what people have been using for years already will start working in #curl 8.10.0: -vv, -vvv and -vvvv for more verbose logging.

Up until now, adding more vs did not do anything different.

https://github.com/curl/curl/pull/13977

PR by the awesome @icing

curl verbose option, repeated use by icing · Pull Request #13977 · curl/curl

make mentioning -vv on the curl command line increase the verbosity of the trace output related discussion Make '-vv..' useful (again) #13810 add trace group names for components: network, ...

^GitHub

Today is exactly five years since we did the first HTTP/3 transfers with #curl

My blog post from back then:

https://daniel.haxx.se/blog/2019/08/05/first-http-3-with-curl/

in the five days since the previous #curl release, we have merged 47 bugfixes and 9 new features

Busy days.

#curl's 265th command line option is called --skip-existing. Lets you completely skip a download if there is a local file present already.

https://github.com/curl/curl/pull/13993

curl: add --skip-existing by bagder · Pull Request #13993 · curl/curl

With this option, the entire download is skipped if the selected target filename already exists when the operation is about to begin. Also works fine with "globs". code documentation test cases...

^GitHub

#curl's 264th command line option is --dump-ca-embed, coming in 8.10.0.

Starting in this version, the tool can get built with an embedded CA cert store.To allow it to work better completely stand-alone.

This new flag writes that built-in store to stdout.

Starting now, #curl shows extended help for a given command line option if you write it after --h. Like "curl -h --location" or "curl -h -O"

Shipping in the pending curl 8.10.0 in mid September.

https://github.com/curl/curl/pull/13997

curl: --help [option] displays documentation for given cmdline option by bagder · Pull Request #13997 · curl/curl

The extracting of the help texts is still a little crude: because we typically have 270KB of text zlib compressed into a single blob, we have to scan for the text to show. The searching can be made...

^GitHub

I am inviting the #wcurl tool to get adopted by the #curl project.

https://curl.se/mail/archive-2024-08/0000.html

Watch @samueloph and the Debian curl maintainer team, discussing issues and the way forward at DebConf24:

https://saimei.ftp.acc.umu.se/pub/debian-meetings/2024/DebConf24/debconf24-472-curl-maintainers-bof.av1.webm

#curl #debian #debconf24

Unpopular opinion: Damn cool kids with their HTTPs 3 and QUICs and whatevers. HTTP/1.1 was good enough for everyone!

They're adding all that fancy stuff into the new #cURL version, and it causes #Transmission to crash. How am I going to seed all these Linux images now?!

https://github.com/transmission/transmission/issues/7035
https://github.com/curl/curl/issues/14344

#Gentoo

Starting with 8.9.1, SIGPIPE leaks in some cases · Issue #14344 · curl/curl

I did this After #14296, curl has started to leak SIGPIPE in some cases. I‘ve noticed this since the test suite I wrote for our in-house curl-wrapper now sometimes exits which SIGPIPE (I‘d say abou...

^GitHub

Bugfix rate in the #curl project is currently racing to an all-time high.

(yes, presumably this also means we insert more bugs as well as there need to be something to fix...)

The original #hackerone report for #curl's CVE-2024-7264: ASN.1 date parser overread is now published:

https://hackerone.com/reports/2629968

curl disclosed on HackerOne: CVE-2024-7264: ASN.1 date parser overread

## Summary: When a specially-crafted certificate is passed to `Curl_extract_certinfo` to parse, it may read bytes beyond the end of the buffer in which the certificate is held. According to the...

^HackerOne

Very fun working in the #curl project, btw. Excellent people there, good coop, good vibes.

Issue reporters in general are experienced people where turnarounds are fast. Getting back with logs and verifying solutions.

Nice.😌

I added a section to everything #curl about what we do to mitigate backdoor attempts:

https://everything.curl.dev/project/security.html#backdoors-and-supply-chain-risks

Did I forget anything obvious?

Starting now, #curl is also apparently the curl "enterprise" on #GitHub.The curl enterprise owns the curl organization which owns the curl repository. From which you can build the curl tool.

Clearly we need more curl.

Welcome Joe Birr-Pixton as #curl commit author 1289: https://github.com/curl/curl/pull/14317

(I deduped a few authors counted twice, so the count is a few less than previously)

Ensure all tests pass with rustls backend by ctz · Pull Request #14317 · curl/curl

The goal of this PR is to remove the rustls stanza in tests/data/DISABLED that skips some tests. That involves supporting CRLs -- we've had upstream support for a little while, but needs some plumb...

^GitHub

#curl 8.9.1 is here

28 bugfixes, including a low severity CVE - seven days since the previous release.

https://daniel.haxx.se/blog/2024/07/31/curl-8-9-1/

See you at 08:00 UTC for the live-stream

we got a new #curl security vulnerability reported *this morning*, and since we already had a patch release planned for tomorrow, well, we have worked like crazy through-out the day and the fix and the advisory and everything will be published tomorrow along with #curl 8.9.1

Never a dull moment in this factory.

I have this slide showing the 101(!) operating systems people have reported #curl to run on.

I now have a customer call scheduled about porting it to a 102nd...

#curl is just the hobby

https://daniel.haxx.se/blog/2024/04/22/curl-is-just-the-hobby/

I was nominated for the #Microsoft MVP program, but even though I am the main author of #curl that ships with #Windows since many years now, I barely know any "Microsoft technology" so I could not fill in the form without taking some... eh, "liberties".

I'm pretty confident they will just discard it and I will not be sorry.

In 2022 I became #curl's 1000th commit author and was congratulated as such until I had to confess to @bagder that I wasn't: I had used two distinct email addresses and was thus only the 999th.

The record (https://daniel.haxx.se/blog/2022/01/30/1000-commit-authors/) doesn't reflect this, but it is my #sundayConfession

According to @bagder the stubborn way the #OpenSSL project is handling #QUIC implementation is directly responsible for delaying HTTP/3 adoption (1), and I tend to agree. When the project rejected the community QUIC patches and decided to go with their own design, it wasn't difficult to predict problems. This was proven right by the massive feature gaps (2) and performance issues (3) discovered by @icing when trying to marry OpenSSL QUIC to #curl. Even with API fixes released in version 3.3 the implementation is still inferior, and there is no good solution in sight.

1) https://lwn.net/Articles/983380/
2) https://github.com/openssl/openssl/discussions/23339
3) https://github.com/icing/blog/blob/main/curl-h3-performance.md

blog/curl-h3-performance.md at main · icing/blog

Contribute to icing/blog development by creating an account on GitHub.

^GitHub

Changelog changes on the #curl website:

https://daniel.haxx.se/blog/2024/07/24/changelog-changes/

Starting now, the #curl website offers changelog listings per-release. https://curl.se/ch/ always shows the latest release.

Old links still work of course and the old "all changes in a single page" will remain.