summary: When a specially-crafted certificate is passed to `Curl_extract_certinfo` to parse, it may read bytes beyond the end of the buffer in which the certificate is held. According to the...

^HackerOne

I added a section to everything #curl about what we do to mitigate backdoor attempts:

everything.curl.dev/project/se…

Did I forget anything obvious?

Welcome Joe Birr-Pixton as #curl commit author 1289: github.com/curl/curl/pull/1431…

(I deduped a few authors counted twice, so the count is a few less than previously)

Ensure all tests pass with rustls backend by ctz · Pull Request #14317 · curl/curl

The goal of this PR is to remove the rustls stanza in tests/data/DISABLED that skips some tests. That involves supporting CRLs -- we've had upstream support for a little while, but needs some plumb...

^GitHub

#curl 8.9.1 is here

28 bugfixes, including a low severity CVE - seven days since the previous release.

daniel.haxx.se/blog/2024/07/31…

See you at 08:00 UTC for the live-stream

I have this slide showing the 101(!) operating systems people have reported #curl to run on.

I now have a customer call scheduled about porting it to a 102nd...

In 2022 I became #curl's 1000th commit author and was congratulated as such until I had to confess to @bagder that I wasn't: I had used two distinct email addresses and was thus only the 999th.

The record (daniel.haxx.se/blog/2022/01/30…) doesn't reflect this, but it is my #sundayConfession

According to @bagder the stubborn way the #OpenSSL project is handling #QUIC implementation is directly responsible for delaying HTTP/3 adoption (1), and I tend to agree. When the project rejected the community QUIC patches and decided to go with their own design, it wasn't difficult to predict problems. This was proven right by the massive feature gaps (2) and performance issues (3) discovered by @icing when trying to marry OpenSSL QUIC to #curl. Even with API fixes released in version 3.3 the implementation is still inferior, and there is no good solution in sight.

1) lwn.net/Articles/983380/
2) github.com/openssl/openssl/dis…
3) github.com/icing/blog/blob/mai…

blog/curl-h3-performance.md at main · icing/blog

Contribute to icing/blog development by creating an account on GitHub.

^GitHub

Changelog changes on the #curl website:

daniel.haxx.se/blog/2024/07/24…

Starting now, the #curl website offers changelog listings per-release. curl.se/ch/ always shows the latest release.

Old links still work of course and the old "all changes in a single page" will remain.

#curl 8.9.0 is out: daniel.haxx.se/blog/2024/07/24…

2 CVEs fixed
11 changes
260 bugfixes

by 80 contributors, out of which 47 authored commits

in 63 days since the previous release

A short story of a question turned into a new pending #curl feature:

github.com/curl/curl/discussio…

How to Request rate limiting with fraction/custom time unit? · curl curl · Discussion #14242

I naively tested to rate limit curl with --rate 5/10s but complained with following message: curl: unsupported --rate unit curl: conf:1: '--rate' is badly used here curl: cannot read config from 'c...

^GitHub

On this day twenty-six years ago I released #curl 4.7

It does not make be feel old at all. 😁

curl.se/changes.html#4_7