From 8bf7f9e1ff7a5c2138a0a707bf86bacc5feefd3e Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Wed, 23 Oct 2024 00:45:49 +0000 Subject: [PATCH 01/12] git-curl-compat: remove check for curl 7.21.5 libcurl 7.21.5 was released in April 2011, which is well over ten years ago, and no major operating system vendor is still providing security support for it. Debian 7, RHEL 7, and Ubuntu 12.04, all of which are out of mainstream security support, have all supported a newer version. Remove the check for this version and use this functionality unconditionally. Signed-off-by: brian m. carlson Signed-off-by: Taylor Blau --- git-curl-compat.h | 7 ------- 1 file changed, 7 deletions(-) diff --git a/git-curl-compat.h b/git-curl-compat.h index e1d0bdd273..c24ed686c1 100644 --- a/git-curl-compat.h +++ b/git-curl-compat.h @@ -28,13 +28,6 @@ * introduced, oldest first, in the official version of cURL library. */ -/** - * CURL_SOCKOPT_OK was added in 7.21.5, released in April 2011. - */ -#if LIBCURL_VERSION_NUM < 0x071505 -#define CURL_SOCKOPT_OK 0 -#endif - /** * CURLOPT_TCP_KEEPALIVE was added in 7.25.0, released in March 2012. */ From f7c094060c40256c21ee46005b6062a69d71886e Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Wed, 23 Oct 2024 00:45:50 +0000 Subject: [PATCH 02/12] git-curl-compat: remove check for curl 7.25.0 libcurl 7.25.0 was released in March 2012, which is well over ten years ago, and no major operating system vendor is still providing security support for it. Debian 8, RHEL 7, and Ubuntu 12.10, all of which are out of mainstream security support, have all supported a newer version. Remove the check for this version and use this functionality unconditionally. Signed-off-by: brian m. carlson Signed-off-by: Taylor Blau --- git-curl-compat.h | 8 -------- http.c | 24 ------------------------ 2 files changed, 32 deletions(-) diff --git a/git-curl-compat.h b/git-curl-compat.h index c24ed686c1..9100af027f 100644 --- a/git-curl-compat.h +++ b/git-curl-compat.h @@ -28,14 +28,6 @@ * introduced, oldest first, in the official version of cURL library. */ -/** - * CURLOPT_TCP_KEEPALIVE was added in 7.25.0, released in March 2012. - */ -#if LIBCURL_VERSION_NUM >= 0x071900 -#define GITCURL_HAVE_CURLOPT_TCP_KEEPALIVE 1 -#endif - - /** * CURLOPT_LOGIN_OPTIONS was added in 7.34.0, released in December * 2013. diff --git a/http.c b/http.c index d59e59f66b..633bbf74ee 100644 --- a/http.c +++ b/http.c @@ -716,35 +716,11 @@ static int has_proxy_cert_password(void) } #endif -#ifdef GITCURL_HAVE_CURLOPT_TCP_KEEPALIVE static void set_curl_keepalive(CURL *c) { curl_easy_setopt(c, CURLOPT_TCP_KEEPALIVE, 1); } -#else -static int sockopt_callback(void *client, curl_socket_t fd, curlsocktype type) -{ - int ka = 1; - int rc; - socklen_t len = (socklen_t)sizeof(ka); - - if (type != CURLSOCKTYPE_IPCXN) - return 0; - - rc = setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&ka, len); - if (rc < 0) - warning_errno("unable to set SO_KEEPALIVE on socket"); - - return CURL_SOCKOPT_OK; -} - -static void set_curl_keepalive(CURL *c) -{ - curl_easy_setopt(c, CURLOPT_SOCKOPTFUNCTION, sockopt_callback); -} -#endif - /* Return 1 if redactions have been made, 0 otherwise. */ static int redact_sensitive_header(struct strbuf *header, size_t offset) { From 6545b26eebeccd08a13ec449bd4e665f6ae090d6 Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Wed, 23 Oct 2024 00:45:51 +0000 Subject: [PATCH 03/12] git-curl-compat: remove check for curl 7.34.0 libcurl 7.34.0 was released in December 2013, which is well over ten years ago, and no major operating system vendor is still providing security support for it. Debian 8 and Ubuntu 14.04, both of which are out of mainstream security support, have supported a newer version, and RHEL 8, which is still in support, also has a newer version. Remove the check for this version and use this functionality unconditionally. Signed-off-by: brian m. carlson Signed-off-by: Taylor Blau --- git-curl-compat.h | 22 ---------------------- http.c | 2 -- imap-send.c | 4 ---- 3 files changed, 28 deletions(-) diff --git a/git-curl-compat.h b/git-curl-compat.h index 9100af027f..21306fa88f 100644 --- a/git-curl-compat.h +++ b/git-curl-compat.h @@ -28,28 +28,6 @@ * introduced, oldest first, in the official version of cURL library. */ -/** - * CURLOPT_LOGIN_OPTIONS was added in 7.34.0, released in December - * 2013. - * - * If we start requiring 7.34.0 we might also be able to remove the - * code conditional on USE_CURL_FOR_IMAP_SEND in imap-send.c, see - * 1e16b255b95 (git-imap-send: use libcurl for implementation, - * 2014-11-09) and the check it added for "072200" in the Makefile. - - */ -#if LIBCURL_VERSION_NUM >= 0x072200 -#define GIT_CURL_HAVE_CURLOPT_LOGIN_OPTIONS 1 -#endif - -/** - * CURL_SSLVERSION_TLSv1_[012] was added in 7.34.0, released in - * December 2013. - */ -#if LIBCURL_VERSION_NUM >= 0x072200 -#define GIT_CURL_HAVE_CURL_SSLVERSION_TLSv1_0 -#endif - /** * CURLOPT_PINNEDPUBLICKEY was added in 7.39.0, released in November * 2014. CURLE_SSL_PINNEDPUBKEYNOTMATCH was added in that same version. diff --git a/http.c b/http.c index 633bbf74ee..ac4b98baa0 100644 --- a/http.c +++ b/http.c @@ -52,11 +52,9 @@ static struct { { "sslv2", CURL_SSLVERSION_SSLv2 }, { "sslv3", CURL_SSLVERSION_SSLv3 }, { "tlsv1", CURL_SSLVERSION_TLSv1 }, -#ifdef GIT_CURL_HAVE_CURL_SSLVERSION_TLSv1_0 { "tlsv1.0", CURL_SSLVERSION_TLSv1_0 }, { "tlsv1.1", CURL_SSLVERSION_TLSv1_1 }, { "tlsv1.2", CURL_SSLVERSION_TLSv1_2 }, -#endif #ifdef GIT_CURL_HAVE_CURL_SSLVERSION_TLSv1_3 { "tlsv1.3", CURL_SSLVERSION_TLSv1_3 }, #endif diff --git a/imap-send.c b/imap-send.c index ec68a06687..954cc9be65 100644 --- a/imap-send.c +++ b/imap-send.c @@ -1417,15 +1417,11 @@ static CURL *setup_curl(struct imap_server_conf *srvc, struct credential *cred) curl_easy_setopt(curl, CURLOPT_PORT, srvc->port); if (srvc->auth_method) { -#ifndef GIT_CURL_HAVE_CURLOPT_LOGIN_OPTIONS - warning("No LOGIN_OPTIONS support in this cURL version"); -#else struct strbuf auth = STRBUF_INIT; strbuf_addstr(&auth, "AUTH="); strbuf_addstr(&auth, srvc->auth_method); curl_easy_setopt(curl, CURLOPT_LOGIN_OPTIONS, auth.buf); strbuf_release(&auth); -#endif } if (!srvc->use_ssl) From 05dd4ec507f022462125afb1af3c8b42861dcdc5 Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Wed, 23 Oct 2024 00:45:52 +0000 Subject: [PATCH 04/12] git-curl-compat: remove check for curl 7.39.0 libcurl 7.39.0 was released in November 2014, which is almost ten years ago, and no major operating system vendor is still providing security support for it. Debian 9 and Ubuntu 16.04, both of which are out of mainstream security support, have supported a newer version, and RHEL 8, which is still in support, also has a newer version. Remove the check for this version and use this functionality unconditionally. Signed-off-by: brian m. carlson Signed-off-by: Taylor Blau --- git-curl-compat.h | 9 --------- http.c | 11 ----------- 2 files changed, 20 deletions(-) diff --git a/git-curl-compat.h b/git-curl-compat.h index 21306fa88f..b301ef154c 100644 --- a/git-curl-compat.h +++ b/git-curl-compat.h @@ -28,15 +28,6 @@ * introduced, oldest first, in the official version of cURL library. */ -/** - * CURLOPT_PINNEDPUBLICKEY was added in 7.39.0, released in November - * 2014. CURLE_SSL_PINNEDPUBKEYNOTMATCH was added in that same version. - */ -#if LIBCURL_VERSION_NUM >= 0x072c00 -#define GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY 1 -#define GIT_CURL_HAVE_CURLE_SSL_PINNEDPUBKEYNOTMATCH 1 -#endif - /** * CURL_HTTP_VERSION_2 was added in 7.43.0, released in June 2015. * diff --git a/http.c b/http.c index ac4b98baa0..cdef059090 100644 --- a/http.c +++ b/http.c @@ -63,9 +63,7 @@ static char *ssl_key; static char *ssl_key_type; static char *ssl_capath; static char *curl_no_proxy; -#ifdef GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY static char *ssl_pinnedkey; -#endif static char *ssl_cainfo; static long curl_low_speed_limit = -1; static long curl_low_speed_time = -1; @@ -509,12 +507,7 @@ static int http_options(const char *var, const char *value, } if (!strcmp("http.pinnedpubkey", var)) { -#ifdef GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY return git_config_pathname(&ssl_pinnedkey, var, value); -#else - warning(_("Public key pinning not supported with cURL < 7.39.0")); - return 0; -#endif } if (!strcmp("http.extraheader", var)) { @@ -1104,10 +1097,8 @@ static CURL *get_curl_handle(void) curl_easy_setopt(result, CURLOPT_SSLKEYTYPE, ssl_key_type); if (ssl_capath) curl_easy_setopt(result, CURLOPT_CAPATH, ssl_capath); -#ifdef GIT_CURL_HAVE_CURLOPT_PINNEDPUBLICKEY if (ssl_pinnedkey) curl_easy_setopt(result, CURLOPT_PINNEDPUBLICKEY, ssl_pinnedkey); -#endif if (http_ssl_backend && !strcmp("schannel", http_ssl_backend) && !http_schannel_use_ssl_cainfo) { curl_easy_setopt(result, CURLOPT_CAINFO, NULL); @@ -1825,10 +1816,8 @@ static int handle_curl_result(struct slot_results *results) */ credential_reject(&cert_auth); return HTTP_NOAUTH; -#ifdef GIT_CURL_HAVE_CURLE_SSL_PINNEDPUBKEYNOTMATCH } else if (results->curl_result == CURLE_SSL_PINNEDPUBKEYNOTMATCH) { return HTTP_NOMATCHPUBLICKEY; -#endif } else if (missing_target(results)) return HTTP_MISSING_TARGET; else if (results->http_code == 401) { From f47a1faa9bd147048bf5d9d93a043e9a438d30d0 Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Wed, 23 Oct 2024 00:45:53 +0000 Subject: [PATCH 05/12] git-curl-compat: remove check for curl 7.43.0 libcurl 7.43.0 was released in June 2015, which is over nine years ago, and no major operating system vendor is still providing security support for it. Debian 9 and Ubuntu 16.04, both of which are out of mainstream security support, have supported a newer version, and RHEL 8, which is still in support, also has a newer version. Remove the check for this version and use this functionality unconditionally. Signed-off-by: brian m. carlson Signed-off-by: Taylor Blau --- git-curl-compat.h | 11 ----------- http.c | 5 ----- 2 files changed, 16 deletions(-) diff --git a/git-curl-compat.h b/git-curl-compat.h index b301ef154c..cd970e34d6 100644 --- a/git-curl-compat.h +++ b/git-curl-compat.h @@ -28,17 +28,6 @@ * introduced, oldest first, in the official version of cURL library. */ -/** - * CURL_HTTP_VERSION_2 was added in 7.43.0, released in June 2015. - * - * The CURL_HTTP_VERSION_2 alias (but not CURL_HTTP_VERSION_2_0) has - * always been a macro, not an enum field (checked on curl version - * 7.78.0) - */ -#if LIBCURL_VERSION_NUM >= 0x072b00 -#define GIT_CURL_HAVE_CURL_HTTP_VERSION_2 1 -#endif - /** * CURLSSLOPT_NO_REVOKE was added in 7.44.0, released in August 2015. * diff --git a/http.c b/http.c index cdef059090..945df9a628 100644 --- a/http.c +++ b/http.c @@ -980,7 +980,6 @@ static long get_curl_allowed_protocols(int from_user, struct strbuf *list) return bits; } -#ifdef GIT_CURL_HAVE_CURL_HTTP_VERSION_2 static int get_curl_http_version_opt(const char *version_string, long *opt) { int i; @@ -1003,8 +1002,6 @@ static int get_curl_http_version_opt(const char *version_string, long *opt) return -1; /* not found */ } -#endif - static CURL *get_curl_handle(void) { CURL *result = curl_easy_init(); @@ -1022,7 +1019,6 @@ static CURL *get_curl_handle(void) curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2); } -#ifdef GIT_CURL_HAVE_CURL_HTTP_VERSION_2 if (curl_http_version) { long opt; if (!get_curl_http_version_opt(curl_http_version, &opt)) { @@ -1030,7 +1026,6 @@ static CURL *get_curl_handle(void) curl_easy_setopt(result, CURLOPT_HTTP_VERSION, opt); } } -#endif curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL); curl_easy_setopt(result, CURLOPT_HTTPAUTH, CURLAUTH_ANY); From 5c91da6d5b9ba973968221e6885a3da279284e44 Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Wed, 23 Oct 2024 00:45:54 +0000 Subject: [PATCH 06/12] git-curl-compat: remove check for curl 7.44.0 libcurl 7.44.0 was released in August 2015, which is over nine years ago, and no major operating system vendor is still providing security support for it. Debian 9 and Ubuntu 16.04, both of which are out of mainstream security support, have supported a newer version, and RHEL 8, which is still in support, also has a newer version. Remove the check for this version and use this functionality unconditionally. Signed-off-by: brian m. carlson Signed-off-by: Taylor Blau --- git-curl-compat.h | 10 ---------- http.c | 4 ---- 2 files changed, 14 deletions(-) diff --git a/git-curl-compat.h b/git-curl-compat.h index cd970e34d6..6b05d70d42 100644 --- a/git-curl-compat.h +++ b/git-curl-compat.h @@ -28,16 +28,6 @@ * introduced, oldest first, in the official version of cURL library. */ -/** - * CURLSSLOPT_NO_REVOKE was added in 7.44.0, released in August 2015. - * - * The CURLSSLOPT_NO_REVOKE is, has always been a macro, not an enum - * field (checked on curl version 7.78.0) - */ -#if LIBCURL_VERSION_NUM >= 0x072c00 -#define GIT_CURL_HAVE_CURLSSLOPT_NO_REVOKE 1 -#endif - /** * CURLOPT_PROXY_CAINFO was added in 7.52.0, released in August 2017. */ diff --git a/http.c b/http.c index 945df9a628..bdf8bf7b59 100644 --- a/http.c +++ b/http.c @@ -1048,11 +1048,7 @@ static CURL *get_curl_handle(void) if (http_ssl_backend && !strcmp("schannel", http_ssl_backend) && !http_schannel_check_revoke) { -#ifdef GIT_CURL_HAVE_CURLSSLOPT_NO_REVOKE curl_easy_setopt(result, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NO_REVOKE); -#else - warning(_("CURLSSLOPT_NO_REVOKE not supported with cURL < 7.44.0")); -#endif } if (http_proactive_auth != PROACTIVE_AUTH_NONE) From 17de6fd83b03f52a1fcc95cf335f2a704e61df53 Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Wed, 23 Oct 2024 00:45:55 +0000 Subject: [PATCH 07/12] git-curl-compat: remove check for curl 7.52.0 libcurl 7.52.0 was released in August 2017, which is over seven years ago, and no major operating system vendor is still providing security support for it. Debian 9 and Ubuntu 18.04, both of which are out of mainstream security support, have supported a newer version, and RHEL 8, which is still in support, also has a newer version. Remove the check for this version and use this functionality unconditionally. Signed-off-by: brian m. carlson Signed-off-by: Taylor Blau --- git-curl-compat.h | 15 --------------- http.c | 8 -------- 2 files changed, 23 deletions(-) diff --git a/git-curl-compat.h b/git-curl-compat.h index 6b05d70d42..edee8f2ba0 100644 --- a/git-curl-compat.h +++ b/git-curl-compat.h @@ -28,21 +28,6 @@ * introduced, oldest first, in the official version of cURL library. */ -/** - * CURLOPT_PROXY_CAINFO was added in 7.52.0, released in August 2017. - */ -#if LIBCURL_VERSION_NUM >= 0x073400 -#define GIT_CURL_HAVE_CURLOPT_PROXY_CAINFO 1 -#endif - -/** - * CURLOPT_PROXY_{KEYPASSWD,SSLCERT,SSLKEY} was added in 7.52.0, - * released in August 2017. - */ -#if LIBCURL_VERSION_NUM >= 0x073400 -#define GIT_CURL_HAVE_CURLOPT_PROXY_KEYPASSWD 1 -#endif - /** * CURL_SSLVERSION_TLSv1_3 was added in 7.53.0, released in February * 2017. diff --git a/http.c b/http.c index bdf8bf7b59..24764f1272 100644 --- a/http.c +++ b/http.c @@ -691,7 +691,6 @@ static int has_cert_password(void) return 1; } -#ifdef GIT_CURL_HAVE_CURLOPT_PROXY_KEYPASSWD static int has_proxy_cert_password(void) { if (http_proxy_ssl_cert == NULL || proxy_ssl_cert_password_required != 1) @@ -705,7 +704,6 @@ static int has_proxy_cert_password(void) } return 1; } -#endif static void set_curl_keepalive(CURL *c) { @@ -1093,16 +1091,12 @@ static CURL *get_curl_handle(void) if (http_ssl_backend && !strcmp("schannel", http_ssl_backend) && !http_schannel_use_ssl_cainfo) { curl_easy_setopt(result, CURLOPT_CAINFO, NULL); -#ifdef GIT_CURL_HAVE_CURLOPT_PROXY_CAINFO curl_easy_setopt(result, CURLOPT_PROXY_CAINFO, NULL); -#endif } else if (ssl_cainfo != NULL || http_proxy_ssl_ca_info != NULL) { if (ssl_cainfo) curl_easy_setopt(result, CURLOPT_CAINFO, ssl_cainfo); -#ifdef GIT_CURL_HAVE_CURLOPT_PROXY_CAINFO if (http_proxy_ssl_ca_info) curl_easy_setopt(result, CURLOPT_PROXY_CAINFO, http_proxy_ssl_ca_info); -#endif } if (curl_low_speed_limit > 0 && curl_low_speed_time > 0) { @@ -1198,7 +1192,6 @@ static CURL *get_curl_handle(void) else if (starts_with(curl_http_proxy, "socks")) curl_easy_setopt(result, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4); -#ifdef GIT_CURL_HAVE_CURLOPT_PROXY_KEYPASSWD else if (starts_with(curl_http_proxy, "https")) { curl_easy_setopt(result, CURLOPT_PROXYTYPE, CURLPROXY_HTTPS); @@ -1211,7 +1204,6 @@ static CURL *get_curl_handle(void) if (has_proxy_cert_password()) curl_easy_setopt(result, CURLOPT_PROXY_KEYPASSWD, proxy_cert_auth.password); } -#endif if (strstr(curl_http_proxy, "://")) credential_from_url(&proxy_auth, curl_http_proxy); else { From d2f078c341cdbb17282f37afd97ab1a1a89ec11d Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Wed, 23 Oct 2024 00:45:56 +0000 Subject: [PATCH 08/12] git-curl-compat: remove check for curl 7.53.0 libcurl 7.53.0 was released in February 2017, which is over seven years ago, and no major operating system vendor is still providing security support for it. Debian 10 and Ubuntu 18.04, both of which are out of mainstream security support, have supported a newer version, and RHEL 8, which is still in support, also has a newer version. Remove the check for this version and use this functionality unconditionally. Signed-off-by: brian m. carlson Signed-off-by: Taylor Blau --- git-curl-compat.h | 8 -------- http.c | 2 -- 2 files changed, 10 deletions(-) diff --git a/git-curl-compat.h b/git-curl-compat.h index edee8f2ba0..65ba1ee0f8 100644 --- a/git-curl-compat.h +++ b/git-curl-compat.h @@ -28,14 +28,6 @@ * introduced, oldest first, in the official version of cURL library. */ -/** - * CURL_SSLVERSION_TLSv1_3 was added in 7.53.0, released in February - * 2017. - */ -#if LIBCURL_VERSION_NUM >= 0x073400 -#define GIT_CURL_HAVE_CURL_SSLVERSION_TLSv1_3 1 -#endif - /** * CURLSSLSET_{NO_BACKENDS,OK,TOO_LATE,UNKNOWN_BACKEND} were added in * 7.56.0, released in September 2017. diff --git a/http.c b/http.c index 24764f1272..c5fdf1cd4c 100644 --- a/http.c +++ b/http.c @@ -55,9 +55,7 @@ static struct { { "tlsv1.0", CURL_SSLVERSION_TLSv1_0 }, { "tlsv1.1", CURL_SSLVERSION_TLSv1_1 }, { "tlsv1.2", CURL_SSLVERSION_TLSv1_2 }, -#ifdef GIT_CURL_HAVE_CURL_SSLVERSION_TLSv1_3 { "tlsv1.3", CURL_SSLVERSION_TLSv1_3 }, -#endif }; static char *ssl_key; static char *ssl_key_type; From 603cf3e9421e093034d0f0933b3375159afc3c17 Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Wed, 23 Oct 2024 00:45:57 +0000 Subject: [PATCH 09/12] git-curl-compat: remove check for curl 7.56.0 libcurl 7.56.0 was released in September 2017, which is over seven years ago, and no major operating system vendor is still providing security support for it. Debian 10, which is out of mainstream security support, has supported a newer version, and Ubuntu 20.04 and RHEL 8, which are still in support, also have a newer version. Remove the check for this version and use this functionality unconditionally. Signed-off-by: brian m. carlson Signed-off-by: Taylor Blau --- git-curl-compat.h | 8 -------- http.c | 2 -- 2 files changed, 10 deletions(-) diff --git a/git-curl-compat.h b/git-curl-compat.h index 65ba1ee0f8..703756ba85 100644 --- a/git-curl-compat.h +++ b/git-curl-compat.h @@ -28,14 +28,6 @@ * introduced, oldest first, in the official version of cURL library. */ -/** - * CURLSSLSET_{NO_BACKENDS,OK,TOO_LATE,UNKNOWN_BACKEND} were added in - * 7.56.0, released in September 2017. - */ -#if LIBCURL_VERSION_NUM >= 0x073800 -#define GIT_CURL_HAVE_CURLSSLSET_NO_BACKENDS -#endif - /** * Versions before curl 7.66.0 (September 2019) required manually setting the * transfer-encoding for a streaming POST; after that this is handled diff --git a/http.c b/http.c index c5fdf1cd4c..4d59f11ad2 100644 --- a/http.c +++ b/http.c @@ -1275,7 +1275,6 @@ void http_init(struct remote *remote, const char *url, int proactive_auth) free(normalized_url); string_list_clear(&config.vars, 1); -#ifdef GIT_CURL_HAVE_CURLSSLSET_NO_BACKENDS if (http_ssl_backend) { const curl_ssl_backend **backends; struct strbuf buf = STRBUF_INIT; @@ -1300,7 +1299,6 @@ void http_init(struct remote *remote, const char *url, int proactive_auth) break; /* Okay! */ } } -#endif if (curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) die("curl_global_init failed"); From 7bae4e7f581a2f7d02d3a88391a228da2a16fda2 Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Wed, 23 Oct 2024 00:45:58 +0000 Subject: [PATCH 10/12] INSTALL: document requirement for libcurl 7.61.0 Our platform support policy states that we require "versions of dependencies which are generally accepted as stable and supportable, e.g., in line with the version used by other long-term-support distributions". Of Debian, Ubuntu, and RHEL, the three most common distributions that provide LTS versions, the version with mainstream long-term security support with the oldest libcurl is 7.61.0 in RHEL 8. Update the documentation to state that this is the new base version for libcurl. Remove text that is no longer applicable to older versions. Signed-off-by: brian m. carlson Signed-off-by: Taylor Blau --- INSTALL | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/INSTALL b/INSTALL index 2a46d04592..6e0321ff0e 100644 --- a/INSTALL +++ b/INSTALL @@ -129,17 +129,12 @@ Issues of note: itself, e.g. Digest::MD5, File::Spec, File::Temp, Net::Domain, Net::SMTP, and Time::HiRes. - - git-imap-send needs the OpenSSL library to talk IMAP over SSL if - you are using libcurl older than 7.34.0. Otherwise you can use - NO_OPENSSL without losing git-imap-send. - - "libcurl" library is used for fetching and pushing repositories over http:// or https://, as well as by - git-imap-send if the curl version is >= 7.34.0. If you do - not need that functionality, use NO_CURL to build without - it. + git-imap-send. If you do not need that functionality, + use NO_CURL to build without it. - Git requires version "7.21.3" or later of "libcurl" to build + Git requires version "7.61.0" or later of "libcurl" to build without NO_CURL. This version requirement may be bumped in the future. From 702d8c1f3b5377a64670b0f22add157b0bfc33dd Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Wed, 23 Oct 2024 00:45:59 +0000 Subject: [PATCH 11/12] Require Perl 5.26.0 Our platform support policy states that we require "versions of dependencies which are generally accepted as stable and supportable, e.g., in line with the version used by other long-term-support distributions". Of Debian, Ubuntu, RHEL, and SLES, the four most common distributions that provide LTS versions, the version with mainstream long-term security support with the oldest Perl is 5.26.0 in SLES 15.6. This is a major upgrade, since Perl 5.8.1, according to the Perl documentation, was released in September of 2003. It brings a lot of new features that we can choose to use, such as s///r to return the modified string, the postderef functionality, and subroutine signatures, although the latter was still considered experimental until 5.36. This change was made with the following one-liner, which intentionally excludes modifying the vendored modules we include to avoid conflicts: git grep -l 'use 5.008001' | grep -v 'LoadCPAN/' | xargs perl -pi -e 's/use 5.008001/require v5.26/' Use require instead of use to avoid changing the behavior as the latter enables features and the former does not. Signed-off-by: brian m. carlson Signed-off-by: Taylor Blau --- INSTALL | 2 +- contrib/diff-highlight/DiffHighlight.pm | 2 +- contrib/mw-to-git/Git/Mediawiki.pm | 2 +- git-archimport.perl | 2 +- git-cvsexportcommit.perl | 2 +- git-cvsimport.perl | 2 +- git-cvsserver.perl | 2 +- git-send-email.perl | 2 +- git-svn.perl | 2 +- gitweb/gitweb.perl | 2 +- perl/Git.pm | 2 +- perl/Git/I18N.pm | 2 +- perl/Git/LoadCPAN.pm | 2 +- perl/Git/Packet.pm | 2 +- t/t0202/test.pl | 2 +- t/t5562/invoke-with-content-length.pl | 2 +- t/t9700/test.pl | 2 +- t/test-terminal.perl | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) diff --git a/INSTALL b/INSTALL index 6e0321ff0e..54d7528f9e 100644 --- a/INSTALL +++ b/INSTALL @@ -119,7 +119,7 @@ Issues of note: - A POSIX-compliant shell is required to run some scripts needed for everyday use (e.g. "bisect", "request-pull"). - - "Perl" version 5.8.1 or later is needed to use some of the + - "Perl" version 5.26.0 or later is needed to use some of the features (e.g. sending patches using "git send-email", interacting with svn repositories with "git svn"). If you can live without these, use NO_PERL. Note that recent releases of diff --git a/contrib/diff-highlight/DiffHighlight.pm b/contrib/diff-highlight/DiffHighlight.pm index 636add6968..3d061bc0b7 100644 --- a/contrib/diff-highlight/DiffHighlight.pm +++ b/contrib/diff-highlight/DiffHighlight.pm @@ -1,6 +1,6 @@ package DiffHighlight; -use 5.008001; +require v5.26; use warnings FATAL => 'all'; use strict; diff --git a/contrib/mw-to-git/Git/Mediawiki.pm b/contrib/mw-to-git/Git/Mediawiki.pm index ff7811225e..629c0cea44 100644 --- a/contrib/mw-to-git/Git/Mediawiki.pm +++ b/contrib/mw-to-git/Git/Mediawiki.pm @@ -1,6 +1,6 @@ package Git::Mediawiki; -use 5.008001; +require v5.26; use strict; use POSIX; use Git; diff --git a/git-archimport.perl b/git-archimport.perl index f5a317b899..6d0169cb6a 100755 --- a/git-archimport.perl +++ b/git-archimport.perl @@ -54,7 +54,7 @@ and can contain multiple, unrelated branches. =cut -use 5.008001; +require v5.26; use strict; use warnings; use Getopt::Std; diff --git a/git-cvsexportcommit.perl b/git-cvsexportcommit.perl index 1e03ba94d1..edf02f9964 100755 --- a/git-cvsexportcommit.perl +++ b/git-cvsexportcommit.perl @@ -1,6 +1,6 @@ #!/usr/bin/perl -use 5.008001; +require v5.26; use strict; use warnings; use Getopt::Std; diff --git a/git-cvsimport.perl b/git-cvsimport.perl index 211ec8459a..e10ad5334e 100755 --- a/git-cvsimport.perl +++ b/git-cvsimport.perl @@ -13,7 +13,7 @@ # The head revision is on branch "origin" by default. # You can change that with the '-o' option. -use 5.008001; +require v5.26; use strict; use warnings; use Getopt::Long; diff --git a/git-cvsserver.perl b/git-cvsserver.perl index 124f598bdc..a4ad9a5d2d 100755 --- a/git-cvsserver.perl +++ b/git-cvsserver.perl @@ -15,7 +15,7 @@ #### #### -use 5.008001; +require v5.26; use strict; use warnings; use bytes; diff --git a/git-send-email.perl b/git-send-email.perl index c835d4c11a..c4d12bebc8 100755 --- a/git-send-email.perl +++ b/git-send-email.perl @@ -16,7 +16,7 @@ # and second line is the subject of the message. # -use 5.008001; +require v5.26; use strict; use warnings $ENV{GIT_PERL_FATAL_WARNINGS} ? qw(FATAL all) : (); use Getopt::Long; diff --git a/git-svn.perl b/git-svn.perl index 01e7a70de1..9c7c629932 100755 --- a/git-svn.perl +++ b/git-svn.perl @@ -1,7 +1,7 @@ #!/usr/bin/perl # Copyright (C) 2006, Eric Wong # License: GPL v2 or later -use 5.008001; +require v5.26; use warnings $ENV{GIT_PERL_FATAL_WARNINGS} ? qw(FATAL all) : (); use strict; use vars qw/ $AUTHOR $VERSION diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index b09a8d0523..da1486cab2 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -7,7 +7,7 @@ # # This program is licensed under the GPLv2 -use 5.008001; +require v5.26; use strict; use warnings; # handle ACL in file access tests diff --git a/perl/Git.pm b/perl/Git.pm index 667152c6c6..6f47d653ab 100644 --- a/perl/Git.pm +++ b/perl/Git.pm @@ -7,7 +7,7 @@ Git - Perl interface to the Git version control system package Git; -use 5.008001; +require v5.26; use strict; use warnings $ENV{GIT_PERL_FATAL_WARNINGS} ? qw(FATAL all) : (); diff --git a/perl/Git/I18N.pm b/perl/Git/I18N.pm index 475e90a6df..ab46edb608 100644 --- a/perl/Git/I18N.pm +++ b/perl/Git/I18N.pm @@ -1,5 +1,5 @@ package Git::I18N; -use 5.008001; +require v5.26; use strict; use warnings $ENV{GIT_PERL_FATAL_WARNINGS} ? qw(FATAL all) : (); BEGIN { diff --git a/perl/Git/LoadCPAN.pm b/perl/Git/LoadCPAN.pm index 8c7fa805f9..61254fddbb 100644 --- a/perl/Git/LoadCPAN.pm +++ b/perl/Git/LoadCPAN.pm @@ -1,5 +1,5 @@ package Git::LoadCPAN; -use 5.008001; +require v5.26; use strict; use warnings $ENV{GIT_PERL_FATAL_WARNINGS} ? qw(FATAL all) : (); diff --git a/perl/Git/Packet.pm b/perl/Git/Packet.pm index d896e69523..00fd9c484a 100644 --- a/perl/Git/Packet.pm +++ b/perl/Git/Packet.pm @@ -1,5 +1,5 @@ package Git::Packet; -use 5.008001; +require v5.26; use strict; use warnings $ENV{GIT_PERL_FATAL_WARNINGS} ? qw(FATAL all) : (); BEGIN { diff --git a/t/t0202/test.pl b/t/t0202/test.pl index 47d96a2a13..5085a0eda5 100755 --- a/t/t0202/test.pl +++ b/t/t0202/test.pl @@ -1,5 +1,5 @@ #!/usr/bin/perl -use 5.008001; +require v5.26; use lib (split(/:/, $ENV{GITPERLLIB})); use strict; use warnings; diff --git a/t/t5562/invoke-with-content-length.pl b/t/t5562/invoke-with-content-length.pl index 9babb9a375..211e29fade 100644 --- a/t/t5562/invoke-with-content-length.pl +++ b/t/t5562/invoke-with-content-length.pl @@ -1,4 +1,4 @@ -use 5.008001; +require v5.26; use strict; use warnings; diff --git a/t/t9700/test.pl b/t/t9700/test.pl index 2e1d50d4d1..58a9b328d5 100755 --- a/t/t9700/test.pl +++ b/t/t9700/test.pl @@ -1,7 +1,7 @@ #!/usr/bin/perl use lib (split(/:/, $ENV{GITPERLLIB})); -use 5.008001; +require v5.26; use warnings; use strict; diff --git a/t/test-terminal.perl b/t/test-terminal.perl index b8fd6a4f13..862bb8f395 100755 --- a/t/test-terminal.perl +++ b/t/test-terminal.perl @@ -1,5 +1,5 @@ #!/usr/bin/perl -use 5.008001; +require v5.26; use strict; use warnings; use IO::Pty; From 5f139a194f22b34eb49a891253271693989d6fdc Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Wed, 23 Oct 2024 00:46:00 +0000 Subject: [PATCH 12/12] gitweb: make use of s///r In Perl 5.14, released in May 2011, the r modifier was added to the s/// operator to allow it to return the modified string instead of modifying the string in place. This allows to write nicer, more succinct code in several cases, so let's do that here. Signed-off-by: brian m. carlson Signed-off-by: Taylor Blau --- gitweb/gitweb.perl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index da1486cab2..c4e0008d59 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -1188,7 +1188,7 @@ sub evaluate_and_validate_params { if ($search_use_regexp) { $search_regexp = $searchtext; if (!eval { qr/$search_regexp/; 1; }) { - (my $error = $@) =~ s/ at \S+ line \d+.*\n?//; + my $error = $@ =~ s/ at \S+ line \d+.*\n?//r; die_error(400, "Invalid search regexp '$search_regexp'", esc_html($error)); } @@ -2700,7 +2700,7 @@ sub git_cmd { # Try to avoid using this function wherever possible. sub quote_command { return join(' ', - map { my $a = $_; $a =~ s/(['!])/'\\$1'/g; "'$a'" } @_ ); + map { my $a = $_ =~ s/(['!])/'\\$1'/gr; "'$a'" } @_ ); } # get HEAD ref of given project as hash